Tomasz Wójciak
Tomasz Wójciak
Embedded Files
Cybersecurity Transformation Architect
Cybersecurity Transformation Architect
vCISO · Enterprise Security · IAM & Cloud Governance
vCISO · Enterprise Security · IAM & Cloud Governance
I help organizations modernize security, reduce complexity, and align cloud and identity architectures with business risk. With over 25 years in IT and cybersecurity across finance, manufacturing, public sector and critical infrastructure, I focus on clear operating models, pragmatic architecture, and risk decisions that executives can own.
I prefer leading transformations and advising security leaders rather than running day-to-day operations or firefighting. My work sits at the intersection of identity, cloud security, governance and risk – always anchored in realistic constraints and measurable outcomes.
What I do
What I do
Security Leadership (vCISO)
Security Leadership (vCISO)
• Security operating models and governance
• NIS2 / ISO 27001–aligned control structure
• Risk registers, KPIs and decision-ready reporting
• Interim / fractional support for CISOs and IT leadership
Enterprise Security Architecture
Enterprise Security Architecture
• Azure governance and Zero Trust design
• Hybrid AD / Entra ID identity architecture
• Network segmentation, encryption and backup security
• PAM frameworks using CyberArk and BeyondTrust and other.
Cyber Risk & IAM Governance
Cyber Risk & IAM Governance
• Risk assessments for cloud, IAM and infrastructure
• IAM and PAM strategy, tiering and JML controls
• M&A due diligence and integration playbooks
• Audit uplift (ISO 27001, NIST CSF, CIS Controls, GDPR)
Key Strengths
Key Strengths
• 25+ years across enterprise, public sector and critical infrastructure
• Strong focus on architecture, risk and operating models – not daily operations
• Deep identity expertise (AD, Entra ID, IAM, PAM, JML processes)
• Experience with low-maturity environments and complex legacy estates
• Ability to translate technical detail into clear, business-level risk decisions
• Calm, structured approach in incidents and transformations, with minimal politics
Selected Clients
Selected Clients
Microsoft · Ørsted · Barry Callebaut · Sysco · Electrolux · Ahold Delhaize · AML RightSource · Sanoma · Howden Group · GAIN Capital · Equiniti · UBS
Featured Projects
Featured Projects
Barry Callebaut – IAM & Privileged Access Modernization
Barry Callebaut – IAM & Privileged Access Modernization
• Designed a global PAM strategy built on CyberArk and Entra ID
• Introduced admin tiering and cloud-only privileged domain
• Defined JML, approval flows and operating procedures
• Mapped controls to ISO 27001 and NIS2 to support audits
Ørsted – OT Secure Remote Access Redesign
Ørsted – OT Secure Remote Access Redesign
• Assessed remote access and Citrix use across OT / ICS and SCADA
• Produced a 60-page configuration review with clear owners and actions
• Designed a Zero-Trust access model aligned with Purdue & IEC 62443
• Introduced MFA, RBAC, monitoring and PAM integration recommendations
Sysco & Sanoma – M&A Cybersecurity Governance
Sysco & Sanoma – M&A Cybersecurity Governance
• Performed cyber risk assessments for acquired companies
• Standardized network and identity documentation across entities
• Used Armis and vulnerability tooling to uncover unmanaged assets
• Delivered NIST-aligned playbooks for AD consolidation and onboarding
Ready to discuss your architecture, IAM or risk challenge?
Ready to discuss your architecture, IAM or risk challenge?
I’m available for contract roles, advisory projects and transformation leadership – with a focus on clear scope, realistic outcomes and minimal bureaucracy.
I’m available for contract roles, advisory projects and transformation leadership – with a focus on clear scope, realistic outcomes and minimal bureaucracy.
Page updated
Google Sites
Report abuse