Summary
Overview
Work History
Education
Skills
Timeline
Generic

Rohan Pandya

Identity & Access Management Architect
Manjari Greens Annexe, PUNE

Summary


Dedicated and Highly motivated leader and architect in information security & risk governance space . Overall close to 14 years of comprehensive exposure in designing scalable on prim & cloud based Identity & access governance modules. Broad exposure in building and migrating legacy and complex applications on IAM solutions and governing with concrete secure policies.



Overview

15
15
years of professional experience

Work History

Sr. IAM Architect

MSCI
08.2023 - Current
  • Leading the design and implementation of Customer Identity and Access Management (CIAM) and Internal Workforce IAM solutions
  • Leading the design of authentication workflows and identity management processes across hybrid environments, ensuring seamless access control for global users.
  • Designing and implementing complex federation processes, leveraging technologies like AAD, FIDC, Auth0, Okta, and ADFS to integrate cloud and on-premises systems.
  • Spearheading IAM programs from the IAM architectural side , ensuring alignment with security policies, best practices, and organizational goals.
  • Contributing to the creation and maintenance of internal IAM IT-risk standards, ensuring compliance with regulatory requirements and organizational security protocols.
  • Played a key role in assisting Microsoft to streamline and optimize their ADFS OAuth processes, improving identity security in enterprise environments.
  • Designed and implemented OAP (Authorization Framework) processes, ensuring granular, policy-based access control.
  • Actively involved in reviewing and improving security architectures for IAM designs to mitigate risks and enhance identity security across systems.

Sr.Technical Architect ( IAM Architect )

Allianz Technology
06.2022 - Current
  • Senior technical architect in CIAM, PIAM space within allianz technology
  • Contributed in designing OAuth/OIDC based authentication flow in ForgeRock Identity Cloud for customer oriented applications.
  • Responsible for designing and maintaining High-Level architecture model for CIAM, PIAM in central architecture community tool ADOIT.
  • Designed IAM component integration with Dynatrace,Azure Sentinel,Promethus,AWS S3 Storage, AWS S3 Galcier technology set.
  • Designed 1FA,2FA and SSO based authentication journeys in Azure AD B2C,OKTA and ForgeRock Identity Cloud for external customers.
  • design e2e and federate identity providers with multiple directories like VDS, LDAP, RadiantOne FID, Ping Directory, ForgeRock directory services.
  • Leveraging VDS as user store for external identities and managed identities for service to service integration.
  • Steering architectural discussions for CIAM in Internal architectural community.
  • Lead architect in designing the entire architecture of CIAM (Customer IAM) and PIAM (Partner IAM) with respective User Flows.
  • Designed SAML IDP federation flow between Azure AD & ForgeRock Identity Cloud.
  • Steering architectural discussion with OEs on Migration to ForgeRock identity Cloud from on-prim IDP Solution.
  • Designed FIDC Admin Account access management process integrating with Azure AD.
  • Helped Global AD team to design the custom Graph API Integration process with AD portal.
  • Designed the long-term storage option in AWS S3 Glacier for FIDC log retention process.

Sr. IAM Architect

Principal Group Services
12.2020 - 06.2022


  • IAM architect in enterprise architect community in PFG Architecture decision group and reports directly CISO for IAM deliverables.
  • Designed scalable authentication journeys in OKTA & ForgeRock Identity cloud in asia pacific regions and helped OE to design the migration process from OKTA to ForgeRock.
  • Lead architect of comprehensive SCIM/REST based API factory for migrating the legacy/Desktop based applications in Sailpoint IdentityNow.
  • Involved as architect in migration project of OIM 11g to Sailpoint IdentityNow in principal financial group.
  • Designed realtime aggregation of identities from CIAM trusted source Oracle HCM(Trusted HR source) to ForgeRock Identity Cloud.
  • Identity provider integration with multiple VDS and directory services like RadiantOne, ForgeRock and Ping Identity Directory Services.
  • Helped principal group to achieve the target of 50 Investment banking application migration in 2021.
  • Involved as architect with Sailpoint Group to design the AI & ML based capability in certification process for principal financial group.
  • Design federation between between external idp user store and VDS.


  • Contributed in designing high-level inbound federation flow between Sailpoint IdentityNow & OKTA AM to devise the integration between workforce and CIAM architecture within CIAM landscape.
  • Developed custom end-points for JIT provisioning between customer applications and CIAM framework.
  • Drafted digital account security policies for CIAM and workforce deintity framework.
  • Designed the best implementation practice & standards to secure the microservices in OAuth server.
  • Developed the zero trust aligned secure design factory to migrate the south east asia payment API applications to OKTA.
  • Conducted the major business and architecture review with business partner for IAM program.
  • Lead entire effort for IAM tools program maturity exercise with Big 4 partner.
  • Created the service factory plan for Principal ISR with MDD and SOAM model for rapid and fault free deliveries across business.
  • Lead multiple architect forums with business heads and application owners to decide the best suitable product for migration and channelize the asks to in house development team.
  • Designer and architect for in house ISR Dashboard tool.
  • Lead solution architect for IAM portfolio in principal.
  • Architect the migrating strategy for key financial application to OKTA AM.
  • Strengthen relationship with vendor partners and stakeholders from various BU's.
  • Aligned IAM Program with GRC/ARA framework to implement zero trust delivery model.
  • Designed profound data validation model for internal auditor to compare data between OKTA and integrated application.
  • Designed service factory model for rapid and faultless deliveries.
  • Migrated day1 access to birthright policy to reduce manual intervention.
  • Involved in automation of manual IAM fulfillment processes by migrating them with Camunda BPM Processes.
  • Conducted security interviews with multiple vendor stakeholders to understand risk and implement timely mitigation exercise.
  • Designed framework create automated alerts for phishing emails awareness.
  • Developed team of high potential engineers in PGS and Principal HO.
  • Designed framework to Integrate ForgeRock OpenAM tenants with Global Azure Tenants.

Assistant Vice President / Sr. IAM Architect

Barclays Bank
06.2013 - 12.2020
  • Lead IAM and Data Protection portfolios as direct counterpart of Barclays UK.
  • Developed and architect end to end feed reconciliation model.
  • Played key role as architect for house Phoenix IDAM tool.
  • Created and designed independent connector factory for in house IAM product.
  • Engaged with stakeholders and lead diverse forums to automate disconnected application lifecycle and onboard them in phoenix.
  • Hosted risk governance forums to educate the key stakeholders regarding the secure strategy implementation.
  • Core Architect and developed of Open IAM model for Identity Life Cycle management process.
  • Developed real time provisioning and reconciliation model for Oracle identity management,Sail point IDM,Forge rock IAM.
  • Developed complete solution for self request panel for in house identity and access management tool using R Shiny.
  • Migration of all the business workflows from OIM to Camunda/Forge rock IAM.
  • Designed real-time data reconciliation model using Kafka/Spark ETL.
  • Designed and developed controls for data layer monitoring.
  • Migration of all the existing OIM Rest api to Open IAM APIs.
  • Developed proactive phishing email monitoring system using exchange API integration with R/Python.
  • Developed and designed real time threat monitoring system.
  • Developed and architect of automated incident ticket process for provisioning failures with Service Now API integration.
  • Developed and designed web portal for provisioning process for third party applications.
  • Developed business flows using JBPM,Camunda integration.

Sr. IAM Developer

Tata Consultancy Services
12.2011 - 06.2013
  • Life Cycle Management project automation for GE/SABIC.
  • Designed and architect of Data Reconciliation model using Spark,Flink,Kafka Repository and advance ELK tools for Real time data visualization.
  • Developed Real time provisioning/reconciliation failures analysis project.
  • Developed SABIC feed optimization project using Kafka/Flink.
  • IAM Real time search index capability project using R/Python.
  • Architect of Incident Management Automation project with Service Now API.
  • Architect of Real time threat analysis report for SABIC/GE Client.
  • Developer and architect of Predictive Solution deployment and development in R for GE trending.

IAM Developer

Tech Democracy
02.2011 - 11.2011
  • Full Stack identity and access management development.
  • Identity life cycle development with OIM products.
  • Building provisioning and reconciliation connectors for various third party applications.
  • Building REST layers for databases on Node.JS functionality.
  • Requirement gathering and architect access management solutions.
  • Developed Live Reporting capability with integration IAM Solutions.
  • Developed Secure Data Tunnel Framework for Sony corporation using Java and various security data tools and libraries available in Java Secure libraries.
  • Java developer for Web Application Development for Bank of America Data Framework.
  • Senior developer for Data Auditing Tools Development for Bank of America.
  • Developed Rapid data consumption tool development for Bank of America Client.

IAM Developer

Servum Infotec
01.2010 - 02.2011
  • Live feed consumption matrix in R Shiny for Global Health Care domain In R.
  • Development of Medical portal.
  • Development of Open Source Identity and Access management framework for small medical stores.
  • Development of Trend Analysis report for Health Care domain.

Education

PG Diploma - Cyber Law, PUNE Information Technology

Asian Law School

Computational Science

Saurashtra University
Rajkot, GJ

Skills

ForgeRock Identity Cloud,Sailpint IdentityNow, OAuth20,Secure API Design,OIM,OKTA,BPM,Sailpoint IDN,Forgerock OPEN AM

Security Architecture, IAM Solution Architecture,IAM Product Based Architecture

Java,Python,R,Scala,Node JS,Anguler Framwork

Service-Oriented Architecture, Business Process Architecture

RadiantOne, VDS, ForgeRock Directory Services, Ping Directory,Azure AD, Auth0

Timeline

Sr. IAM Architect

MSCI
08.2023 - Current

Sr.Technical Architect ( IAM Architect )

Allianz Technology
06.2022 - Current

Sr. IAM Architect

Principal Group Services
12.2020 - 06.2022

Assistant Vice President / Sr. IAM Architect

Barclays Bank
06.2013 - 12.2020

Sr. IAM Developer

Tata Consultancy Services
12.2011 - 06.2013

IAM Developer

Tech Democracy
02.2011 - 11.2011

IAM Developer

Servum Infotec
01.2010 - 02.2011

PG Diploma - Cyber Law, PUNE Information Technology

Asian Law School

Computational Science

Saurashtra University

Similar Profiles

CREATE PROFILE
Rohan PandyaIdentity & Access Management Architect