Project involving delivering a system to provide Electronic Patient Records to Switzerland (Central and East Regions).

A major component of this System is establishing an Identity Provider which reaches high assurance levels for Authentication and Identity Assurance, the goal is to achieve NIST AAL3 and IAL3.

Securitalis Ltd

Head of Architecture (Infrastructure and Security)

Software Factory AG (

Jul 2019 - Present 

The Security CTO- Global Head of Security Architecture


Sep 2017 - Mar 2019 

Creating 3 to 5 year target state security architectures and strategies in Identity and Access Management, Cyber Security and Data Protection.

The Enterprise Architecture process was an annual process that saw the creation of Architecture Strategies across UBS for each architecture domain.

Risk framework used was based on COBIT Enterprise Architecture process followed TOGAF, and Security Controls and Policies were based on NIST.

Project Achievements:

  • Creation of the mobile biometric authentication strategy, utilising BYO mobile devices as a strong credential for 2FA access to platforms and applications. Making use of the mobile advanced geolocation capabilities for Location-Aware Access Control (LAAC), a regulatory requirement for certain jurisdictional data.
  • Delivery of Security Enterprise Architecture target states and strategies.

Projects & Previous Experience

Security CTO for Identity Management Architect


Feb 2011 - Aug 2017

Projects involved:

  • The creation of architecture strategies for Identity and Access Management for a new unified Active Directory Platform based on Windows 7, consolidating multiple Active Directory forests into a single unified forest.
  • The creation of the group-wide authentication strategy, including platform and application authentication, for web-access management as well as API-based applications.

Principle Identity Management Architect


Jun 2004 - Jan 2011

Design of solution architecture for Identity and Access Management at UBS Investment Bank.

Projects included:

Coming up with the architecture to consolidate multiple Identity and Access Management Systems into a single consolidated system. Went through a comprehensive RFI/RFP processes with major Identity and Access Management systems.

Coming up with an architecture to bring disperate web signle-sign-on systems together throughfederated authentication technology.

Senior IdM Designer


Apr 2002 - Jun 2004

Tech Designer developer of SSO systems in UBS Investment Bank.

Solutions architect implementing highly resilient Single-Sign-On infrastructure for the Investment Bank.

Projects involving:

Designing and implementing an authentication mechanism for API-based applications, this was before the introduction of the WS* protocol standards. As it transpires, the protocol we developed was very close in nature to the modern OAuth2 protocols, but based on SOAP web-services.

Securitalis Ltd