Daniel Gartmann

• Managed diverse stakeholders across a complex, multi-party environment to deliver new car insurance products for the AXA–Lloyds Banking Group partnership securely, on time, and under aggressive deadlines.

• Served as a key liaison between AXA's security functions and engineering teams across multiple programmes, proactively fostering collaboration and providing subject matter expertise to accelerate security processes through effective coordination of risk assessments, pentest scoping, CI/CD security tooling configuration, and vulnerability management.

• Provided security architecture and engineering advisory to engineering teams by threat modelling new features, ensuring all systems were secure by design and compliant with AXA's security requirements.

• Proactively collaborated with the Internal Security Assessor and AXA programme teams to ensure new payment channels achieved PCI DSS SAQ-A compliance, implementing all required processes, documentation, and controls on schedule.

Technologies: Checkmarx (SCA, SAST)

◦ Qualys (DAST)

◦ Jscrambler

◦ Azure

◦ React.js

◦ ASP.NET MVC

• Developed a comprehensive security strategy for a large-scale data platform, aligning security objectives with business goals while emphasizing cost efficiency and risk management to support informed risk-taking.

• Led the creation of a library of reusable, secure-by-design modules with integrated governance-as code, enabling service teams to autonomously build and deliver secure data products at scale.

• Drove the adoption of DevSecOps practices, empowering service teams to take ownership of security through initiatives such as automated CI/CD security scanning and lightweight threat modelling integrated into the SDLC.

• Conducted gap analyses across multiple layers of the technology stack to identify control deficiencies, missing security capabilities, and process improvements.

• Owned and prioritized the security roadmap, including remediation efforts and the development of new security capabilities, in alignment with business priorities as part of quarterly planning cycles.

• Developed business cases to secure funding for security initiatives.