Client names are confidential. Outcomes are real. These engagements represent the breadth of our work across industries, frameworks, and program types.
A major Texas municipality with 6,000+ employees had grown its identity environment organically for over a decade — Active Directory sprawl, no formal PAM controls, access certifications conducted manually on spreadsheets, and zero visibility into privileged account activity. AAN Systems was engaged to design and govern a full IAM/PAM transformation program under CJIS compliance requirements.
The program spanned workforce IAM using Okta (SSO, MFA, lifecycle management, SCIM provisioning), Delinea PAM for privileged access vaulting and JIT access, Microsoft Entra ID for hybrid identity, and a formal access certification program built on RBAC and SoD enforcement. AAN served as the security program manager — coordinating across IT, legal, HR, and vendors — while also designing the governance framework that would sustain the program post-implementation.
A fast-growing SaaS platform serving enterprise financial services clients had received explicit requirements from two Fortune 500 customers to demonstrate ISO 27001 certification within 12 months or face contract non-renewal. The company had no formal ISMS, no documented risk management process, and no dedicated security personnel beyond a junior IT administrator.
AAN Systems conducted the initial gap assessment, designed the full ISMS framework aligned to ISO 27001:2022, authored the complete policy library (22 policies including Access Control, IRP, Data Classification, Change Management, Supplier Security, and Business Continuity), implemented the risk register and risk treatment plan, and managed the Stage 1 and Stage 2 certification audits. Certification was achieved 3 weeks ahead of the customer deadline with zero major non-conformities.
A major regional insurance carrier had deployed seven AI-driven tools across underwriting, claims processing, and fraud detection — with no formal governance structure, no AI risk register, no bias testing protocols, and no documented accountability for model outputs. Following internal audit findings and emerging state insurance regulatory pressure, the CISO engaged AAN Systems to design and implement a comprehensive AI governance program.
AAN delivered an AI Management System (AIMS) aligned to ISO 42001, mapped existing AI deployments to the NIST AI Risk Management Framework (Govern-Map-Measure-Manage), designed the AI risk register with impact assessments for each deployed model, established a bias and fairness review process, and authored the AI governance policy framework including an Acceptable Use Policy for generative AI, a Model Risk Management Policy, and an AI Incident Response procedure. The program also addressed EU AI Act readiness for the carrier's European reinsurance relationships.
A regional community bank with $2.8B in assets had been operating without a formal GRC program — risk was managed reactively through individual department processes, there was no integrated risk register, and the bank had received supervisory feedback from its OCC examination noting the absence of a documented control framework. The CISO needed to stand up a credible, auditable GRC program within 9 months ahead of the next regulatory examination.
AAN Systems designed the full GRC architecture aligned to NIST CSF and FFIEC guidelines — including the control framework, integrated risk register with quantified risk treatment plans, a vendor risk management (TPRM) program, and an executive risk dashboard for quarterly board reporting. AAN also authored the complete security policy library and designed the automated evidence collection process that reduced audit preparation time by over 50%. The subsequent OCC examination found no repeat findings.
AAN Systems delivered IAM program management across two major enterprise engagements — a large national telecom carrier modernizing its customer identity platform, and one of the largest public sector employers in India (a major railway organization) implementing Oracle Identity Manager for 300,000+ employee identities across multiple divisions.
Both engagements required coordinating large cross-functional delivery teams across IT, HR, legal, and vendor organizations — managing complex RBAC models, joiner-mover-leaver workflows, access certification programs, and integration with SAP HR systems and enterprise directories. AAN served as program manager and identity architecture advisor throughout both programs.
As practice lead at a North America cybersecurity consultancy, AAN Systems' principal consultant designed and launched a SOC-as-a-Service offering that was deployed across 10+ enterprise clients in financial services, healthcare, and manufacturing — converting one-time compliance engagements into recurring managed security contracts that doubled practice revenue in under two years.
Engagement deliverables included SIEM architecture and detection rule libraries, 24x7 SOC operational procedures, IR playbook frameworks, threat intelligence integration, and client reporting dashboards. AAN managed the full SOC design-to-operational lifecycle — from contract to fully operational in under six months for each client — and achieved zero client churn in the first 18 months of operation.
Every one of these engagements started with a 30-minute conversation. Schedule yours today.
