Context and problem

At a company in the finance and information-retrieval sector, the production platform was growing fast, and both regulation and customer trust demanded a clear level of security and data protection. The need was for both infrastructure hardening (network, access control, monitoring) and the technical implementation of GDPR — not just a stack of documents, but repeatable controls in code and processes.

What was done

I led the security and compliance program as the technical lead. I implemented hardening of the network architecture, protection methods, policies, and automation. Alongside this I led the GDPR implementation: regulatory requirements were translated into technical solutions — data subjects' rights, an audit trail, governance processes, and data protection mechanisms for the platform.

I was responsible for keeping law and technology aligned: what is required, how it shows up in the infrastructure, and how it is maintained continuously. Delivery January–November 2018.

Key technologies: AWS CloudFormation, IaC, Linux, DevOps, Python, security, GDPR.

Outcome

The platform's security and data protection level was strengthened measurably: the controls were repeatable, monitorable, and part of the normal release pipeline. The solution showed that in a growing SaaS environment, compliance can be built as a technical program rather than a separate audit project.

← Back to assignments