Tanweer Alam

• Hold end-to-end technical ownership of all IAM products and platforms, driving strategy, architecture, implementation, and operational excellence.
• Lead the execution of the 5-Year IAM Roadmap, aligning with business transformation, security modernization, and regulatory compliance.
• Drive the enterprise’s passwordless journey, successfully deploying Windows Hello for Business to improve user experience while enhancing security posture.
• Led the implementation of Microsoft Defender for Identity (MDI) for proactive identity threat detection and response across hybrid environments.
• Initiated and managed Microsoft Defender for Cloud Apps (MDCA) Proof of Concept (POC) to improve cloud app visibility, security, and threat protection.
• Successfully implemented Microsoft Identity Protection, enabling risk-based conditional access, and continuous protection for user identities.
• Rolled out Microsoft Privileged Identity Management (PIM) across all Azure native and custom roles, ensuring just-in-time privileged access, and reducing standing privileges.
• Redesigned Conditional Access Policies, adopting a baseline security model tailored to different user personas, balancing security enforcement with an optimized user experience.
• Spearheading the creation of a 'Factory Model' for application onboarding into the IGA platform (Saviynt), accelerating, and standardizing the migration of access governance from ServiceNow to Saviynt.
• Overseeing IGA platform optimization and infrastructure readiness, including performance enhancement, scalability improvements, and upgrades to the latest version, ensuring future-proof governance capabilities.
• Collaborate with cybersecurity, enterprise architecture, cloud, and application teams to integrate IAM capabilities with broader security and digital transformation programs.
• Lead vendor management, capability assessments, and continuous improvement of IAM products to support Zero Trust, and compliance frameworks.
• Initiated collaboration with the consumer business vertical to assess and improve IAM posture, ensuring alignment with enterprise security goals.
• Working with Operational Technology (OT) teams to understand IAM requirements for OT environments, and proposing self-sustainable IAM solutions that can function independently when IT IAM systems are unavailable.

• Driving enterprise IAM transformation with a focus on Zero Trust security, governance maturity, cloud-first identity solutions, and data-driven risk management by extending the IAM roadmap from three to five years.
• Managed vendor relationships, RFP/RFI processes, and product evaluations, ensuring alignment with business needs and security frameworks.
• Enhanced the IAM governance operating model, improving SLA tracking, operational KPIs, compliance, and service quality.
• Proposed the Identity Governance and Administration (IGA) strategy for Diageo, building a strong business case focused on improving compliance, operational efficiency, and risk reduction.
• Led the effort to secure executive approval for the IGA business case, aligning with cybersecurity goals, audit requirements, and digital transformation initiatives.
• Implemented Phase 1 of IGA using Saviynt, which included Platform readiness and migration of the Joiner-Mover-Leaver (JML) process from ServiceNow (SNOW) and the MS Automation tool (Scotch) to Saviynt, significantly improving lifecycle automation and governance controls.
• Onboarded 20+ crown jewel applications to the IGA platform as part of the 2nd phase, enhancing visibility, access certification, and role-based controls for critical systems.
• Partnered with stakeholders across cybersecurity, enterprise architecture, HR, and application teams to design scalable workflows, compliance processes, and user access policies within the IGA platform.
• Established a foundation for future IGA phases, including role mining, access reviews, risk-based access controls, and policy-driven governance.
• Proposed and led the migration of the Identity Provider (IDP) from Okta to Microsoft Entra, aligning with the 3-year IAM roadmap, which prioritized the passwordless journey, Zero Trust adoption, and native security capabilities.
• Built a strong business case highlighting cost optimization, leveraging the existing Microsoft P2 licenses, improved scalability, and native integration with the Microsoft ecosystem, where a majority of enterprise applications were hosted.
• Factored in the long-term strategic goal of enhancing security posture with Microsoft’s native security capabilities, including Conditional Access, Identity Protection, Defender for Identity, and multifactor authentication (MFA) features.
• Advocated for the migration as a foundational step toward the passwordless journey, utilizing Windows Hello for Business, FIDO2, and Azure AD Passkeys as part of the broader identity modernization strategy.
• Secured executive approval for the migration business case, collaborating with stakeholders from cybersecurity, enterprise architecture, finance, and IT operations.
• Led the partner evaluation and onboarding process for the migration project, ensuring alignment with technical, operational, and delivery goals.
• Successfully migrated 800+ applications and 70,000+ users from Okta to Microsoft Entra IDP, ensuring seamless continuity of services, minimal disruption, and improved user experience.
• Delivered enhanced security outcomes by enabling native SSO, conditional access, eliminating third-party dependencies, and reducing operational costs.
• Collaborated with cybersecurity, application owners, and infrastructure teams to ensure thorough testing, risk mitigation, and a phased rollout approach.
• Established post-migration governance, monitoring, and support models to maintain stability, and continuously improve the identity platform.

• Transitioned to IAM Manager, leading vendor management, contract negotiation, and service governance for IAM operations.
• Led RFI, RFQ, and RFP processes for strategic vendor selection, including the outsourcing of BAU IAM services to a managed services partner.
• Managed partner transitions, SLAs, governance models, and service quality to ensure seamless and secure IAM operations.
• Continued to provide leadership in IAM strategy execution, risk management, and operational excellence, aligned with the 3-year roadmap.
• Acted as the primary liaison between technical stakeholders, vendors, and executive leadership for IAM initiatives.

• Owned the IAM product vision, roadmap, and backlog, aligning them with business goals, cybersecurity requirements, and regulatory compliance.
• Led the transition and modernization of IAM services to support evolving business needs, cloud adoption, and Zero Trust security models.
• Work closely with stakeholders, including cybersecurity, IT, risk, compliance, application owners, and business units, to gather and refine requirements.
• Act as the voice of stakeholders to ensure IAM solutions address both security and user experience needs.
• Collaborate with engineering teams to deliver IAM solutions, including SSO, MFA, PAM, and directory services (AD, Azure AD, Okta).
• Participate in Agile ceremonies (sprint planning, backlog grooming, reviews, and retrospectives) to ensure the smooth execution of IAM deliverables.
• Define and enforce identity governance processes, including role-based access (RBAC), policy enforcement, JML (Joiner, Mover, Leaver) processes, and audit readiness.
• Ensure IAM products comply with internal policies and external regulations, like ISO 27001, SOX, GDPR, NIST, and APRA.
• Partner with cybersecurity teams to implement controls for least privilege, identity lifecycle management, and privileged access management (PAM).
• Continuously assess and manage risks related to identity systems, and propose mitigations.
• Monitor IAM product performance, SLAs, and user satisfaction.
• Drive improvements in automation, self-service capabilities, access workflows, and operational efficiency.
• Oversee incident and problem management related to IAM tools and services.

Key Achievements

• Redesigned Active Directory, consolidating servers from 200 to 50, improving scalability, and reducing costs.
• Led RFI, RFQ, and RFP processes for PAM solution selection and end-to-end implementation of CyberArk PAM, enhancing privileged account security across more than 2,000 servers.
• Managed the successful Active Directory upgrade (2003 → 2016), improving security and operational stability.
• Enabled enterprise-wide identity modernization by integrating over 700 applications into Okta SSO.

• Led the transition of Identity and Access Management (IAM) services for Active Directory and Azure AD from vendor-managed to fully in-house operations.
• Built and led a new IAM team to manage both BAU operations and strategic projects.
• Provided technical leadership and SME expertise in managing complex, large-scale IAM environments across on-premises and cloud (Azure AD, Okta) platforms.
• Defined and implemented process improvements, RBAC policies, governance models, and security controls for identity services.
• Architected and designed Active Directory backup, disaster recovery (DR) plans, and global resilience strategies.
• Strengthened IAM monitoring and alerting frameworks, enabling proactive issue detection and resolution.
• Developed and maintained comprehensive technical documentation, operational runbooks, and process guides.
• Acted as a trusted advisor to stakeholders, driving IAM strategy, process optimization, and team capability growth.

• Designed and managed resilient Active Directory infrastructure for thousands of users, ensuring high availability and secure delegation models.
• Led enterprise-wide implementations of DNS and DHCP, focusing on zone management and secure dynamic updates.
• Defined role-based access control and attribute-based access control frameworks, integrating with Active Directory and privileged access management systems.
• Delivered GPO-based server hardening, enforcing baseline security standards and restricting admin privileges.
• Directed vulnerability management programs, enhancing patch compliance and overall security posture.
• Architected CyberArk solutions for credential vaulting, session recording, and automated credential rotation.
• Ensured compliance with ISO 27001, APRA, NIST, and SOX through collaboration with security teams.
• Provided strategic guidance on Active Directory replication and inter-forest trust relationships during mergers and acquisitions.

• Executed advanced technical support for the Symantec Altiris Client Management Suite.
• Identified and resolved complex issues related to software distribution, patch management, and OS deployment.
• Customized workflows for customers utilizing Altiris Workflow Solution and Notification Server policies.
• Partnered with engineering teams to address product defects and optimize feature requests.
• Produced root cause analysis reports alongside technical documentation for customer escalations.
• Advised customers on industry best practices for endpoint lifecycle management and compliance reporting.
• Engaged in developing knowledge bases while mentoring junior staff in technical support.

• Directed global infrastructure operations managing over 1200 Windows servers for a vast user base.
• Administered essential services including Active Directory, DHCP, and Symantec Endpoint Protection.
• Led implementation and management of 120+ Domain Controllers across diverse domains.
• Utilized advanced tools to troubleshoot AD replication issues; executed disaster recovery strategies.
• Implemented global patch management practices to enhance security compliance across systems.
• Managed LANDesk functions including package development and asset tracking mechanisms.
• Automated bulk administrative tasks through PowerShell scripting for efficiency gains.
• Authored comprehensive documentation for operational processes aligned with ITIL frameworks.

• Enhanced technical support for 1,100 users on Windows platform through effective issue resolution.
• Managed Active Directory operations including user access and policy management.
• Conducted DNS, DHCP, and server management tasks to ensure high system availability.
• Set up office environment for 1,500 users during Reliance BPO project execution.
• Resolved queries related to MS Outlook, Avaya, and CMS to maintain operational efficiency.

• Configured and maintained network switches, firewalls, including Allied Telesyn and HP ProCurve series.
• Monitored network performance, identified issues, and implemented effective solutions.
• Configured PRTG and MRTG for comprehensive network monitoring across various hubs.
• Conducted fault diagnosis of devices and resolved breakdowns efficiently.
• Guided field engineers in troubleshooting processes while supporting end-users as needed.