Tomasz Wójciak

Enterprise Security Architect

Security Transformation | IAM, Cloud & Risk

I help organizations reduce security complexity and turn fragmented IAM, cloud, risk, and security operating models into structured, auditable, and operationally sustainable capabilities.

With 25+ years in IT and cybersecurity across finance, manufacturing, public sector, food industry, consulting, and critical infrastructure, I focus on architecture, identity, governance, risk, and transformation that can be implemented and operated.

My work sits at the intersection of enterprise security architecture, IAM/PAM, cloud security governance, cyber risk, and executive decision support.

About Me

Download CVs

Contact

What I do

Enterprise Security Architecture & Transformation

• Target architectures, transition roadmaps and security operating models

• Azure, hybrid identity, Zero Trust and secure access governance

• Decision papers, standards, ownership models and implementation guidance

• Architecture that aligns with business risk and regulatory expectations

IAM, PAM & Hybrid Identity

• Active Directory, Microsoft Entra ID, Okta, SailPoint and Saviynt

• Entra PIM, Access Packages, Conditional Access and break-glass

• CyberArk, BeyondTrust, AD Tiering and privileged access lifecycle

• JML, access reviews, identity governance and support model design

Cyber Risk, Cloud & Governance

• ISO 27001, NIST CSF, CIS Controls, NIS2, DORA, SOC2 and GDPR alignment

• Risk assessments for IAM, cloud, infrastructure, M&A and third parties

• Audit readiness, control mapping, remediation plans and evidence packs

• Vulnerability governance, resilience and executive reporting

Key Strengths

• 25+ years across enterprise, public sector, finance, manufacturing and critical infrastructure

• Strong focus on enterprise architecture, IAM/PAM, cyber risk and operating models

• Deep identity expertise across AD, Entra ID, PAM, IGA, JML and hybrid access

• Ability to reduce ambiguity, clarify ownership and structure complex security change

• Technical depth combined with business communication and executive-ready documentation

• Calm, structured delivery in complex stakeholder environments

Selected Clients

Microsoft · Barry Callebaut · AML RightSource · Sysco · Sanoma · Ørsted · Electrolux · Ahold Delhaize · Howden Group · GAIN Capital · Equiniti · UBS

My Services

Featured Projects

Barry Callebaut – IAM, PAM & Azure Governance

• Structured privileged access governance across Entra ID, Azure, AD, Okta, CyberArk and ServiceNow

• Authored Azure privileged access model with Entra PIM, Access Packages, break-glass and Conditional Access

• Clarified Azure management-plane vs AD data-plane boundaries

• Supported ISO 27001/NIS2 alignment, documentation, ownership and audit evidence

AML RightSource – Cloud & IAM Transformation

• Designed Azure privileged access strategy, PIM, break-glass and passwordless patterns

• Defined AD Tiering, PAM policies, BitLocker/LAPS playbooks and Azure governance standards

• Supported Sentinel-aligned monitoring and NIST/ISO control mapping

Sysco & Sanoma – M&A Cybersecurity Governance

• Supported cybersecurity integration for acquired companies

• Standardized network and identity documentation across entities

• Created Armis discovery and integration playbooks

• Aligned AD consolidation, vulnerability management and baselines with NIST CSF

View all projects

Ready to discuss your architecture, IAM or risk challenge?

I’m available for contract roles, advisory projects and transformation leadership with clear scope, realistic outcomes and practical delivery.

Contact

Page updated

Google Sites

Report abuse