Summary
Work History
Skills
Previous Experience
Hobbies and Interests
Accreditations
Languages
Certification
Interests
Accomplishments
Timeline
SeniorSoftwareEngineer
Shyam Jain

Shyam Jain

Cyber Security Architect
London

Summary

With over 25 years of experience and Multi-skilled cybersecurity and Active Directory/Azure architect with expertise in hybrid and multi-cloud environments. Demonstrated success in security assurance, GRC, and SAP security, with a focus on IAM and PAM solution development. Experienced in leading complex projects to ensure compliance with security standards and managing secure infrastructures. Proficient in agile methodologies and ITIL practices, holding a valid security clearance (SC) until October 2028, lapsed in August 2025.

Work History

Home automation project/Engineer/Consultant

Personal Project
10.2025 - 01.2026
  • Personal project. Upgrading existing C-BUS Home automation to the latest version of SpaceLogic C-Bus Application Controller (AC2) system. This involved integration multitude of end devices i.e. curtains/blinds, lighting, projector using Lua language for scripting to automate endpoints. To further integrate HomeAssistant software to bridge SpaceLogic AC2 to allow voice control. Avoiding Cloud and to secure using local network only for privacy and security and to improve performance using Matter over Thread using the Thread Border router devices.

Cyber Delivery Assurance Lead

British Airways
06.2025 - 07.2025
  • I report into Head of Cyber & IT Risk and working closely with BA Technical Delivery teams and the wider IAG Cyber Security office. I am part of the Cyber Security team providing Cyber Security architecture assurance.
  • Work with Solution architects on Product delivery providing guidance on Cyber Security policies and standards.
  • Embedding Secure by Design with cyber controls aligned to risk.
  • Working on the HR migration project to Oracle HCM with partners and solution architects and stakeholders.
  • British Airways is a global airline and the largest airline in the UK; it is part of the International Airlines Group (IAG).

Technical Security Architect/Assurance

BSI
08.2021 - 08.2024
  • I am part of the consulting practice of Cyber Security and Information Resilience (CSIR) as Lead Security Architect progressing from Senior Security Architect and Azure Security architect for their UK Government client in the Enterprise Security Architecture function, part of the chief digital information office (CDIO) on the development of the Zero Trust Security model and Information assurance.
  • Working for a major UK government department to promote risk-based security architecture direction and is classified as Critical National Infrastructure (CNI) operator due to managing national tax systems and digital services.
  • Part of the Enterprise Security Architecture team providing security architecture and assurance aligning to NIST, NCSC, ISO 27001, SOC 2, CIS controls, Zero Trust, UK government Secure by Design security frameworks and Compliance and standards.
  • Worked on £500.000.000 major SAP ERP programme. Part of the UK Government Cabinet Office directive to deliver the Shared Service Strategy for Government called The Unity Cluster. To introduce and deliver by a shared service consisting of three cross government departments by adopting a converged approach.
  • Participated in the commercial bidding to tender stage and providing security review for the invitation to tender process.
  • Providing technical security assurance by overseeing and collaborating with PMO and Enterprise architects spanning across all major cyber security domains working within NCSC Zero trust architecture design principles hosted on AWS cloud.
  • Responsible for technical security assurance for shared services SAP ERP - commercial tendering, Sovereign Cloud, BTP, SuccessFactors, S4 Hana, Concur, OpenText, ServiceNow, Networking - Palo Alto Cortex, Azure AD integrations for multiple Government depts.
  • Worked on multiple projects - discovery of the AS-IS on-prem and multi cloud environment - AD, Azure Entra ID, AWS, SSO.
  • Reviewing various documentation/patterns EG Identity, PAM, Azure Relay, AVD. Backup. Databricks Lakehouse. Defender suite, SCCM/ Intune.
  • Following the Azure Well Architected Framework as technical guidance.
  • Provide security consultancy and solution architecture to multiple business units on architecture documentation.
  • ServiceNow – worked closely with solution architects to provide security assurance for ITOM for CMDB discovery of IT infrastructure with MID servers. Using connectors to integrate Entra ID, ServiceNow and PAM solution, Collaborating with SAP to use ITSM to integrate SAP SuccessFactors, part of the Unity Cluster HR integration project. Creating ServiceNow groups and external accounts.
  • Part of POC - evaluated PAM capabilities with CyberArk, BeyondTrust, Thycotic/Delinea as part of working towards Zero Trust model using a single identity and use elevated privileges.
  • Discovery work undertaken for integration of ServiceNow, Azure Entra ID and on-prem.
  • Worked on the Azure Virtual Desktop (AVD) project - advisory and consulting on security.
  • Provide Information assurance and security consultancy to business customer groups to gain architecture governance approval.
  • Collaborating with cross functional teams, senior business, and technical partners to deliver risk based technical security guidance and oversight in the design and architecture of systems and applications ensuring governance approval.
  • Supporting the Lead Enterprise Security Architect in driving and delivering Enterprise-wide security technology change.
  • Assist in the Security governance in reviewing and assuring artifacts and sign-off approvals.
  • Provide security signoffs/approvals for new product/services introduced into the HMRC government estate.
  • Participating on the Identity pillar part of the introduction of the Zero Trust security model.
  • Review Identity policy for use of single identity and Privilege Access Management (PAM).
  • Collaborating with Enterprise Architects, Modern day Workplace Services architects, Networks and Solution architects, senior project stakeholders to understand their projects and scope of works to provide security consultancy.
  • British Standards Institute (BSI) a global management consultancy working in over thirty countries.
  • Security Cleared to 2028

Head of Security

TRAYDSTREAM
07.2019 - 01.2020
  • As Head of Security, I reported to the CTO.
  • Management of global team consisting of fifteen engineers.
  • Program management of projects using Microsoft Project.
  • Ownership of Security covering cloud Infrastructure, Information security, access controls, risk management and PMO.
  • Product development life cycle – CI/CD pipeline using Bitbucket, Jenkins and Jira.
  • Collaborating with heads of Architecture, Devops, Operations, Networks and Testing to review and develop security of applications and cloud infrastructure.
  • Senior stakeholder management and influencing up to C-Suite.
  • Consult with the business side to understand workflow of the Traydstream product.
  • Worked towards client requirements from Business Requirements Documentation (BRD) and providing solution design doc.
  • Worked closely with head of networks to design connectivity with London and India using Cisco Meraki SD-WAN.
  • Respond to 3rd party RFI’s/RFP’s security assessments from bank customers and corporates.
  • Assess POC vulnerability scanning tools – AppCheck, Tenable (Nessus) and Rapid7 and project manage remediation of vulnerabilities.
  • Assessing and providing security technical recommendations on cloud based service offerings leading to the strategy and design of IAM security doc.
  • Manage IT risk using InfoSaaS and managed security audits from partners and 3rd parties.
  • Own and oversee various projects using MS project notably Blockchain, vulnerability vendor POC and remediation, Production readiness and network connectivity.
  • Provide security on cloud infrastructure using Kubernetes and Docker containers.
  • Responsible for stakeholder relationships to establish project expectations, priorities and coordinate and report on project progress.
  • Work closely with Innovate UK and completed quarterly review for Blockchain funding.
  • Project Manager for the Blockchain innovation project using Hyperledger fabric and IPFS.
  • Responsible for recruitment of permanent and contract resource into projects and take final candidate interviews.
  • Purchasing management of Infrastructure hardware.
  • Managing global teams consisting of USA, India and Dubai teams.
  • Review and update O365 access controls.
  • Review and update IAM information Security policies.
  • Traydstream a Fintech company allows banks and corporates to automate the scrutiny of trade finance documentation combining machine learning and Artificial Intelligence (AI) to create intelligent pattern recognition product.

Configuration Engineer

XMA
11.2018 - 04.2019
  • Working in the configuration Team to deliver custom configured Servers to government and customers.
  • Configuring and securing Windows Servers.
  • Building Servers from core components and imaging using SCCM.
  • Hardware and software problem solving.
  • Providing hardened security for various builds using Active directory group policy.
  • Analysing server problems and taking corrective actions.
  • XMA and Viglen have merged to delivers IT solutions to Government and the corporate sector.
  • Security Cleared

Researcher

Blockchain Research
06.2017 - 10.2017
  • Research into Blockchain technology.
  • Gained particularly good understanding of Ethereum smart contracts and Bitcoin crypto currency.
  • Researched into cryptography and how blocks are linked.
  • Knowledge and understanding of Miners.

PAM Security Consultant

ABB Group
01.2017 - 06.2017
  • Assessed and approved admin account access, Service accounts non expiring passwords approval process.
  • Discover business owners and application owners, generic user accounts, assign RBAC groups and recertification.
  • Provided PAM documentation.
  • Working on a PAM project for one of the largest engineering companies in the world based in Zurich, Switzerland.

Security Consultant

Tesco PLC
01.2016 - 07.2016
  • To meet business requirements - Meet with Identity Management (IdM) security vendors - proof of concept (POC) for the IAM Joiners, Movers, Leavers (JML) solution. Lifecycle events from onboarding to leavers, Scoping, Entitlement Catalog, Recertification, active directory, RBAC, separation of duties, etc.
  • Part of POC - evaluated with Sailpoint vendor - Sailpoint IdentityIQ features and connectors, Analytics, best practice, RSA Via Lifecycle and Governance and Courian.
  • Environment 500,000 users and over 20,000 Windows servers in multi forest and domains.
  • IAM Preparation - to work with EMEA and India Teams for discovery and requirements gathering to establish and allocate technical owners to systems and application owners.
  • Discovery of Active directory objects for privileged users, Service accounts, security groups using PowerShell and ADAudit Plus tools.
  • Establish process to allocate owners to active directory security groups, service and generic accounts analysis and remediation work in preparation to accept the IAM tool.
  • Access Management - Using Role Based Access Control (RBAC) and governance based model.
  • Risk Analysis to conduct gap analysis to identify vulnerabilities in AD for the IAM tool.
  • Working for the 3rd largest retailer in the world for the global windows Active directory and Security architecture team on the Identity and Access Management (IAM) project.

Windows Server/ IAM Security SME

Deutsche Bank
12.2014 - 07.2015
  • This project involves defining privileged access controls as part of the Privileged Access Management (PAM) transition project and the wider ISO 27001 & 2 regulatory compliance for a complex financial services environment of the outsourcing contract with Hewlett Packard.
  • To meet business objectives, I worked with the global Wintel workstream to define security access controls for the segregation project.
  • To understand the AS -IS Privileged Access Management (PAM) and to develop Future mode of Operation (FMO) for retained and transferring privileged users.
  • I gained a deep understanding of the existing PAM solution by collaboration with stakeholders to understand the integration between Active directory, ServiceNow and dB WITH brokered trusted host to carve out the separation of duties for toxic combinations.
  • Developed Role Based Access Controls (RBAC) - authentication and authorization.
  • As part of the ISO 27001 - To perform gap analysis to identify risks across end to end business processes to understand the system impacts was required to further adopt a just in time (JIT) minimum rights access.
  • To understand the rapidly changing business environment with the outsourcing deal with Hewlett Packard this involved collaborating with global stakeholders to meet tight deadlines.
  • To document the segregation access control of circa 10,000 Wintel servers.
  • To meet ISO 27001 regulatory compliance – Worked with TAM part of CISO to understand and comply with the CISO security principles.
  • Reviewed and provided recommendations ensuring that all work conducted in full compliance with regulations and internal audit.
  • Gained knowledge of PCI DSS standards.
  • Significant exposure to senior management and stakeholders – able to articulate opinion and identify impactful issues early in discovery stage and provide clear feedback.
  • Started in the AS-IS workstream on the Wintel platform dealing with technical changes required for the transition of servers by creating sixty test cases for assigned infrastructure management tools to ensure successful transition and operational processes.
  • To establish and write high level test cases by consulting with DB wintel global team Leads.
  • Taking initiative to develop detailed step by step documentation for the testers on the Wintel workstream and same template used for the SAN, backup, and Unix workstreams.
  • Resolving all defects resulting from testing.
  • Working in a heavily focused ITIL environment.
  • Communicating and managing stakeholder expectations.
  • To understand the dependencies on other work streams UNIX, SANS, Backups.
  • Working for Business management consultancy Tori Global onsite at Deutsche Bank on the Global Nucleus transition and transformation project.

Windows Server Consultant

Hewlett Packard
05.2014 - 10.2014
  • I am part of the Enterprise group that provides enterprise technologies to their clients. Working on the WP360 project part of the DT21 framework where I am part of the CTO to improve the Windows Server 2008 R2 estate.
  • Responsible to the chief technologist and the chief architect.
  • Systems administration of Windows server 2008 R2 active directory environment.
  • Design DNS migration plan from the legacy environment.
  • Provide technical support with Windows Servers and network DNS tracing issues.
  • Develop a strategy document for performance testing of the environment.
  • Write test plans to capture performance timings on the network.
  • Used Windows Assessment and Deployment Kit (ADK), Perfmon, Wireshark, Sysinternal.
  • Oversee projects technically alongside the Project Managers.
  • Worked on and provided consultancy on the HP Helion hybrid Cloud and remotely administered infrastructure.
  • Hewlett Packard is a global managed service provider.
  • Basic Disclosure Scotland

Skills

  • Cyber security Assurance
  • Governance, Risk and compliance management
  • Cybersecurity architecture
  • Business interfacing
  • Active Directory Architect
  • Azure security Architect
  • IAM, PAM, SSO
  • Global team leadership
  • Vendor management
  • Security frameworks (ISO 27001, PCI DSS, NIST, NCSC, GDPR)
  • Zero trust security model
  • UK government secure by design
  • Azure well-architected framework
  • SAP Assurance
  • Technical oversight and IAM design
  • Hybrid cloud solutions
  • Authentication and RBAC strategies
  • Azure PIM implementation
  • Identity and access management (IAM)
  • Proof of concept development (POC)
  • Privileged access management (PAM)
  • Cloud architecture (Azure AD, regions, VNets)
  • Security controls and policies
  • Microsoft Defender suite utilization
  • Vulnerability scanning tools (Tenable, AppCheck)
  • Risk and gap analysis documentation skills
  • Solution design documentation
  • Modern authentication protocols (SAML, OAuth)
  • PKI certificate authority management
  • Cloud architecture (Azure AD, regions, VNets)
  • Security controls and policies
  • Microsoft Defender suite utilization
  • Risk and gap analysis documentation skills
  • Solution design documentation
  • PKI certificate authority management

Previous Experience

  • 2012-01-01, 2014-02-28, IoT Internet of Things, Computer intelligent Home automation Project.
  • 2011-03-01, 2011-09-30, Atos, Windows Server Security Consultant.
  • 2009-11-01, 2010-11-30, Windows Server Consultancy, Windows Server Consultant.
  • 2009-06-01, 2009-09-30, Bank of England, Windows Server Engineer.
  • 2008-08-01, 2008-09-30, Serco - Home Office, Data Center Engineer.
  • 2006-10-01, 2008-08-31, Fujitsu Services - MOD, Virtualisation and Systems Integration Engineer.
  • 2000-12-01, 2006-08-31, London Borough of Barnet, Senior Wintel Infrastructure Officer.
  • 1998-03-01, 2000-10-31, Viglen Computers PLC, Senior Technical Support Analyst.
  • 1997-08-01, 2000-03-31, BT PLC, BT Multimedia Internet Technical Support.

Hobbies and Interests

  • I have a keen interest in all aspects of Cyber Security, Azure cloud computing and enjoy keeping my computer network up to date.
  • I also have an enthusiastic interest in politics and the financial markets.
  • keeping fit by jogging.

Accreditations

  • Microsoft Certified Systems Engineer
  • Microsoft Azure various training
  • CISSP course completed
  • Okta direct - Okta Hands on training
  • CA direct– CA PAM training

Languages

Hindi
Intermediate
B1

Certification

  • MCSE
  • CISSP course completed
  • Microsoft Virtual training courses

Interests

  • I have a keen interest in all aspects of security, Azure cloud computing and enjoy keeping my computer network up to date
  • I have an enthusiastic interest in politics and the financial markets
  • keeping fit by jogging

Accomplishments

  • Recognised by management for technical knowledge on projects delivered and detailed Security Assurance to become a recognised trusted advisor.

Timeline

Home automation project/Engineer/Consultant

Personal Project
10.2025 - 01.2026

Cyber Delivery Assurance Lead

British Airways
06.2025 - 07.2025

Technical Security Architect/Assurance

BSI
08.2021 - 08.2024

Head of Security

TRAYDSTREAM
07.2019 - 01.2020

Configuration Engineer

XMA
11.2018 - 04.2019

Researcher

Blockchain Research
06.2017 - 10.2017

PAM Security Consultant

ABB Group
01.2017 - 06.2017

Security Consultant

Tesco PLC
01.2016 - 07.2016

Windows Server/ IAM Security SME

Deutsche Bank
12.2014 - 07.2015

Windows Server Consultant

Hewlett Packard
05.2014 - 10.2014

Similar Profiles

CREATE PROFILE
Shyam JainCyber Security Architect