Enterprise-Architect Level: Step-by-Step Execution (Unified coverage for the ABC Bank / Amit R → digital lending case study)

Below is a single, structured, interview-ready breakdown you can present to LTI Mindtree. It explains what you did as the Enterprise Architect, how you executed it, the artifacts you produced, the stakeholders you engaged, and the KPIs / acceptance criteria for each major responsibility you asked to cover.

1. Defined vision, roadmap & capability maps aligned with bank strategy

Objective: turn bank strategy (faster approvals, regulatory-first, profitable growth, excellent CX) into a prioritized, traceable EA roadmap and capability map for digital lending.

Step-by-step

1. Stakeholder alignment workshop — convene CIO, CRO, COO, Head of Retail Lending, Compliance, Security, Ops, and a builder (Prestige) representative to capture outcomes, constraints, and KPIs.

2. Current-state assessment (AS-IS) — systems inventory (Finacle/BaNCS, EJB monoliths, Oracle Forms, Proc*C jobs), data flows, integration points, manual steps, compliance gaps, operational SLAs.

3. Capability discovery & mapping — build a business capability map (Onboarding, Identity Governance, KYC/EDD, AML Monitoring, Credit Scoring, Decisioning, Document Mgmt, Disbursement, Servicing, Advisory). For each capability, map supporting services and applications.

4. Define target-state architecture (TO-BE) — API-first microservices, event backbone (Kafka), identity governance (SailPoint + Azure AD), RegTech integrations (Fenergo, Actimize), core banking connectivity (Finacle / BaNCS), GenAI Advisor.

5. Create prioritized roadmap — convert capabilities into release increments (minimum viable capability first: onboarding → KYC → credit → decisioning → disbursement → servicing). Include dependency, risk, and regulatory milestones.

6. Governance & acceptance — present maps and roadmap to Architecture Governance Board (EAB) for sign-off; baseline KPIs and success criteria.

Artifacts produced

• Capability Map (business → service → application)

• AS-IS / TO-BE diagrams

• Prioritized Roadmap (release/PI planning inputs)

• KPI matrix (mapped to each capability)

Stakeholders

• CIO (sponsor), CRO (accountable for compliance), Business Heads, EA Board, Vendor leads.

KPI / Acceptance

• Roadmap accepted by EAB; each capability has measurable KPI (e.g., Onboarding TAT, KYC automation %).

2. Drove legacy modernization blueprint

Objective: convert monoliths & procedural code to maintainable, scalable microservices without business disruption.

Step-by-step

1. Code & runtime discovery — automated scanning & dependency mapping of EJBs, PL/SQL, Proc*C, Oracle Forms to identify functional slices and data coupling.

2. Define migration patterns — for each slice choose Strangler, Replatform, Rehost, or Rebuild. Typical choices:

   • EJB modules → Spring Boot microservices (Strangler & refactor)

   • PL/SQL logic → outward-facing REST endpoints (refactor to Java w/ Spring Data)

   • Proc*C batch → Spring Batch / Kafka streams for evented processing

   • Oracle Forms → new Angular UI backed by modern APIs

3. Automation & accelerators — apply static analysis and code conversion accelerators (analysis tools/rewriting engines, code skeleton generators) to generate service scaffolding and reduce manual effort.

4. Incremental migration approach — create parallel interfaces (API façade) to keep legacy apps running while new microservices take traffic gradually.

5. Test & validate — unit tests, contract tests, data reconciliation, performance testing, and production-like staging cutover rehearsal.

6. Cutover & decommission — orchestrated cutover with rollback plans; decommission legacy components after verified reconciliation.

Artifacts produced

• Migration blueprint + module breakup

• Migration playbooks (test plans, reconciliation scripts)

• Automated code scaffolds & contract test suites

Stakeholders

• App Owners, Dev Leads, DBA, Test/QA, Ops, Vendor teams (Finacle/BaNCS integrators if impacted).

KPI / Acceptance

• Functional parity validated via reconciliation; zero data loss; progressive reduction in legacy footprint (count of modules retired).

3. Selected cloud-native target architecture (Azure)

Objective: design an Azure-native, secure, resilient, multi-region architecture that supports the lending journey and integrations (Finacle/BaNCS, Fenergo, Actimize).

Architecture decisions & steps

1. Platform baseline — AKS (Kubernetes) for microservices, Azure API Management for external/internal API gateway, Azure Service Bus or Kafka (Event Hubs) for async/event streaming, Azure SQL / CosmosDB for data persistence as appropriate, Azure Key Vault for secrets, Azure Front Door for global ingress.

2. Networking & connectivity — Hub-spoke VNets, ExpressRoute / VPNs to connect to on-prem Finacle/BaNCS and partner networks, private endpoints for PaaS.

3. Resilience & DR — active-active design across regions, geo-replication for databases and blob storage, automated failover playbooks.

4. Security zones — micro-segmentation via Istio/Service Mesh, WAF in front of APIs, dedicated jump hosts, conditional access via Azure AD.

5. Observability — Application Insights + Prometheus + Grafana + ELK stack for logs/traces/metrics, centralized dashboards for KPIs.

6. Cost & governance — Azure Policy + Blueprints + tagging standards to enforce cost controls and compliance.

Artifacts produced

• High-level Azure architecture diagram (ingress → API MGMT → AKS → databases → partner connectors)

• Landing zone templates (Terraform / ARM / Bicep)

• Networking & security topology

• DR & backup strategy doc

Stakeholders

• Cloud Architect, Security, Network, Cost Governance, Ops.

KPI / Acceptance

• Achieve required uptime SLA; all critical services deployable via IaC into landing zone with policy compliance.

4. Owned security & compliance alignment (TOGAF + SABSA approach)

Objective: architect security and compliance “by design” using EA & security frameworks.

Step-by-step (mapped to frameworks)

1. TOGAF ADM integration — use Architecture Vision, Business Architecture, Information Systems, Technology Architecture and Implementation Governance phases to capture compliance requirements and trace them to design decisions.

2. SABSA security architecture — create layered security artifacts:

   • Contextual layer: business risk & regulatory drivers (RBI, FIU-IND, FATCA)

   • Conceptual: security domains (identity, data, application, network)

   • Logical: controls (RBAC, encryption, audit)

   • Physical: technology choices (SailPoint, Azure AD, Key Vault, WAF, SIEM)

3. Control mapping — map controls to NIST CSF, ISO 27001 clauses, and RBI guidance (KYC/CDD/EDD requirements). Produce traceability matrix (requirement → control → evidence).

4. Policy-as-code — encode security guardrails in Azure Policy and CI/CD gates (SAST/DAST, IaC scanning).

5. Audit & evidence — define logging, WORM storage for immutable audit trails, automated evidence collection for regulators.

6. Operationalize — run tabletop exercises, incident response drills, and continuous monitoring (UEBA & SIEM).

Artifacts produced

• Security architecture (SABSA layers)

• Control traceability matrix (regulatory → control → evidence)

• Policy-as-code repo + CI/CD security gates

• Audit playbooks & runbooks

Stakeholders

• CISO, Compliance Lead, Security Ops, Architecture Board.

KPI / Acceptance

• Zero critical audit findings; continuous evidence readiness (time to produce evidence SLA).

5. Defined and governed standards, patterns & KPIs

Objective: ensure consistency, quality, security and reusability across the platform.

Step-by-step

1. Define architecture principles — e.g., Cloud-first, API-first, Event-driven, Zero Trust, Data as a Product.

2. Publish reference patterns — API pattern (Gateway + Contract + Versioning), Event pattern (idempotent consumers, outbox), Data pattern (master record, change data capture), Integration pattern (sync/async fallback).

3. Standards & checklists — coding standards, naming conventions, API contract standards (OpenAPI), protobuf or Avro for events, logging/trace format (W3C TraceContext).

4. Policy and enforcement — integrate standards into CI/CD via automated checks (linting, OpenAPI conformance, contract tests, SAST, IaC linting).

5. KPI dashboard — define and implement dashboards for Business, Delivery, Security, Compliance, Operational KPIs (see list below).

6. Periodic reviews — architecture compliance reviews via EAB; exceptions recorded and time-boxed.

Core KPIs (tracked per capability)

• Business: Onboarding TAT, Conversion rate, NPS, Fraud loss %.

• Delivery: Release frequency, Lead time, Defect escape rate.

• Security: % services with SAST pass, average time to fix critical vuln, IAM recertification %.

• Compliance: % reports accepted by FIU-IND/RBI, audit SLA fulfillment.

• Operational: Uptime, MTTR, latency percentiles.

Artifacts produced

• Standards & patterns catalogue

• CI/CD policy rules

• KPI dashboards (Power BI / Grafana)

Stakeholders

• EA, Dev Leads, Security, QA, PMO.

KPI / Acceptance

• Published standard catalogue and automated enforcement in pipelines; KPI baseline established and measurable.

6. Partner / vendor orchestration (Finacle, BaNCS, Fenergo, Actimize)

Objective: manage vendors as part of the architecture — ensure SLAs, secure integrations, testability, and change governance.

Step-by-step

1. Vendor assessment & contracting — validate vendor capability, compliance certifications, SLAs for uptime, latency, data protection clauses, and change windows.

2. Define integration contracts — for each vendor produce API contract docs, data schema (ISO/JSON), message formats, error semantics, and test harnesses / sandboxes.

3. Connectivity & security — set up dedicated VPN/ExpressRoute links, mutual TLS, IP allowlists, and token/key rotation policies.

4. Operational runbooks — joint runbooks for incident handling, SLAs, escalation paths, DR procedures.

5. Test & certification — vendor sandbox integration, performance tests, security scans (third-party pentests if required), and compliance test scripts (e.g., sample CTR/STR flows).

6. Change governance — vendor change calendar, coordinated PI planning, and contractual change management process.

Integration patterns (examples)

• Finacle/BaNCS: Real-time API for disbursement / ledger updates + nightly reconciliation batch.

• Fenergo: API calls for KYC/CDD + webhook notifications for status.

• Actimize: Batch SFTP ingestion + streamed alerts into Kafka for real-time monitoring.

Artifacts produced

• Integration contract library

• Vendor runbooks + SLAs

• Certified sandbox tests & performance baselines

Stakeholders

• Vendor Managers, Procurement, Legal, Security, EA, Ops.

KPI / Acceptance

• Vendor SLA compliance %; integration test pass rate; time to remediate vendor incidents.

7. Enabled business–IT alignment with measurable KPIs

Objective: ensure technology investments translate directly into business outcomes and measurable benefits.

Step-by-step

1. Translate business goals into capability KPIs — e.g., reduce onboarding drop-offs → measure % complete onboarding vs started; reduce fraud → fraud loss % per million disbursed.

2. Establish OKRs / KPIs & owners — each capability has a business owner (e.g., Lending Head) and a technical owner (e.g., Service Lead).

3. Design KPI dashboard — single pane for leadership showing Business / Delivery / Security / Compliance / Operational metrics.

4. PI planning & KPI reviews — align development increments to KPI improvement targets and review outcomes at program increments.

5. Value realization tracking — after a capability release, measure actual KPI delta vs baseline and feed into roadmap reprioritization.

6. Reporting to C-suite & regulators — perform monthly scorecard updates and provide audit packets on demand.

Artifacts produced

• KPI mapping table (capability → KPI → target → owner)

• Dashboards (Power BI / Grafana)

• Quarterly value realization reports

Stakeholders

• Business Heads, PMO, EA, CIO/CTO.

KPI / Acceptance

• Demonstrable movement on business KPIs tied directly to delivered capabilities; acceptance by business sponsors.

8. Guided DevOps, DevSecOps & AI/ML adoption

Objective: make releases fast, safe, repeatable; operationalize ML models with governance and explainability.

DevOps / DevSecOps steps

1. Toolchain selection & baseline — GitHub/Azure Repos, Azure DevOps pipelines, Terraform, Helm, Argo CD for GitOps, SonarQube, Trivy/Aqua, OWASP ZAP.

2. Pipeline design — build → unit tests → SCA → SAST → container build → IaC scan → DAST (staging) → approval → deploy to AKS. Implement security gates as failing conditions.

3. Secrets & keys — keys in Azure Key Vault; no plaintext secrets in pipelines.

4. Shift-left testing — contract tests, component tests, and performance tests in CI.

5. Production safety — blue/green deployments, canaries, automated rollback on health checks.

6. SRE practices — SLIs/SLOs, error budgets, runbooks, incident management (PagerDuty), automated remediation playbooks.

7. Pipeline as code & policy — policy-as-code (OPA) to enforce security/compliance in CI.

AI/ML steps

1. Data pipeline — defined sources (KYC, bureau, transaction), governance approvals, data cataloging, and anonymization for training.

2. Model development — experiments in controlled environments, reproducible pipelines (MLflow / Kubeflow).

3. Explainability & fairness — integrate SHAP/LIME to provide model explanations for underwriting decisions (critical for regulator & audit).

4. MLOps — model CI/CD, automated validation, drift detection, production monitoring of model metrics, versioning, and rollback.

5. Human-in-the-loop — manual review queues for edge cases and continuous annotation for retraining.

6. GenAI for Advisor — RAG (Retrieval-Augmented Generation) for factual QA; guardrails to prevent hallucinations; log prompts and responses for audit.

Artifacts produced

• CI/CD pipeline templates & security gate definitions

• SRE dashboards and runbooks

• ML model registry, validation reports, XAI reports

• GenAI design doc (RAG, guardrails, logging)

Stakeholders

• DevOps Lead, Security, Data Science, Product Owners, Compliance.

KPI / Acceptance

• Deployment frequency, lead time for changes, % builds passing security gates, model AUC/precision/recall with XAI coverage, reduced manual reviews.

• IT Strategy Development: the roadmap & capability mappings show strategic outcomes and investment prioritization.

• Business–IT Alignment: KPI mapping & OKR process directly tie technology to business goals.

• Architecture Design & Development: TO-BE architecture, patterns, standards, and Azure landing zones are your concrete deliverables.

• Technology Evaluation & Selection: documented choices (SailPoint, Fenergo, Actimize, AKS, API MGMT) with rationale & procurement inputs.

• Governance & Compliance: EAB, policy-as-code, SABSA+TOGAF mapping, and audit evidence readiness.

• Stakeholder Collaboration: vendor orchestration, RACI, EAB, PI planning and monthly scorecards.

Quick list of deliverables

• Capability Map (Business → Services → Apps)

• AS-IS / TO-BE architecture diagram (Azure)

• Prioritized Roadmap (release/PI backlog)

• Legacy Modernization Blueprint (module map + migration playbooks)

• Security Architecture (SABSA layers + control matrix)

• Standards & Patterns Catalogue (API, event, data)

• CI/CD pipeline templates + security gate configs

• KPI dashboard sample (business + delivery + security + compliance)

• Vendor Integration contracts & runbooks (Finacle/BaNCS, Fenergo, Actimize)

• Enterprise_Risk_Register_Top50.xlsx (available download)