Stefan Bosnjakovic

Originally coming from IT-Sec one hand and business process engineering as an expert-in-the-field for UNIDO, I now work as a consultant/architect for IAM&GRC solutions.

The emphasis of my professional activity during the last fifteen plus years was on IAM (Identity and Access Management) and GRC (Governance, Risk and Compliance) projects, driven by the clients’ needs to comply with regulatory demands and close audit findings, complemented by related project activities incl. SoD (Segregation of Duties) methodology development, RE (Requirement Engineering), RM (role modelling and design of standardised access- and role-models), onboarding and full integration of complex business application suits into the corporate IAM-frameworks, WM (workflow- and associated process modelling) and BPAM (business process analysis and modelling), applying relevant security norms (ISO27000, Cobit, MaRisk, IT-Grundschutz, etc.) and regulatory requirements (EU (GDPR), ECB, SOx, MAS, FFIEC, BaFin (BAIT, VAIT, KAIT), BuBa, FinMA, BoE, etc.).

In addition to pure IAG issues I am also working on general IT-security related aspects like HPAM (High Privilege Access Management), SSO (Single-Sign On), MFA/Passwordless Technologies, CM (Cloud Migration), Firewall and VPN/SD-WAN to complete an IAG framework.