Андрій

Cyber security specialist (GRC)

mobile phone: [открыть контакты](см. выше в блоке «контактная информация») (Telegram, Viber, WhatsApp )
e-mail: [открыть контакты](см. выше в блоке «контактная информация»)

Experience

Information Security Manager
Ukraine - NDA
10/24 – Present - Full-time

Responsibilities:

●​ Implementing ISO 27001 from scratch for a critical infrastructure object
(ISMS)
●​ Developing information security policies and procedures
●​ Conducting risk assessments and implementing mitigation strategies
●​ Monitoring compliance and conducting audits
●​ Implementing security controls
●​ Conducting employee training and awareness programs
●​ Planning disaster recovery strategies
●​ Conducting technical interviews and assessing the competencies of
candidates for cybersecurity positions
●​ Sourcing, selecting, and performing due diligence on certification bodies to
verify their accreditation and eligibility for ISO 27001 audits

GRC Team Lead
Ukraine - NDA
5/24 – 10/24- Full-time

Responsibilities:

●​ Leading and mentoring the GRC team
●​ Ensuring regulatory compliance
●​ Conducting audits
●​ Developing information security policies and procedures
●​ Performing risk assessments and implementing mitigation strategies
Information Security Manager
Ukraine - NDA
12/23 – 4/24- Full-time

Responsibilities:
●​ Performing security gap analysis for a critical infrastructure object
●​ Advising IT and Security departments on remediating identified security gaps
●​ Developing information security policies and procedures
●​ Conducting employee cybersecurity awareness training and phishing
simulations
●​ Consulting employees on information security matters

Cybersecurity Consultant
Germany, Discontia GmbH – PRINTEGI
10/23 – 11/23 - Freelance (one-time project)

Responsibilities:

●​ Cybersecurity risk management
●​ Developing an incident response plan
●​ Creating a disaster recovery plan
●​ Creating a RACI matrix
●​ Creating documentation about backup and passwords
●​ Conducting a cloud environment security review
●​ Conducting cybersecurity awareness training (phishing, smishing, etc.)
●​ Providing cybersecurity consultancy, including:
-​ Opening potentially malicious files and links in virtual machines and
sandboxes (desktop and web versions)
-​ secure sending of email, email protection, DDoS prevention, etc.

GRC Consultant
Denmark - NDA
7/23 – 10/23 - Freelance (one-time project)

Responsibilities:

●​ Developing ISO 27001 policies and procedures
●​ Working with AWS and writing procedures
●​ Creating and managing a RACI responsibility matrix
Providing consultations on:
-​ procedures and policies;
-​ work with backup
Sales - Team Lead
Ukraine - Discover LV
4/16 – 02/22 Full-time

Responsibilities:

●​ Leading the sales team: recruitment, selection, training, and mentoring of
employees
●​ Searching for and engaging new clients
●​ Communicating with clients in Ukrainian, English, Polish, and Russian
●​ Handling complex client issues, especially those unresolved by other managers
●​ Selling company services
My KPI was the highest among all other employees - outgrew the mentor very quickly -
overall this is one of my strong achievements - later I led the team.

Familiarity with

●​ OSI, TCP\IP network model
●​ DNS, TLS, SSL, IPv4, IPv6, FTP, WS, HTTPS, SNMP, SMTP, POP3, IMAP,
ARP, NDP, ICMP, DHCP, RIP, OSPF, BGP, EIGRP, TCP, UDP, SSH etc - main
network protocols understanding
●​ Main cyber threats understanding (Phishing (different types), DoS/DDoS,
Pharming, Malware, MITM, Ransomware, Trojan etc )
●​ GRC:
●​ Strong knowledge ISO 27001:2022 + ISO 27002:2022; ISO 27005
●​ ISO 27017:2015, ISO 27018:2019
●​ ISO 9001:2015
●​ ISO 19011: Guidelines for auditing management systems
●​ ISO 38500 IT. Governance of IT for the organization
●​ ISO 20000-1 IT. Service management
●​ GDPR, NIST CSF, COBIT 5, PCI DSS, NBU №95, DORA
●​ Writing Policies and Procedures
●​ Risk management
●​ Vendor \ third-party risk management lifecycle
 ●​ Testing employees for phishing attacks and other cybersecurity awareness
activities. (www.knowbe4.com platform).
●​ Training for employees and consulting on information security
●​ Disaster recovery, RPO, RTO
●​ ACS - Access Control System \ СКУД
●​ FDAS - Fire Detection And Alarm System \ ОПС
●​ CCTV - Closed-circuit television\ Video monitoring \ СВН

Completed courses

●​ Security+
●​ SSCP ( Access Controls* )
●​ CSA+ ( Cybersecurity Analyst )
●​ CASP+ ( Governance Risk and Compliance* )
●​ CCNA ( Cisco Certified Network Associate (Netacad))
●​ Google Cybersecurity ( Professional Certificate - 8 course series )
●​ CISA (Certified Information Systems Auditor) - in progress
●​ ISO 27001 Lead Auditor - in progress
●​ ISO 27001 Lead Implementer - in progress
●​ CCSP - Certified Cloud Security Professional - in progress

Languages:
●​ Ukrainian - native
●​ English - B2 (Upper-Intermediate)
●​ Polish​- B1

About Me: I like jazz, radioelectronics, chess, sports and creative photography.