Implemented and audited security processes for E-commerce, Gamebling & Crypto companys.Payment Standards - PCI DSS, PA DSS (PCI SSF). Privacy Data Protection - GDPR, ISO 27701.ISO - 27001, 27005.Betting&Casino - GLI19, GLI33, AGCO(Canada), Kahnawaki, MGA(Malta), Romania iGaming. DLT and FCA EMI licensing projects. Case studies and customer reviews can be found on the website https://audit-security.com/portfolio

Conducting expert audits and building security processes. Preparation of companies for the passage of PСI DSS and ISO audits, compliance with the GDPR requirements. Master’s Degree in Cyber Security, 17 years experience. 12 years in management (project & functional). Cyber Security processes development and implementation. Budgeting and financial reporting. Evaluation and development of employees. Experience with crypto projects. PCI DSS 4.0 development. Game Development certifications. Result-oriented. I know how to turn chaos in order.Client casesPurpose: Building processes and searching for an employee.The result is security processes and the hiring of a specialist.The company asked for an assessment of the state of security processes and their subsequent construction. An expert audit was carried out and a list of risks was prepared. After that, a plan was developed to eliminate them and implement processes. Regulatory documentation has been prepared, security processes and fault tolerance processes have been implemented. Conducted training. In addition, the process of searching for an employee and interviewing for the position of CISO was organized. This employee was hired and the developed materials and processes were transferred to him for subsequent support.Purpose: Fulfillment of the requirements of the GDPR.The result is compliance with GDPR requirements.The company asked for help in meeting the requirements of the personal data regulation. Processes were analyzed, data mapping was done, risks and threats were assessed. After that, documentation was prepared and processes and reporting were implemented in accordance with the requirements of this regulation. In addition, changes were made to technological systems and sites in accordance with the requirements.More information about services, clients and certificates https://www.davydych.com If you know some people i can help, write me message or send e-mail to viktor.davydych@gmail.com

- Led team to pass ISO 27001 audit, securing data and achieving GDPR compliance.- Developed critical regulatory documents and executed risk analysis, enhancing security compliance and meeting 100% of SLA targets.Areas of responsibility:- Compliance (PCI DSS, GDPR). Compliance with standards, processes implementation and documentation development.- Cyber Security. Construction, implementation and documentation of information security processes (risks, systems, people).- Physical Security. Consulting responsible persons, video surveillance systems, access control system, processes and documentation.- International offices security. Development and control Cyber Security and compliance requirements (PCI DSS).- Risk analysis.

- Led GLI19, GLI33, Romania iGaming, AGCO, Kahnawake, MGA, PCI DSS, GDPR, ISO 27 standards, contributing to a successful expansion into 3 new markets.- Developed security processes, ensuring Betting & Casino preparation met certification. The tasks were completed in full; certificates were received on time.Areas of responsibility:- Building security processes and compliance functions. Analysis, planning and budgeting.- Develop and implementation regulatory documentation.- Betting & Casino preparation and certification processes.- Implemented GameDev standards - GLI19, GLI33, Romania iGaming, AGCO(Canada), Kahnawake, MGA(Malta). - Implemented international standards - PCI DSS, GDPR, ISO 27*.

- Drove PCI DSS and GDPR compliance, achieving 100% audit success rate, bolstering data security.- Navigated ICO, DLT, PCI, and FCA EMI regulations to secure and enhance relationships with international partners.- Optimized Level 1-2-3 IT Support, achieving a 25% improvement in KPI metrics through strategic SLA-based process refinements.Areas of responsibility:- Compliance (PCI DSS, GDPR). Compliance with standards, processes implementation and documentation development.- Cyber Security. Construction, implementation and documentation of information security processes (risks, systems, people).- Physical Security. Consulting responsible persons, video surveillance systems, access control system, processes and documentation.- International offices security. Development and control Cyber Security and compliance requirements (PCI DSS).- DLT and FCA EMI licensing.- Risk analysis.- Interacted with foreign regulators and their representatives - ICO, DLT, PCI Council.

Areas of responsibility:- Tech Support (Level 1). Building service oriented processes, based on a service catalog, with SLA and KPI.- Level 2-3. Building processes for performing tasks, prioritizing and reporting.- Security in development process. Kubernetes in implementation stage.- Compliance (PCI DSS, GDPR). Compliance with standards, processes implementation and documentation development.- Cyber Security. Construction, implementation and documentation of information security processes (risks, systems, people).- Physical Security. Consulting responsible persons, video surveillance systems, access control system, processes and documentation.- International offices security. Development and control Cyber Security and compliance requirements (PCI DSS).

Management. Manage IT Security & IT Support Team (2 departments). Implemented ITIL in IT Security and IT Support process.- Cyber Security - 2 people. Technical specialist (Unix and Network engineer) and Auditor.- Tech Support - 2 people. Specialists 1 and 2 levels of support.Compliance. Under my guidance, the company prepared and successfully passed PCI DSS 3.1 international payment systems audit.Security. I implemented and was responsible for information security, physical security and card security.- Development documents (policies, procedures, regulations, configuration standards) and implementation of processes (40+) (PCI, ISO).- Building the access control, backup, DCP and DRP processes.- Vulnerability management and risk management processes.- Implementation and evaluation of efficiency based on KPI. - Implementation encryption and key management processes.- Technical Security Systems – video, access. Testing response plans. - Standardization of work with external suppliers. External compliance audits.Implementation. Centralized anti-virus monitoring systems, network scanning systems, centralized update management system, DDoS countermeasures systems, event collection and correlation systems. Encryption, key management and terminal access.Results. Standardized information security processes in accordance with the developed regulatory documents taking into account the requirements of the standards (PCI DSS, ISO 27001). Implementation of systems to ensure the smooth and efficient operation of IT infrastructure. Ensuring the distribution and accounting of access to information. Preparation and confirmation of compliance of the processes with the requirements of PCI DSS 3.1. Building Tech support processes in accordance with ITIL recommendations, improving the speed and quality of processing application, quantifying the performance. Conducting internal audits, classification of vulnerabilities based on risk assessment.

My responsibilities:- Implemented Cyber security and Physical Security process, as well as best practices and standards (PCI DSS, ISO, ITIL).- Security consultant in development of internal and international electronic payment system projects.- Developed more than 50 regulations Cyber Security documents and implemented PM Methodology.

Led the company to pass 3 key audits: PCI DSS 2.0, Visa Security, MasterCard Security, securing certifications from authorities in the USA and Hong Kong.Areas of responsibility:- Under my guidance, the company was successfully prepared and successfully passed three international payment systems audit PCI DSS 2.0, Visa Security, MasterCard Security, obtained a certificate from the USA, Hong Kong, Russia audit authorities.- Design and implementation of access control, CCTV, alarms, panic buttons, motion sensors, and so on.- Building a secure printing process and store payment cards and PIN envelopes. Security processing PAN.- Prevention and investigation of theft of money from credit card. Communication with VISA, MASTERCARD officials.

Completed 3 international projects as Project Manager with PMBoK Methodology - ArcSight, GFI Web Monitor, Qualys + Nessus. Vulnerability management processes reduce the number of vulnerabilities in IT systems, more than 10 times. Incidents 24 hours SLA.Areas of responsibility: - Completed 3 international projects as Project Manager with PMBoK Methodology – ArcSight, GFI Web Monitor, Qualys + Nessus. - Developed IT Security regulations documents (more than 20). For example «Security policy of information network in OTP Bank».- Vulnerability management processes reduces the number of vulnerabilities in Tech systems, more than 10 times.- Provided trainings for employers (more than 300 employers), developed and implement Web tests.