SUMMARY

• I am a highly motivated person who has graduated from Sheffield Hallam University (UK) with a Master’s degree in Information Systems Security. I possess extensive real - life knowledge of the field of information security, including a wide variety of contemporary technology and techniques. I have a clear, logical mind with a practical approach to problem-solving. I strongly believe that my job is the place, where I can apply my combined knowledge of leading worldwide practical approaches, strong mathematically/theoretical orientation of Russian exact science and my current working experience in the fast-changing environment.
• Align the security functions to business strategy, goals, mission, and objectives;
• Information security framework design, application, and control;
• Determination and following of contractual, legal, industry standards, and regulatory requirements;
• PII data protection during the full lifecycle;
• Contribute to and enforce personnel security policies and procedures;
• Perform Risk Assessment/Analysis, select security controls based upon risk level and systems security requirements, risk monitoring with the continuous improvement in mind;
• Threat modeling;
• Establish and maintain a security awareness,, and program;
• Development and documentation of Business Continuity Plan, including Business Impact Analysis (BIA), Risk Assessment;
• Deep understanding and the ability to apply cryptographic methods, including Public Key Infrastructure, Digital Signatures;
• Implementation of secure communication channels (Remote access, VPN, IDS/IPS, FW, Proxy, WAF);
• Management of the identity and access provisioning lifecycle;
• Conduct logging and monitoring activities including management of Security Information and Event Management systems;
• Knowledge and ability to apply hacking techniques for security assessment;
• Knowledge and ability to apply Incident management/Computer forensics techniques;
• Conduct or facilitate security audits;
• Creation and organization of security systems;
• Deep understanding of technologies of building a secure network;
• Knowledge of hacking techniques and the ability to resist them.

PROFESSIONAL EXPERIENCE:

Confidential

Information Security Officer

Responsibilities:

• Design and maintain an effective security program;
• Management of information security division;
• Development and Implementation of documented Security Policies, Standards, Procedures;
• Alignment and realization of the Global Security Strategy in the Russian region;
• Ensure privacy, legislative and regulatory compliance in terms of security requirements;
• Control and managing the Data Leak Prevention solution, including data classification and labeling;
• Ensuring security requirements in the in-house developed software;
• Managing the complete deployment and integration lifecycle of the SIEM system;
• Risk Assessment/Analysis, Risk Management;
• Conduct Logging and Monitoring activities using SIEM solution;
• Conduct Incident management (detection, escalation, containment, response, and review);
• Review and approval the infrastructure changes according to the internal change management procedures in terms of potential security impact;
• Vulnerability management including security testing (discovery, classification, accounting, control of elimination);
• Control of patch management and security updates;
• Control of periodic account reviews and firewall rules reviews;
• Control of Identity and Access management processes;
• Conduct an annual and Awareness program for all employees with different specialization.

Confidential

Information Security Manager

Responsibilities:

• Lead Management of PCI DSS-compliant client's cloud infrastructure;
• Performing all actions required by PCI DSS standard in the internal provider's infrastructure and in the client's cloud segments;
• Successful passing certified QSA-audit with the scope as Managed Service Provider (clients remain responsible only for their applications);
• Management of PII data-compliant client's cloud infrastructure (certified PII data-Cloud) in terms of technical and administrative security;
• Management and administration of technical security controls: Security Information and Event Management system, Antivirus solution, Network Intrusion Prevention System solution, Host-Based Intrusion Detection System solution, File Integrity Monitor solution, Web Application Firewall solution, Vulnerability Scanner solutions;
• Obtaining government licenses for Technical Information Protection activity and for Providing cryptographic security services;
• Attestation of the information system and the physical space according to the classification level;
• Risk Assessment/Analysis and Risk Management;
• Conduct Logging and Monitoring activities using SIEM solution;
• Conduct Incident management (detection, escalation, containment, response, and review);
• Review and approval the infrastructure changes according to the internal change management procedures in terms of potential security impact;
• Vulnerability management including security testing (discovery, classification, accounting, control of elimination);
• Control of patch management and security updates;
• Control of periodic account reviews and firewall rules reviews;
• Control of Identity and Access management processes;
• Conduct and Awareness program for the employees.

Confidential

Information security consultant/auditor

Responsibilities:

• Participating in PCI DSS audits;
• Preparation the infrastructure and the processes of the company’s clients to the certified PCI DSS audit;
• Bringing client's information systems to the compliance with the PII data regulation in terms of security requirements;
• Performing audit of financial companies (Banks) against the Russian Central Bank Security Standard;
• Performing audit against internal information security frameworks and standards in Government Companies in tight collaboration with penetration testing team.

Confidential

Head of Information Security Department (Co-founder)

Responsibilities:

• Management and bringing client's information systems to the compliance with the PII data regulation;
• Negotiation of security project contracts and requirements details;
• Performance of gap analysis, providing the recommendations for PII data protection regulation compliance;
• Development of the required security documentation framework (PII data protection policy, various security control policies);
• PII data systems classification;
• Development of Threat models and Technical Security projects;
• Deployment of required security controls based on the PII data protection baseline (Logical Access Control Systems, Antivirus solutions, FWs, VPN gates, Trusted Boot Modules, Vulnerability scanners, Solution for the guaranteed information purging);
• Performing the assessment of the effectiveness of the implemented controls and security practices;
• Design and deployment of physical access control/alarm systems and Closed-circuit television systems;
• Connecting the State University to the Government Secure Network;
• Obtaining the for Confidential, LLC in Associate Consultant Programme (ACP) in British Standards Institution (BSI);
• Development of partnership relations with various Information Security companies.

Confidential

Information Security Consultant

Responsibilities:

• Development of documentation framework for ISO/IEC 27001 - Information security management systems and ISO 22301 - Business continuity management systems;
• Performance of Gap analysis of client's information systems based on the ISO/IEC 27001;
• Development of information security documentation set according to the 161-Federal Law - About the National Payment System;
• Participating in PII data protection projects (performing gap analysis, correction and development required security documentation, selection of security controls: VPN gates, FW, Antivirus, Cryptographic solutions, based on the PII data classification);
• Analyzing new products and trends in the Information Security field.