Fractional Information Security & Privacy Advisor- Advising companies in managing their digital risks and meeting their IT regulatory requirements.- Managing IT regulatory projects (ex. EBA requirements, EU's Digital Operational Resilience Act (DORA), NIS 2).- Managing projects of readiness towards internationally recognized standards and frameworks (ex. ISO 27001, SOC 2, ISO 22301, NIST, GDPR etc.).- Defining and operationalising GRC and assurance programmes with a focus on operational, cyber and privacy risk domains.- Assisting key function holders (ex. head of internal control functions) in the identification, evaluation, monitoring and reporting of ICT risks.- Training Board of Directors, Executive Management, and all personnel, on security awareness and data protection matters.- Enabling internal audit functions to perform their IT Audit activities via outsourcing or co-sourcing arrangements.

• Developed and managed compliance program for security & privacy, ensuring information assets protection and regulatory compliance.• Guided senior leadership in resolving risk management concerns and influencing product roadmap decisions.• Monitored international security standards evolution, advising internal teams on impact, and assessed third parties for compliance.

• Operationalized and led the ISO27001 certification process for the information security management system at Sketch.• Continually monitored and improved the Information Security Management System (ISMS).• Collaborated with cross-functional teams to implement security measures and ensure compliance with industry standards.

• Managed a portfolio of clients in cybersecurity, privacy, and internal control, ensuring successful project delivery and client relationships.• Led assurance engagements to evaluate and report on controls for information systems and business processes for SOC 2 attestations. • Spearheaded team growth in knowledge and competency in areas like ICT Risk, ITGCs, and ISO27001/02/05.

- Holder of the highest hierarchical level in charge of the independent information security control function, with direct reporting to the Risk Committee of the Board of Directors (BoD).- Member of the IT Fraud & Cybercrime Committee of the Association of Cyprus Banks (ACB).- Appointed representative for Central Bank of Cyprus summits related to cybersecurity, privacy and payment systems security.Specific responsibilities:- Development, implementation, and monitoring of the information security framework.- Development and implementation of the information security and privacy training program.- Advising on regulatory compliance (ex. GDPR, SWIFT, PSD2, PCI, Outsourcing).- Forming and managing interdisciplinary teams for the implementation of a wide range of projects covering people, technologies and processes (ex. GDPR, Information Classification, monitoring systems).- Third-party risk management as part of the due diligence and periodic monitoring of service providers.- Collaborating with infrastructure and software development teams to ensure security is factored into operational procedures and the evaluation, acquisition, development and maintenance of information systems. - Tracking and coordinating the remediation of security vulnerabilities and audit findings.

• Revised the Information Security Framework based on ISO 27001:2013 standards.• Developed and implemented a comprehensive security awareness program.• Monitored the bank's IT risk posture against regulatory requirements from ECB, EBA, SSM, and CBC.

Member of a team that provided IT assurance and Information Security advisory services to local and multinational companies operating in financial services, telecommunications and ship management industries.

Preparation of lectures/presentations. Preparation and marking of exams.

• Developed an exception-based interface to identify anomalies in vulnerability data from Assuria Ltd's Security Scanner.• Gained exposure to security controls and policies for ISO 27001, PCI DSS, and SOX compliance.• Enhanced skills in data analysis, security protocols, and software development.

• Studied KPMG’s Information Security Management Policy and ISO 27001 standard to produce a non-technical report summary.• Participated in personnel security awareness seminars and got introduced to KPMG’s IT services & Information Risk Management Department.

• Obtained exposure to various end-user support, computer hardware component replacements and installation/configuration of operating systems on end-user machines.