IAM Enterprise Security Leader with Zero Trust Focus

Tanja C. Ussat

Identity and Access Management Engineer

Contact

***** ******* ******

Livonia, MI. 48154

313-***-****

*******@*****.***

Websites

www.linkedin.com/in/tanja-ussat-87816315

Senior IT Security Professional with over 20+ years of experience across development, infrastructure, and security, designing and implementing enterprise solutions. Heavy experience with IAM architecture for hybrid cloud environments (AWS, Azure, GCP). Proven expertise leading IAM programs spanning Identity Governance & Administration (IGA), Privileged Access Management (PAM), and Access Management, including SSO, MFA, and Zero Trust models. Extensive background integrating IAM solutions with cloud and on-premises applications, automating provisioning workflows, PowerShell and Python programming, and enforcing RBAC and least-privilege controls to reduce risk. Recognized as a trusted technical advisor who partners with security, DevOps, and leadership to strengthen corporate security posture with regulatory requirements and enterprise goals.

Education

Madonna University

Livonia, MI

BS in Psychology

5/1995

Skills

Identity Governance

Identity Management

IAM Tools (BeyondTrust, PING, OKTA, Sentinel)

Identity Protocols (OIDC, OAuth, SAML)

Privileged Access Management

Zero Trust Network Access

Access Control (RBAC)

Identity Governance Administration

Cybersecurity Compliance

Security Audits

Risk Assessments

Regulatory Compliance

Policy Development

Auditing

Cloud Platforms (AWS, Azure, GCP, Cloudflare)

Programming Languages (C+, Python, PowerShell)

System Administration

Network Administration

SDLC

Systems Integration

Network Monitoring

Operating Systems (Unix, Windows, etc...)

Cross-platform Integration

Data Analysis

Business Process Improvement

Agile Project Management Methodology

Session Management

Network Monitoring (Splunk, Logging)

Experience

Donnelly Financial Solutions – Senior Identity and Access Management Engineer

Chicago, IL

10/2022 – 10/2025

Led the implementation of an enterprise Privileged Access Management solution.

Led the project identifying all NHI accounts, reducing unused accounts and creating secret vaults to hold credentials for identified owners.

Utilized Splunk tool to create reporting for abnormal behaviors and possible misconfigurations.

Led session management project, integrating server endpoints. This included making firewall changes needed to allow access for the management tool.

Partnered in enhancing the IGA platform to advance identity provisioning capabilities and integration with additional applications streamlining dataflows.

Collaborated with IT teams to define and tune RBAC roles and SoD controls.

Led development project to reduce inactive user accounts.

Collaborated with IT teams acting as security advisor for new and updated application features.

Mentored junior engineers and interns directing them on assignments and providing guidance.

Developed training materials and conducted session on using new technology or software applications.

Automated privileged account auditing by creating PowerShell scripts to both pull accounts and compare them to existing account tracking database.

Collaborated with stake holders to define business requirements for new software applications.

Conducted research on emerging technologies and industry trends, providing recommendations to upper management.

Performed root cause analysis on complex issues encountered during development projects.

Collaborated with IT teams to institute Zero Trust Network Access by incorporating MFA, SSO and Just in Time Access using Entra ID.

Handled security related incidents escalated through ticketing system (ServiceNow) maintaining defined SLA.

Ford Motor Company – Senior Cloud IAM Engineer

Dearborn, MI

06/2012 – 08/2022

Automated identity lifecycle workflows for cloud accounts (B2B and B2C), cutting manual provisioning time by approximately 40% and reducing onboarding defects by 70%.

Developed PowerShell and C# automation to streamline operational processes, reducing manual effort and minimizing errors. Utilizing Terraform and GitHub for versioning and deploying code.

Utilized Postman to build and troubleshoot API’s.

Used Checkmarx (SAST and DAST Tool) to test C++ and JavaScript code prior to deployment.

Created policies governing password and life cycle for NHIs.

Developed reporting to track expiration of NHIs and secret key to minimize downtime of applications caused by teams not renewing needed credentials on a timely basis.

Played a key role in the enterprise Microsoft Azure rollout, standardizing interfaces and enforcing global governance to strengthen consistency, security and compliance.

Implemented CA policies across Azure environment.

Created project specifications and documented processes in technical manuals for consistency and knowledge sharing

Implemented SAML authentication to the corporate WSL instance.

Mentored junior engineers and college interns guiding them in their assigned projects and tasks.

Implemented OAuth to authenticate with applications incorporating TTL to the JWT tokens.

Collaborated to convert AD identities to Azure AD to assist in building a least privileged access model

MSX International @ Ford Motor Company – Web Security Engineer

Dearborn, MI

05/2010 – 06/2012

Analyzed system risk to identify and implement appropriate security measures.

Assessed IT policies for regulatory compliance, minimizing security risks and strengthening governance.

Conducted risk assessments to maintain SOC 2 and ISO 27001 compliance.

Performed system maintenance, handling security verifications of systems and processes to ensure operational integrity.

Handled reported incidents related to access and security events escalated through Ford’s ticketing system.

Flagstar Bank – Multiple Positions

Security Application Developer /Analyst

Security Analyst

Network Security Specialist

Troy, MI

04/2000 – 06/2009

Supported and maintained existing systems and applications to ensure operational reliability.

Collaborated with Network Admins to deploy Sentinel and fine tune alerts to properly assess risks using the DAD triad (Disclosure, Alteration, and Denial/Destruction).

Facilitated migration of legacy systems to modern application frameworks and architectures.

Documented application processes and workflows.

Designed/modernized the user interface elements, navigation control to improve the user experience when requesting access.

Implemented and maintained IAM solution reducing manual account provisioning.

References

Available upon request.

Contact this candidate