Vasyl Ivanovsky

Cloud Security Architect | AI Security & Governance | IAM & Zero Trust

London Area, United Kingdom

About

Senior Cloud Security Architect with 20+ years of enterprise experience in the Microsoft ecosystem. I specialise in architecting, implementing, and securing Azure, Microsoft 365, and hybrid infrastructures across regulated and FCA-compliant environments. Proven track record supporting major organisational change through cloud transformations and M&A integrations — aligning identity, platforms, and security into unified operating models while maintaining business continuity. My core focus areas are Cloud Security Architecture, Hybrid Identity Governance (Entra ID / Azure AD), GenAI Security, and AI Governance Frameworks. Previously led a global Azure and M365 integration following multi-region acquisitions, consolidating tenants into a well-governed ecosystem — including designing secure foundations for Microsoft Copilot deployments and establishing AI risk frameworks aligned to NIST AI RMF. Most recently at Harrods Ltd, one of the world’s most recognised luxury retail brands, delivering architect-level cloud security work across a complex post-breach enterprise environment. Scope included Azure security architecture, cloud governance, infrastructure discovery, security posture assessment, and Active Directory Forest and Entra Recovery solutions evaluation — establishing the foundational architectural baseline and security strategy for the organisation’s cloud roadmap. Driven by reducing operational risk, delivering resilient platforms, and building secure cloud foundations that enable long-term enterprise growth.

Experience

  • Enterprise Services Principal Administrator (Cloud) at Harrods
    Apr 2026 - Jun 2026 · 3 mos

    Senior cloud security and architecture role within the Enterprise Services function at Harrods Ltd, one of the world’s most recognised luxury retail brands. Scope of work: — Azure estate discovery and current-state architecture documentation across a large enterprise subscription estate — Cloud security posture assessment across identity, endpoint, data protection, and threat detection — Azure RBAC audit and policy compliance assessment — SharePoint Online estate analysis with remediation strategy and cost-optimisation modelling — Semperis ADFR, DRET and DSP proof-of-value evaluation for Active Directory Forest Recovery — Future-state roadmap covering Azure IaaS modernisation, security uplift, and identity hardening — Cost-optimisation analysis across the subscription estate — Stakeholder engagement and knowledge sharing across Architecture, Infosec, Networks, DevOps, and SMO Produced a substantive Azure cloud security knowledge base for the organisation, establishing a foundational architecture baseline and security strategy to inform future cloud investment decisions.

  • Senior Cloud Security Consultant - M&A at Acrisure
    Feb 2026 - Apr 2026 · 3 mos

    • Engaged to conduct a comprehensive Azure security and FinOps review following UK M&A acquisitions, assessing the consolidated cloud estate for security posture, cost governance, and architectural risk. • Performed end-to-end Azure estate assessment across merged tenants, identifying security gaps, misconfigured controls, and overpermissioned identities inherited through acquisition. • Delivered Zero Trust architecture recommendations covering Entra ID, Conditional Access, Defender, and network segmentation across the integrated estate. • Produced executive-level findings report and remediation roadmap, presented to senior stakeholders and technical leadership. • Assessed Azure FinOps maturity — reviewed cost governance, tagging strategy, and resource optimisation opportunities across the consolidated environment. • Provided M&A security integration guidance aligned to insurance sector regulatory requirements and risk frameworks.

  • Cloud Security Architect at Corporate Travel Management (CTM) UK
    Apr 2022 - Mar 2026 · 4 yrs

    GenAI Security Architecture: Designed and governed the secure data ingestion layers and RAG (Retrieval-Augmented Generation) architecture for enterprise Microsoft Copilot deployments, mitigating prompt injection risks. AI Governance & Compliance: Established enterprise-wide AI risk mitigation frameworks aligned with the NIST AI RMF, ensuring safe, compliant adoption of Large Language Models (LLMs) across multi-region environments. Zero Trust Network Access: Defined and implemented an enterprise Zero Trust network access model using Zscaler (ZIA/ZPA), securing hybrid user access and application connectivity across the global estate. Security Hardening: Enforced CIS-aligned hardening baselines, systematically remediating critical security vulnerabilities across cloud and on-premises environments. Identity & M365 Consolidation: Owned a complex cross-tenant Microsoft 365 integration for 1,200+ users, successfully eliminating duplicate identities while maintaining 99.9% mail continuity. Cloud Migration: Led the migration of 400+ workloads to Azure, reducing operating costs by 25% and decommissioning 60% of legacy on-premises hardware. Cost Optimization: FinOps lead for Azure cost governance and tagging strategy, achieving comprehensive resource tracking and a 18% reduction in monthly cloud spend. Global Alignment: Engaged C-suite and global stakeholders across the US, UK, EMEA, and AU to drive alignment on compliance, cost optimization, and modern platform adoption outcomes.

  • Senior Azure Security Consultant – M365 & Identity at NHS Digital
    Jul 2021 - Apr 2022 · 10 mos

    Architected and engineered secure, high-availability hybrid Azure and on-premises platform architectures within a highly regulated public-sector health environment. Focused on hardening identity boundaries and ensuring absolute compliance with strict government security mandates. Identity Architecture & Zero Trust Posture • Hybrid Identity Governance: Owned the enterprise hybrid identity platform (Entra ID / Azure AD + Active Directory), ensuring seamless synchronization, federation, and absolute identity integrity across a massive multi-site estate. • Zero Trust & Conditional Access: Contributed to the strategic design and implementation of Conditional Access policies and advanced identity protection controls, significantly strengthening the organization’s Zero Trust security posture. • Access Control Enforcement: Managed Active Directory infrastructure, governing GPO structures, domain health, and strict access control enforcement to mitigate lateral movement risks. Security Hardening, Compliance & Governance • Public-Sector Compliance: Implemented and enforced rigorous security hardening controls and CIS benchmarks aligned directly with public-sector compliance frameworks and strict healthcare data regulations. • Change Governance: Operated within a highly structured governance model (CAB, audit, and regulatory compliance), ensuring all architectural modifications met stringent security and continuity requirements. • Architectural Documentation: Authored comprehensive High-Level Design (HLD) and Low-Level Design (LLD) documentation alongside operational handover artifacts to ensure permanent audit readiness and platform continuity. Cloud Infrastructure Security • Secure Azure Operations: Governed Azure IaaS operations, secure networking integration, VM lifecycles, and platform resilience to guarantee high-availability compute, storage, and network resource configurations.

  • Senior Infrastructure Security Consultant at Close Brothers Commercial Finance
    Jan 2020 - Jun 2021 · 1 yr 6 mos

    Delivered secure Microsoft 365 and hybrid identity platform integrations within a highly regulated banking environment. Operated as a senior technical authority to maintain absolute infrastructure resilience, data control integrity, and strict financial services compliance during complex enterprise transformation initiatives. Financial Services Governance & Compliance • Bank-Grade Hardening: Maintained a rigorous security and compliance posture, operating under strict financial services governance, internal risk frameworks, and external regulatory controls. • Audit Readiness: Produced comprehensive, audit-ready technical documentation and technical control evidence to seamlessly support internal and external financial sector audits. • Risk-Assessed Governance: Operated within strict ITIL-driven Change Advisory Board (CAB) processes, ensuring all infrastructure modifications were fully risk-assessed, documented, and compliant. • Cross-Functional Teams: Collaborated closely with dedicated corporate security, core infrastructure, and compliance teams to preserve control integrity across the estate during high-impact transformation activities. Hybrid Identity Architecture & Zero Trust • Enterprise Identity Governance: Owned the enterprise hybrid identity platform. • Access Control Enforcement: Administered Active Directory and GPO governance. • Hybrid Workspace Security: Managed and optimized the Microsoft 365 and Exchange Online hybrid ecosystem, ensuring secure mail flow topologies, data loss prevention, and uncompromised service continuity. Cloud Strategy • Migration Architecture: Contributed directly to the enterprise cloud transition strategy, assessing legacy Windows Server workloads and defining the security and engineering approaches for migration to Azure IaaS. • Lifecycle Optimization: Led infrastructure upgrade planning, systematically aligning legacy on-premises financial systems with target cloud security baselines and modern architectural requirements.