• Spearheaded the development and implementation of comprehensive security policies, safeguarding organizational assets, products, and sensitive data. • Conducted regular risk assessments to proactively identify, evaluate, and mitigate security vulnerabilities across systems and infrastructure. • Architected and led a robust incident response program, ensuring swift, coordinated action and minimal impact during security events. • Ensured compliance with global data protection regulations, including GDPR and CCPA, strengthening the organization’s legal and operational posture. • Achieved and maintained SOC 2 Type II and PCI-DSS certifications; led the annual audit and recertification processes to uphold security standards. • Led the successful implementation of HIPAA compliance initiatives, ensuring the protection of electronic protected health information (ePHI) and alignment with regulatory requirements. • Arranged and managed third-party penetration testing to validate infrastructure and product security, and to proactively address potential vulnerabilities. • Collaborated closely with product development teams to integrate security best practices throughout the software development lifecycle. • Oversaw third-party vendor security management, reducing risk exposure through due diligence, monitoring, and contractual safeguards.

• Led the organization through successful SOC 2 Type II certification, ensuring continuous compliance from 2021 to 2024 through strategic oversight and cross-functional coordination. • Established and enforced comprehensive security policies and governance frameworks, aligning with industry standards and business objectives. • Implemented structured background check protocols and initiated annual security assessments for third-party sub-processors, strengthening vendor risk management and supply chain security. • Directed the integration of security into the Software Development Life Cycle (SDLC) by operationalizing SAST and DAST tools, fostering a shift-left security culture across engineering teams. • Deployed enterprise-level security solutions, including Cloud Directory and Endpoint Detection and Response (EDR), significantly enhancing identity management and endpoint protection capabilities. • Oversaw recurring penetration testing and third-party audits, proactively identifying and mitigating security vulnerabilities to ensure a robust threat defense posture.

• Deployed advanced Data Loss Prevention (DLP) solutions to proactively protect sensitive information and mitigate the risk of unauthorized data disclosure across endpoints and cloud environments. • Directed the implementation and governance of enterprise Identity Management (IDM) systems, strengthening user authentication protocols and enforcing scalable, policy-driven access controls. • Ensured cross-border data privacy compliance, aligning security operations with international and regional regulations, including the EU General Data Protection Regulation (GDPR) and Russia’s Federal Law on Personal Data (FZ-152). • Led organization-wide vulnerability management initiatives, including routine scanning, prioritization, and remediation efforts to reduce exposure to known and emerging threats. • Architected and enforced role-based access control (RBAC) frameworks, minimizing data access risks by aligning privileges with job responsibilities and regulatory requirements. • Developed and facilitated ongoing security awareness and training programs, fostering a security-first culture and equipping employees to recognize and respond to cyber threats. • Provided strategic security consulting to enterprise customers, identifying risks, designing tailored mitigation plans, and supporting their compliance with SOC 2, ISO 27001, and other relevant standards.

• Directed the development and execution of a comprehensive enterprise security strategy, integrating both IT and physical security measures to safeguard organizational assets and ensure business continuity. • Led and mentored a high-performing cybersecurity team, cultivating a culture of excellence, accountability, and continuous professional development. • Conducted enterprise-level risk assessments, identifying critical vulnerabilities and implementing strategic mitigation plans to reduce the organization’s threat exposure. • Designed and deployed advanced Data Loss Prevention (DLP) solutions, reinforcing the confidentiality, integrity, and availability of sensitive information across digital assets. • Established and maintained a robust incident response program, enabling coordinated and timely responses to security events while minimizing operational disruption. • Ensured compliance with international and regional data protection frameworks, including GDPR and CCPA, aligning internal practices with legal and regulatory obligations. • Implemented scalable Identity and Access Management (IAM) solutions, supporting secure authentication, authorization, and lifecycle management across user populations. • Oversaw real-time threat detection and response operations, utilizing advanced security analytics and monitoring tools to proactively address risks and anomalies. • Authored and enforced enterprise-wide security policies and procedures, embedding security governance into organizational workflows and ensuring alignment with best practices. • Managed third-party risk, leading comprehensive security assessments of vendors and ensuring contractual adherence to cybersecurity and compliance requirements.

.• Successfully led the ISO 27001:2005 certification initiative, managing the full lifecycle of implementation and later driving the upgrade to the 2013 standard, significantly strengthening the organization’s information security management system (ISMS). • Founded and scaled the Information Security Division, recruiting, developing, and leading a high-performing team aligned with business objectives and regulatory requirements. • Directed end-to-end physical and operational security across the corporate headquarters and 14 branch offices, overseeing the implementation of CCTV systems, alarm infrastructure, and on-site security personnel. • Managed corporate fleet security, deploying GPS tracking and monitoring systems to enhance vehicle oversight, logistics safety, and incident response capabilities. • Acted as a strategic security business partner to internal development teams, embedding OWASP SDLC principles to ensure secure software design, code review, and release management processes.

• Designed and executed end-to-end security strategies to protect banking products and prevent fraud, reinforcing the integrity and reliability of financial operations. • Performed regular penetration testing and vulnerability assessments, proactively identifying and remediating security weaknesses to maintain a strong security posture. • Ensured compliance with leading security frameworks, including PCI-DSS, ISO 17799, and ISO 27001, aligning security operations with regulatory standards and industry best practices. • Maintained continuous compliance with banking sector regulatory requirements, aligning internal controls and documentation with supervisory expectations and audit standards. • Implemented periodic access control reviews, ensuring least-privilege access and minimizing the risk of unauthorized access to sensitive financial systems and data assets. • Led proactive threat modeling initiatives, identifying potential attack vectors and designing layered security controls to address evolving risks. • Conducted comprehensive, data-driven risk assessments, quantifying threat exposure and prioritizing risk areas to guide executive decision-making. • Developed and operationalized strategic mitigation plans, addressing identified risks with timely, effective, and measurable security controls.

• Designed and enforced comprehensive security policies to protect IT infrastructure and enterprise systems, ensuring alignment with industry standards (e.g., ISO 27001) and internal business objectives. • Led the end-to-end management of security incidents, coordinating rapid investigation, containment, and resolution efforts to minimize business impact and support incident response readiness. • Oversaw the administration of network infrastructure and antivirus platforms, maintaining the security, integrity, and operational continuity of the IT environment. • Managed mission-critical banking systems, including AS/400 and Lotus Domino servers, ensuring high availability, data protection, and compliance with security and operational benchmarks. • Provided strategic security counsel to executive leadership, delivering actionable insights on risk exposure, incident trends, and policy alignment to support informed, risk-aware decision-making.

Computer Systems, Complexes and Networks, Engineer