Profile - IT operations and platform leadership in regulated environments

Marc Roy Bruun-Forrester

IT operations - platform engineering - regulated operations

IT operations, platform engineering and developer experience in regulated banking and payments environments.

Operate
Critical production environments with 24/7, SLA, incident and change discipline
Build
Platform engineering, SDLC tooling, automation and developer self-service
Govern
Auditability, vendor control, operational risk and regulated delivery
Lead
Specialists, leaders, reorgs and operating models that actually work
In brief

Profile

I lead IT operations, platform engineering and developer experience in regulated banking, fintech and payments environments. My strength is operations that have to be stable, auditable and fast enough to support development teams.

At Santander Consumer Bank Nordic, I am responsible for the Azure platform, SDLC tooling, developer experience and a standardised operating model across a large Nordic orgnisation. I directly manage leaders that are responsible for SDLC tooling and platform/SRE, hold budget responsibility, and am responsible for SLA governance, Microsoft/Azure vendor management and monitoring of critical applications as part of the DORA work.

I have 10+ years of people management experience including hiring, performance management, difficult people cases, exits, management follow-up and larger reorganisations. One example is reorganising a broad IT Operations function into a more focused platform and SRE setup with a smaller platform team and three dedicated SREs rotating between development teams. I have had strong results in internal HR-run leadership evaluations over several years.

From Nets / Nexi / Dibs, I have experience with 24/7 operations of PCI-DSS and PCI-3DS payments infrastructure, including Sev1 incident response during payment gateway outages with coordination across engineering, MSPs, vendors and business stakeholders. I have also worked with audit evidence, SLA governance, incident/change governance, MTTR reduction and vendor transition without uncontrolled downtime.

Within platform engineering and automation, I have worked with IaC and configuration management in three environments: hands-on introduction of CFEngine at ITU, architecture and leadership responsibility for Ansible and Terraform at scale in Dibs / Nets, and today leadership and governance responsibility for Terraform in Santander. In Santander, the SDLC team owns developer experience and is establishing a shared developer platform. The work includes standardising development practices, self-service, shared pipelines and application portfolio management, where metadata from repositories and pipelines is used to create a unified view of applications, ownership, technology stack and compliance.

I also work with practical AI adoption in platform and operations teams, including shared AI Skills in the Platform team. And selective use of automation and AI-supported controls in both platform and SDLC work, mainly for vulnerability triage, review support and policy-gate pilots.

Core expertise

01

Regulated IT operations

Banking, fintech and payments with SLA, audit evidence, PCI-DSS, PCI-3DS, DORA, vendor management and 24/7 production responsibility.

02

Platform engineering

Developer experience, SDLC tooling, self-service, CI/CD templates, SAST/DAST/SCA and standards that development teams actually use.

03

Incident, change and SLO/SLA

Severity model, triage, runbooks, post-incident reviews, change governance and communication between technology, vendors and business stakeholders.

04

People management

10+ years of experience with hiring, performance management, exits, management follow-up, reorgs and development of specialists.

05

IaC and automation

CFEngine, Ansible and Terraform from hands-on implementation to architecture, governance and leadership through strong specialists.

06

Portfolio and governance

Application portfolio management, repository and pipeline metadata, central data collection and a unified view of the application landscape.

07

AI in platform operations

Practical use of AI in operations, developer platforms and governance - from shared working patterns in platform teams to pilots for AI-assisted vulnerability analysis and CI/CD policy gates.

Operating and platform model

01

SLO/SLA, incident and change

I work with severity models, clear roles, runbooks, post-incident reviews and change governance so critical incidents are handled quickly and lessons reduce recurrence.

02

Shared developer platform

The SDLC team owns developer experience and is establishing a shared developer platform with self-service, security templates, standardised development practices and shared pipelines.

03

Application portfolio management

I work with metadata on repositories and pipelines so data about applications, ownership, technology stack and compliance can be collected centrally and used in portfolio and compliance decisions.

04

Reorgs and leadership through change

I have led larger reorgs in operations environments, including a shift from one combined operations team to a platform and SRE structure. My leadership is based on clear mandate, involvement and concrete follow-up.

Experience

09/2022 - present
Santander Consumer Bank Nordic

Leader of Application Operations

Responsible for Azure platform, SDLC tooling, developer experience and a standardised operating model across the Nordic organisation. Direct manager for two leaders responsible for SDLC tooling and platform/SRE. Budget responsibility for large Nordic operating budget, with responsibility for SLA governance, prioritisation, platform governance and Azure/Microsoft vendor management.

  • The SDLC team owns developer experience and is establishing a shared developer platform with self-service, standardised development practices and shared pipelines.
  • Practical AI adoption in the platform team, including shared AI skills and AI applied in operational context, plus pilots for AI-assisted code and vulnerability analysis and CI/CD policy gates.
  • Application portfolio management based on metadata in repositories and pipelines, so data about applications, ownership, technology stack and compliance can be collected centrally.
  • Standardised self-service pipelines with templates for SAST, DAST and SCA.
  • Leadership and governance responsibility for IaC practices, where specialists own the technical depth and I ensure direction, prioritisation and adoption.
  • Consolidation of customer authentication from 4 solutions to 1 to reduce complexity, licence dependency and operational risk.
  • Co-responsible for monitoring of critical applications as part of DORA work.
-30%
Azure costs
Reduced over 12 months through commitments, rightsizing and standardisation.
-1 day
Time-to-production
Per deployment by removing friction and increasing self-service.
approx. 1 FTE
Freed capacity
Across development teams via deployment and security templates.
4 to 1
Authentication solutions
Consolidated to reduce complexity and licence dependency.
05/2017 - 08/2022
Nets / Nexi / Dibs

IT Operations Manager

Responsible for 24/7 operations of PCI-DSS payment gateway and PCI-3DS for Nordic markets. Direct leadership of 10 SREs, budget responsibility and responsibility for MSPs, external vendors, SLA governance, incident/change governance and audit evidence.

  • Led Sev1 incident response during payment gateway outages with coordination across engineering, MSPs, vendors and business stakeholders.
  • Operation of critical payments infrastructure with 99.95% SLA, runbooks, on-call setup, escalation paths and post-incident follow-up.
  • Incident and change governance in an environment with high audit and compliance load.
  • Ansible and Terraform at scale; role as architecture and leadership sparring partner for specialists and the SRE team.
  • Vendor consolidation and transition completed without uncontrolled downtime.
99.99%
Uptime
On critical payments infrastructure against a 99.95% SLA.
-30%
MTTR
On customer-facing incidents through standardised operations and runbooks.
>50%
Fewer false-positive alerts
Reduced on-call load and improved alert quality.
2 months -> 2 weeks
Audit time
Annual PCI-DSS and PCI-3DS audits shortened through automated evidence.
05/2013 - 05/2017
IT University of Copenhagen

DevOps Section Leader

Led development and operations teams responsible for university IT infrastructure, platform modernisation and establishment of DevOps ways of working. Introduced CFEngine and worked hands-on with configuration management, automation and standardisation of operations processes.

  • Introduced CFEngine as part of a more standardised and automated operating model.
  • Established closer collaboration between development and operations around release, incident and change.
2,500
Users migrated
Students and employees migrated to Office 365.
09/2008 - 05/2013
IT University of Copenhagen

Team Lead and System Administrator

Led a system administration team responsible for infrastructure and support services. Hands-on role across operations, automation, support improvements and team leadership.

-40%
Incident resolution time
Through standardisation and automation.

Education and courses

  • 2022SAFe Practitioner Certification
  • 2020High-Performance Team
  • 2017Strategic Leadership, SmartLearning
  • 2016Organizational Psychology, SmartLearning
  • 2016Lean Management in Practice, SmartLearning
  • 2015Applying Professional Scrum
  • 2015Introduction to Kanban
  • 2000-02Computer Science studies, University of Copenhagen