Daniel

DANIEL SMIK
Informati on Securi ty Consul tant, Compl i ance Speci al i st

CONTACT PROFILE SUMMARY
Mid-level Information Security (GRC) specialist with 3 years of experience in risk
management, internal audits, and security governance aligned with ISO 27001.
Telegram : @Danielsmkkk Experienced in supporting and improving ISMS, conducting control assessments,
[открыть контакты](см. выше в блоке «контактная информация») and identifying security gaps.
Ukraine , Kyiv Hands-on experience in third-party risk evaluation, access governance, and
development of security documentation. Focused on applying a structured, risk-
based approach to strengthen security posture and support continuous
improvement of security processes.

EDUCATION WORK EXPERIENCE
2023 - 2027 2023 - 2026
Consulting Project - ISO 27001:2022 Implementation
TARAS SHEVCHENKO
NATIONAL Supported implementation and continuous improvement of Information
UNIVERSITY OF KYIV Security Management System (ISMS) aligned with ISO 27001:2022
requirements.Participated in development and maintenance of internal
security policies, procedures, and ISMS documentation (Clause 7.5), ensuring
Bachelor’s Degree in
proper versioning, ownership, and document control.
Cybersecurity
Conducted internal security assessments and control validations to evaluate
control effectiveness and identify gaps.Participated in internal audit
lifecycle, including preparation, interviews, evidence collection, validation,
SKILLS and documentation of findings (major/minor nonconformities).Contributed
to remediation tracking and improvement of internal security controls based
Time Management on audit results.
Leadership Contributed to risk management processes, including risk identification,
likelihood and impact assessment, prioritization, and maintenance of risk
Effective Communication
register. Participated in risk assessment workshops with asset owners and
Analytical thinking supported definition and tracking of risk treatment plans. Assisted in
Structured documentation preparation and maintenance of Statement of Applicability (SoA) and control
Attention to detail selection.
Performed periodic access reviews, validating user permissions against the
Teamwork
least privilege principle and identifying excessive access.Supported access
Research & Information analysis
governance processes, including recertification and improvements in Joiner-
Creativity Mover-Leaver lifecycle.
Supported asset management processes, including validation of asset
inventory, ownership, and classification.
Conducted security assessments of third-party tools and vendors (SaaS and
LANGUAGES desktop) prior to onboarding. Evaluated security controls (MFA, RBAC, SSO),
data protection mechanisms (encryption in transit and at rest), and data
English: C1 handling practices
Ukrainian - Native Reviewed vendor documentation (privacy policies, DPA, certifications such
as ISO 27001, SOC 2) and assessed security posture. Provided risk-based
recommendations on tool approval, restriction, or rejection, including
definition of compensating controls
Contributed to development of security awareness materials and initiatives
to promote security culture within the organization.