01
Audit-driven Remediation
Internal audit or the regulator has flagged material weaknesses. You have a list of findings and a deadline — but no clear path. I will analyse, prioritise, design the remediation plan and oversee delivery.
Peter Pfeifer · Independent Advisor
in the European Union
European UnionEuropean Union
I help large organisations design, reform and run their Identity Security domain — not as a product implementer, but as an independent architect and program advisor who understands the regulatory environment as well as the technical reality.
§ 01 — What I do
Most security-related programs are not born from positive motivation. They are born from a crisis — an audit, regulatory pressure, an incident, or the failure of a previous project. Below are the situations in which clients typically come to me.
01
Internal audit or the regulator has flagged material weaknesses. You have a list of findings and a deadline — but no clear path. I will analyse, prioritise, design the remediation plan and oversee delivery.
02
Your IGA platform runs, but governance does not. I will deliver a structured gap report with prioritised findings, a risk map and a costed roadmap. 3–6 weeks to a board-ready output.
03
Everyone pulls in a different direction. I will design a vendor-neutral target state architecture grounded in your business requirements and the regulatory context — one that holds up before the board and the auditor.
04
Choosing between IGA vendors based on demos and decks. I will prepare the RFP, scoring criteria, PoC oversight and a build vs. buy analysis. No partner agreements, no placement fees.
05
NIS2, DORA, ECB requirements are clear in demand, unclear in detail. I will translate them into concrete IAM implementation steps, framed to hold up before the regulator — not just the IT team.
06
Your IGA transformation needs a senior leader, not another project manager. I will take on the program lead role on a retainer basis. Faster and cheaper than a hire.
§ 02 — Who I work with
My engagement model is calibrated for regulated, large, identity-mature organisations. Below is a quick filter — if you are outside it, I am most likely not the right partner.
§ 03 — Why me
Six structural reasons. None of them is a marketing claim — they describe how my practice is set up and what that means for the work.
01
I have never worked for a vendor or a systems integrator. I have no reason to recommend a particular product — I will recommend what genuinely solves your situation.
02
Most consultants are one or the other. Architects design elegant target states but cannot run a program. Program managers deliver projects but lack architectural depth. I combine both.
03
I have built and operated an IGA program for 50,000+ identities across 5 countries. I know where commercial products fall short and where the hidden costs sit.
04
NIS2, DORA, ECB, FMA, ČNB, NBS — I have worked in this environment for 10 years. I frame solutions so they hold up before the regulator, not just before the IT team.
05
I speak with executive management and with technical experts alike. Cross-organisational buy-in matters as much as technical correctness.
06
No partner agreements with vendors. No placement fees. My only interest is the outcome for the client.
§ 04 — Reference experience
Over the past three decades, I have led and delivered foundational programs at the largest banking institutions in Central and Eastern Europe. The summaries below are anonymised — full references available on request.
Block 01
Designed the consolidation of the IGA domain at the largest banking group in Central and Eastern Europe. Defined the target architecture, drove the transformation program. Successfully rolled out IGA platforms in 3 banks of the group; currently operating across 5 banks. Built and led the cross-functional agile team responsible for in-house IGA platform development.
Block 02
Established Enterprise Architecture as a core capability at Slovakia's largest bank. Introduced the EA framework, defined the target architecture, applied EA across all key transformation initiatives. Founded the enterprise architects' community in Slovakia.
Block 03
Following the core banking migration, was part of the team that defined and rolled out IT Operational Excellence at Slovakia's largest bank — operating processes for incident prevention and resolution, plus crisis communication patterns.
Block 04
Took over a complex core banking replacement program in its most critical phase as crisis manager. Successfully delivered performance management and tuning across the entire application portfolio — core and surrounding legacy systems.
§ 05 — Contact
Whether you are facing a concrete Identity Security challenge or you simply want to compare notes, feel free to reach out. The easiest way is a short email — I read all of them personally and reply.