Assist with the expansion efforts to new markets in West Africa, reporting directly to the CEO. This position has involved extensive travel to places such as Cape Verde, Guinea-Bissau and Ivory Coast to liaise with senior government officials.PontSystems is an IT company established in 1996, headquartered in Budapest, Hungary. The company focuses on custom software development and business consultancy services to corporations and governments in Europe, Asia and Africa.

Work closely with the Chief Compliance Officer to revamp the Global Compliance program to support all business lines of the Group, focusing mainly on the Financial Services venture.The pressure on financial institutions to comply with the evolving and challenging regulatory landscape continues to escalate. Scrutiny from multiple stakeholders (including regulators and investors) intensifies in an industry where compliance demands are now far more intensive than ever. With new rules being introduced and existing ones tightened, we face a set of challenges in keeping abreast of these changes, and this is the everyday challenge that keeps me going.

PCI-DSS Certification and Compliance – Ultimate accountability for achieving the highest and strictest level of compliance stipulated by the PCI Security Standards Council - Level 1 as Service provider. From budget control and vendor selection to drafting policies and providing recommendations on audit evidence generated by Dev and SysAdmin teams prior to External Auditors' review, I have coordinated our certification efforts at each step of the way.PCI-DSS Awareness Training – Created guidelines for all Customer Facing Agents and held on-site training sessions in English/French at our offices in Morocco, Egypt, Ghana, Ivory Coast, Nigeria and Kenya on how to handle bank card details in a compliant manner through Phone, E-mail, Chat, etcBanking Licenses Management – Screening of all license requirements in order to make sure we operate in a fully compliant manner as a payment facilitator in multiple African markets. Acted as the Project Manager translating technical requirements into action items and assured that all evidence provided by legal and technical teams are accurate before applications can be filed at the respective Centrals Banks (E.g: Central Bank of Nigeria, Central Bank of Egypt, Bank of Ghana).Third-Party Program Manager / Information Security Assessor – Established a comprehensive framework of procedures and guidelines on how to handle entities partnering up with us. Using a risk-based approach, companies had to undergo information security assessments and enhanced due diligence screenings in accordance with the criticality of the service being provided. Assessments had to take place before contracts were signed and at a yearly basis in order to make sure that the service continues to be provided as supposed to, and as securely as possible.

Leverage knowledge of Technology systems, Citi IA standards and policies to participate in the planning and execution of IT specific and integrated audits of global influence, providing operational support to Citi offices across the globe. Document all reviews and findings in a manner consistent with Global Citi Internal Audit standard for Risk based Audits; ensuring that results and analyses are objective and well documented. Monitor the risk environment and assesses emerging risks through the quarterly Business Monitoring process for Citi operations in Portugal, Spain, Italy, Greece and Israel. Develop effective line management relationships to ensure strong understanding of the business. Translate business risks and regulatory requirements into internal policies and standards.

Coordinate and conduct Information Security assessments for a wide range of third party companies. Verify logical controls, compliance with IS requirements (mandated legally or as per Citi standards) and perform onsite physical security reviews across several EMEA locations, especially in Africa. Investigate supplier’s information security controls, policies, standards and procedures (mostly created in accordance with PCI DSS, ISO27001, COBIT standards), analyze evidences and identify non-conformities. Assemble summary of the controls environment and CoB plans, generate report, discuss issues, conduct threat assessments and present findings to the business. Assessments were conducted mainly in English/French but also in Italian/Portuguese. This role demanded a high level of communication/soft skills and abilities dealing with cross-culture environments in order to assure the cooperation of all parties and the completion of the assessments. Some of the countries visited were Algeria(2x), France(6x), Ghana, Ivory Coast, Jordan, the Netherlands, Portugal, Senegal, South Africa(2x), United Kingdom.

Not for public release