Chief Information Security Officer
Management. Manage IT Security & IT Support Team (2 departments). Implemented ITIL in IT Security and IT Support process.- Cyber Security - 2 people. Technical specialist (Unix and Network engineer) and Auditor.- Tech Support - 2 people. Specialists 1 and 2 levels of support.Compliance. Under my guidance, the company prepared and successfully passed PCI DSS 3.1 international payment systems audit.Security. I implemented and was responsible for information security, physical security and card security.- Development documents (policies, procedures, regulations, configuration standards) and implementation of processes (40+) (PCI, ISO).- Building the access control, backup, DCP and DRP processes.- Vulnerability management and risk management processes.- Implementation and evaluation of efficiency based on KPI. - Implementation encryption and key management processes.- Technical Security Systems – video, access. Testing response plans. - Standardization of work with external suppliers. External compliance audits.Implementation. Centralized anti-virus monitoring systems, network scanning systems, centralized update management system, DDoS countermeasures systems, event collection and correlation systems. Encryption, key management and terminal access.Results. Standardized information security processes in accordance with the developed regulatory documents taking into account the requirements of the standards (PCI DSS, ISO 27001). Implementation of systems to ensure the smooth and efficient operation of IT infrastructure. Ensuring the distribution and accounting of access to information. Preparation and confirmation of compliance of the processes with the requirements of PCI DSS 3.1. Building Tech support processes in accordance with ITIL recommendations, improving the speed and quality of processing application, quantifying the performance. Conducting internal audits, classification of vulnerabilities based on risk assessment.