- Build the Security Operations Center (SOC) function for e-Government and Ministry of the Interior - Led a consulting team for cyber security matters serving the Ministry of the Interior - Build and providing internal security and business continuity management (BCM) functions for the company

- Established the Global Security Operations Center function from scratch together with a project team- Led SOC in 24/7 model- Managed multinational team of specialists - Operated in the environment under SOX, GxP and HIPPA regulations- Determined strategy and road map based on risk assessment the in all above-mentioned areas - Determined and managed development and implementation of necessary policies, procedures and controls to ensure IT compliance with legislative and Company requirements (e.g. polices, operations guides, training, on-boarding and off-boarding manuals, work instructions for use cases, service descriptions with internal and external customers, data privacy risk assessment)- Established and monitored routine procedures to ensure effective working of processes in operations;- Facilitated audits and penetration tests focused on SOC, evaluation and control on implementation of fixes;- Communicated with peers and management on performance, strategy and plans of SOC- Managed vendors (SIEM, service providers)- Communicated with system/log source owners on SOC services, onboarding process, phases and service conditions- Implemented incident ticketing and handling tool, detection & investigation supporting tools and external security threat feeds

- Over 15 000 users and 400 IT specialists;- Determined the strategy and scope of IT Security based on the risks assessment;- Determined and managing of the development and implementation of necessary policies, procedures and controls to ensure IT compliance legislative and Company requirements e.g. End User Policy, IT Risks management, Incident management, Secure Application Development, Security Configuration Standards for all OS, Desktops, AV; - Established and managing a team for security event logging and on-line monitoring over critical IT infrastructure (OS, DB and APP level, hundreds of servers);- Established and managing a team for IT forensic investigation;- Established a data leakage protection team using unique scoring system- Assessed changes to IT infrastructure and applications and determining security requirements to fulfill security standards and cover risks;- Developed and managing security of mobile devices;- Established and monitoring of routine procedures to ensure effective working of the controls (also related to FARG – Italian equivalent of SOX using ITGC);- Carried out checks to determine that controls are run as specified (sustainability, ensuring compliance with FARG);- Ensured the conduct of the necessary internal assessment tests defined in the procedures and implementation of fixes required;- Facilitated and managing audits and penetration tests, evaluation and control on implementation of fixes;- Developed and managing of awareness trainings;- Implemented and managing the user authorization process for privileged and also business users; - Maintained internal certification authority;- Deviations management; - Provided periodic Security reporting to the executive board;- Managed teams for change management and release management.

- Defined focus and scope;- Led cross boarder activities;- Ensured consistent common approach across Europe;- Led development of global guidelines; - Developed shared knowledge bases for various areas e.g. incidents, policies, projects, security technologies;

- Over 3500 users in 5 countries and 100 IT Specialists- Determined and managed the development and implementation of necessary policy, procedures and controls to ensure IT compliance legislative and Company requirements;- Established and monitored routine procedures to ensure effective working of the controls; - Carried out checks to determine that controls are run as specified;- Facilitated and managed audits and penetration tests, evaluation and implementation of fixes;- Developed and managed awareness trainings;- Implemented and managed the user authorization process; - Acted as Information Security Officer for Central n Europe; o FW, VPN, Logical security, Physical Access, AV, Application security, Network security, Change Management, Incident and Problem Management, End User Environment, Security on projects etc.- Shared knowledge among SABMiller Information Security Officers members in SABMiller´s Global Security Board. Project Leadership IT General Controls Manager (SOX)- Implementation and maintenance of Sarbanes-Oxley requirements in IT as project manager;- Determination and management of the development and implementation of necessary policy, procedures and controls to ensure IT compliance legislative and Company requirements;- Establishment and monitoring of routine procedures to ensure effective working of the controls; Segregation of Duties and privileged rights management in SAP (CZ,SK, HUN)Emergency access for IT employees to SAP

Initially focused on internal control systems in banks and their internal audit functions. In 2002, moved to a new team for audit/control of managing risks in IS/IT in commercial banks, including on-site inspections of IS/IT management by said banks.During on-site inspections, acted as IT security leader (2-4 people) or took over as team leader (6-7 people), which involves checking and assessing the following:- Development of IS/IT strategies,- Organization of IS/IT and separation of divergent functions,- Quality of all written materials having to do with IS/IT,- Security policies for IS/IT,- Classification and protection of information assets,- Evaluation of IT risks and risks analyses,- Security lapses in IS/IT area,- Outsourcing IT,- Personal security in IS/IT,- Physical plant security in IS/IT,- Monitoring use of and access to systems,- DRPOther responsibilities:- Contributed to internal methodology for IT security- Analyzed, judged and ultimately (dis)approved IT-related clauses for banking license applications or requests for changes in existing licenses;- Assessed the outsourcing and insourcing of IS/IT by banks,- Contributed to new legislation concerning IS/IT,- Contributed to new models for rating banks (using the risk based approach).