Information Security Specialist

Key competencies:

• Delivering various IS/IT related consulting services, including optimization and re-design of business processes, costs optimization in IT, improvement of efficiency, transparency and controllability of IT functions, design of IT systems and solutions architecture, maintaining high level of business continuity;
• Implementation of and ensuring compliance with a variety of international standards and best practices: ISO 27001-27005, COBIT, PCI DSS, ITIL, BSI frameworks.

Experience

Information Security Officer

PJSC ProCredit Bank

July 2006 – October 2013 Kyiv, Ukraine

•Develop and implement Information Security policy and relevant policies, procedures, instructions;
•Implement the Group Information Security Policy (GISP) according to local requirements rules and regulations;
•Participate in the development, implementation, testing and update of Business Continuity and Recovery Plan;
•Monitor security processes in the information systems and identify risks, threats and actual or potential vulnerabilities including new trends arising from the emerging technology;
•Perform annual information security risk assessments with and for both current IT projects and current IT environment of the Bank;
•Inventory and classification of information assets;
•Selection and implementation of new information security IT-systems;
•Participate in the investigation information security incidents;
•IT-systems security checks, new IT-systems security analysis before its’ implementation;
•Information Security Awareness Program development and implementation, testing of employees;
•Implementation of Personal Data protection controls;
•Providing Bank’s Management and Departments with advice regarding Information Security;
•Administration of antivirus and antispam systems, employees’ access to the Internet, personal firewalls, PC hard disks encryption, IS security logs collection and analysis, digital signature SEP NBU administration, internal PKI administration, vulnerabilities search, intrusion prevention, physical access control, video surveillance administration.

Information Security Administrator PJSC UkrSotsBank

February 2004 – July 2006 Zaporozhye, Ukaraine

•Administration of several systems of PKI ("Dzherelo" developed by IIT, SEP NBU, core banking system "Profix", "Crypto Pro", "Cipher", several systems developed internally) and numerous application software which use encrypted protection;
•Employees’ access rights administration and audit;
•Internal network information security audit, employees’ activity analysis;
•Video surveillance system administration, incidents analysis;
•ATMs maintenance with regard to security facilities.