The emphasis of Stefan's professional activity during the last fifteen plus years was on IAM (Identity and Access Management) and GRC (Governance, Risk and Compliance) projects, driven by the clients’ needs to comply with regulatory demands and close audit findings, complemented by related project activities incl. SoD (Segregation of Duties) methodology development, RE (Requirement Engineering), RM (role modelling and design of standardised access- and role-models), onboarding and full integration of complex business application suits into the corporate IAM-frameworks, WM (workflowand associated process modelling) and BPAM (business process analysis and modelling), applying relevant security norms (ISO27000, Cobit, MaRisk, ITGrundschutz, etc.) and regulatory requirements (EU (GDPR), ECB, SOx, MAS, FFIEC, BaFin (BAIT, VAIT, KAIT), BuBa, FinMA, BoE, etc.).
In addition to pure IAG issues, Stefan is also working on general IT-security related aspects like HPAM (High Privilege Access Management), SSO (Single-Sign On), MFA/Passwordless Technologies, CM (Cloud Migration), Firewall and VPN/SD-WAN to complete an IAG framework.
Rounded-up by communication, coordination and setting up train-the-trainer schemes with HR, relevant business and specialist departments.
