Open to opportunities

Asif Zia Butt

@asifziabutt

Message

Senior IAM & Cloud Security Engineer specializing in Zero Trust, IGA, and audit-ready cloud defenses.

Canada

Message

What I'm looking for

I’m looking to lead Zero Trust IAM and cloud security—building audit-ready access governance, PIM/IGA, and PKI, while partnering with business stakeholders and using automation and Sentinel/Defender for faster, safer outcomes.

I’m an SC-100 certified identity and cloud security engineer with over 10 years in enterprise IT and 5+ years running IAM operations across Active Directory, Entra ID, and hybrid environments. My day-to-day ownership spans IGA (joiner/mover/leaver, access reviews, RBAC), Conditional Access, PIM, and certificate lifecycle management through Key Vault and ADCS.

I build audit-ready IAM and cloud security programs with a SOC 2, ISO 27001, and PCI-DSS posture. As the IAM operations lead, I work directly with business stakeholders to translate access requirements into governance workflows, and I serve as the primary escalation point for identity incidents, access issues, and audit queries.

I’m hands-on with outcomes: I placed privileged roles behind PIM with just-in-time elevation and approval workflows, cutting the identity attack surface by roughly 40%. I also stood up Microsoft Sentinel from scratch (KQL analytics rules and SOAR playbooks), used PowerShell/Python automation to cut MTTR by about 60%, and mentored junior engineers with runbooks so Tier 1/2 incidents don’t stall.

Experience

Work history, roles, and key accomplishments

IAM & Cloud Security Lead

Rogers Communications Inc.

Feb 2022 - Apr 2026 (4 years 2 months)

Led IAM operations across a hybrid Azure environment for Rogers Retail IT, managing identity lifecycle on Active Directory and Entra ID for ~2,400 endpoints across 350 retail stores. Built Conditional Access and PIM for privileged roles, cutting the identity attack surface by ~40%, and reduced MTTR by ~60% via PowerShell/Python automation; stood up Microsoft Sentinel from scratch for KQL detection

Active Directory Entra ID Conditional Access RBAC Azure Key Vault ServiceNow ITSM SOAR Defender XDR

Senior Cloud Infrastructure Engineer

Pernod Ricard S.A.

May 2020 - Jan 2022 (1 year 8 months)

Operated Entra ID and hybrid identity for 500+ global users, managing Conditional Access, RBAC, group lifecycle, and SaaS federation while running joiner/mover/leaver provisioning for prompt access revocation. Delivered Tier 2/3 identity and endpoint support with 95% first-call resolution and automated identity provisioning and deployments, saving ~15 hours/week.

Entra ID Conditional Access RBAC PowerShell Python Azure Networking Federation

Senior Infrastructure Engineer

Rogers Communications Inc.

Jun 2015 - May 2020 (4 years 11 months)

Designed and managed Windows imaging and endpoint deployments for hundreds of retail stores using MDT, WDS, and Quest KACE, with Active Directory as the identity backbone. Built and operated Windows Server (2008/2012/2016) and VMware/Hyper-V environments on Cisco UCS, consolidated retail servers into the datacenter with VMware Converter, and rolled out CrowdStrike while improving change workflows

Windows Server Active Directory KACE Hyper V Cisco UCS VMware Converter Crowdstrike PowerShell ITIL

Wintel Administrator

Bell Canada

Apr 2012 - May 2015 (3 years 1 month)

Configured Hyper-V 2008/2012 clusters and designed multi-site Active Directory forest structures to support core identity infrastructure. Deployed Exchange 2010 for 5,000+ mailboxes and rolled out SCCM 2012/MDT for software deployment and imaging.

Hyper V Active Directory AD Forest Design SCCM Windows Server