Led the creation and execution of comprehensive security policies, ensuring the safeguarding of products, data, and organizational assets. Performed regular risk assessments to proactively identify and address security vulnerabilities. Designed and directed a robust incident response framework, ensuring efficient coordination and resolution during security incidents. Maintained adherence to industry regulations, including GDPR and CCPA, ensuring organizational compliance and data protection. Successfully obtained SOC 2 Type II and PCI-DSS certifications and oversaw the organization's annual recertification process. Partnered with product development teams to embed security measures at the earliest stages of product design and development. Effectively managed third-party vendor relationships to mitigate associated security risks.

Successfully led the SOC 2 Type II certification process, ensuring continuous compliance through annual recertifications (2021–2024). Embedded security into the software development life cycle (SDLC) by leveraging Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Strengthened the organization's security posture by deploying Cloud Directory and Endpoint Detection and Response (EDR) solutions. Conducted regular penetration tests and engaged third-party auditors to identify and address potential security vulnerabilities.

Deployed advanced DLP solutions to safeguard sensitive information and prevent unauthorized disclosure. Oversaw the implementation and management of Identity Management (IDM) systems to enhance user authentication and enforce access control policies. Ensured compliance with international and regional data protection regulations, including GDPR and Russia's Federal Law on Personal Data (FZ-152). Conducted thorough vulnerability scans to identify, prioritize, and remediate potential security weaknesses. Designed and implemented role-based access control (RBAC) frameworks to limit data access to authorized personnel only. Developed and conducted regular security awareness programs to educate employees on data protection best practices and emerging threats. Provided expert security consulting services to customers, helping them identify risks, implement robust security measures, and achieve compliance with industry standards.

Directed the development and execution of a comprehensive security strategy, encompassing both IT and physical security to protect organizational assets. Led a team of cybersecurity professionals, fostering a culture of excellence, collaboration, and continuous improvement. Conducted in-depth risk assessments, identifying vulnerabilities and implementing effective mitigation strategies to reduce potential threats. Designed and deployed advanced DLP solutions to ensure the protection and confidentiality of sensitive information. Established and maintained an incident response plan, enabling swift and coordinated actions during security incidents. Ensured adherence to global and regional data protection standards, such as GDPR and CCPA, to maintain compliance and safeguard sensitive data. Implemented identity and access management (IAM) solutions to enforce secure authentication protocols and limit unauthorized access. Oversaw continuous threat monitoring and analysis, leveraging cutting-edge tools to detect and respond to potential security risks in real time. Authored and enforced comprehensive security policies and procedures to align with industry best practices and organizational goals. Managed security risks associated with third-party vendors, conducting regular assessments and ensuring compliance with security requirements.

Successfully led the ISO 27001:2005 certification project, overseeing the subsequent upgrade to the 2013 standard to enhance the organization's information security framework. Founded the Information Security Division, strategically recruiting and building a high-performing team from the ground up. Directed the comprehensive security operations for the headquarters and 14 branch offices, including the deployment and management of CCTV systems, alarm systems, and security personnel. Oversaw the security of the corporate fleet, implementing GPS tracking systems to enhance vehicle monitoring and ensure operational safety. Actively collaborated with internal software development teams as a security business partner, integrating OWASP SDLC best practices into projects to ensure secure software design and implementation.

Designed and implemented comprehensive strategies to safeguard banking products and prevent fraud, ensuring the integrity and trustworthiness of financial operations. Conducted regular penetration testing and vulnerability assessments to identify and address potential security weaknesses proactively. Ensured strict adherence to key security standards and frameworks, including PCI-DSS, ISO 17799, and ISO 27001, to maintain compliance and mitigate risks. Ensured full compliance with the requirements of banking sector regulators, aligning security policies and practices with industry regulations and expectations. Implemented regular access reviews to ensure appropriate user permissions and minimize the risk of unauthorized access to sensitive systems and data. Conducted proactive threat modeling exercises to identify potential risks and design strategic security controls to mitigate emerging threats. Performed comprehensive risk assessments to evaluate potential security threats and vulnerabilities, providing a quantitative analysis of risk exposure. Developed and implemented strategic mitigation plans to address identified risks, ensuring timely and effective risk reduction strategies.

Designed and implemented comprehensive security policies to safeguard IT infrastructure and systems, aligning with industry standards and organizational objectives. Led the management of security incidents, ensuring prompt investigation, effective response, and timely resolution to minimize impact. Administered and maintained network equipment and antivirus solutions to ensure the integrity, reliability, and security of the IT environment. Managed and maintained critical banking systems, including AS/400 and Lotus Domino servers, ensuring their optimal performance, security, and availability. Provided strategic security support to executive management, offering guidance on risk mitigation, incident response, and security policy alignment to ensure informed decision-making.

Computer Systems, Complexes and Networks, Engineer