Mariya Neustroeva

Регистрация: 30.05.2023

Специализация: Process modeling and management, security and compliance management, data protection

Портфолио

Investment Banking application

Business analyst: design of investment processes, application and client path; analysis of data flows in processes: classification, categorization, compliance and risks management, data protection; analysis of compliance of customer experience and technical implementation with the requirements of legislation, internal regulatory documents, information security, IT infrastructure; comprehensive analysis and assessment (qualitative and quantitative) of risks

Business Continuity and Risk Management tools

the link is not available - the company's internal software requirements for automation of the risk and business continuity management system (workflow, data model and role model, system of reference books and classifiers, quality requirements and rules for automatic verification), cooperation with vendors; implementation of an end-to-end process for handling customer requests, automation of the refund process; implementation of an end-to-end process of change and capacity management of IT systems; IT systems criticality calculator

Risk and business continuity management system

Скиллы

Business Continuity: threat analysis and assessment, development and testing of crisis plans

Fraud analysis and counteraction

Functional requirements: data model, role model, workflow

Incident management, data analysis, audit

Process management: design, analysis, optimization, notations

Risk management: assessment, control procedures, indicators, Basel

Security and compliance management, data protection

Опыт работы

Methodologist, business analyst, Risk Coordinator, IT department of Retail business

12.2021 - 10.2022 |Sber

Investment Banking application

Functions: development and optimization of processes and products, implementation and analysis of metrics, cooperation with developers; full cycle of risk and incident management L2 (including IT and information security); analysis of data flows in processes: classification, categorization, compliance and risks management, data protection; analysis of compliance of customer experience and technical implementation with the requirements of legislation, internal regulatory documents, information security, IT infrastructure; comprehensive analysis and assessment (qualitative and quantitative) of risks; development of measures to minimize risks; reporting and data visualization; Agile, Atlassian. Achievements: formation of a map of risks and threats to the continuity of retail business processes (including banking and brokerage services in mobile applications, web, information exchange); development of a risk limit system and decomposition of limits by processes, products, teams; formation of process data flow maps; development of a functional matrix and a role-based access model.

Team Lead of Business Continuity and Risk Management

10.2020 - 12.2021 |Brokercreditservice

IT and Business Continuity

Functions: development of regulatory documents, tools and procedures of risk, business continuity and information security management; full cycle of business continuity, risk and incident management (including IT and information security); conducting qualitative (risk and controls assessment, scenario analysis, risk map and threat model) and quantitative (data base, stress testing) risk assessment in the organization, calculation of capital at risk; audit of the incident database and data sources, optimization and automation; conducting business continuity testing; development of materials and staff training; risk expertise and optimization of processes; reporting and data visualization; Agile, Atlassian. Achievements: requirements for automation of the risk and business continuity management system (workflow, data model and role model, system of reference books and classifiers, quality requirements and rules for automatic verification), cooperation with vendors; implementation of an end-to-end process for handling customer requests, automation of the refund process; implementation of an end-to-end process of change and capacity management of IT systems; IT systems criticality calculator; development of a risk appetite and limits system.

Senior Specialist, Department of Non-financial Risks

11.2019 - 10.2020 |Renaissance Credit

Risk and business continuity management system

Functions: development of methodology of risk and business continuity management; conducting a bank-wide risk and threats assessment (including appropriate training); full cycle of business continuity, risk and incident management (including IT and information security); data analysis, optimization of the structure and improvement of data quality of incident (including adding data sources); reporting and data visualization; Agile, Atlassian. Achievements: formation of a risk map and business continuity threat map; development of strategy, policies, (and testing) business continuity and recovery plans and procedures; development of methodology and procedure of business impact analysis due to continuity violations; implementation of risk coordinator and risk management committee systems; requirements for automation of the risk and business continuity management system (workflow, data model and role model, system of reference books and classifiers, quality requirements and rules for automatic verification), cooperation with vendors.

Senior Specialist, Risk Management Department

06.2019 - 11.2019 |VTB

Risk management system

Functions: analysis and data quality control of risk management system; development of requirements for batch loading of incidents; implementation and calculation of key risk indicators; risk analysis and development of regulatory documents. Achievements: requirements for automation of the risk management system (workflow, data model and role model, system of reference books and classifiers, quality requirements and rules for automatic verification), work with developers; conducting a bank-wide risk assessment (including staff training); development of methodology and calculation of risk appetite (signal value and trigger); development of a methodology for calculating capital at risk (instructions, calculation template, training); requirements for automation of incident registration based on data from the bank's information systems (including use-cases), cooperation with developers.

Specialist, Department of Technological Risk and Business Continuity Management (part-time)

12.2018 - 05.2019 |Rosbank, Societe Generale group

Business continuity, risk and incident management

Functions: full cycle of business continuity, risk and incident management (including IT and information security), adding data sources; assessment, allocation of damage and formation of allocation keys; formation of templates of typical incidents; implementation of the unified information space of the team, mentoring; conducting an assessment of the impact of business continuity violations, testing business continuity plans; risk expertise and development of regulatory documents and processes; optimization of reporting; Agile, Atlassian. Achievements: requirements for automation of the risk management system (workflow, data model and role model, system of reference books and classifiers, quality requirements and rules for automatic verification), cooperation with vendors; optimization of registration of financial impacts of incidents (monitoring of sensitive accounts); development of methodology for accounting and assessment of IT and information security incidents; unification of incident accounting and reporting approaches (SG Russia Group).

Expert, Risk Management Service

12.2017 - 05.2019 |DeltaCredit Bank, Societe Generale group

Risk and incident management

Functions: full cycle of business continuity, risk and incident management (including IT and information security); assessment and allocation of damage; development of risk minimization measures, control procedures; risk expertise and development of regulatory documents; conducting risk stress testing procedures and scenario analysis; implementation and calculation of key and target risk indicators, risk appetite; formation of training materials and training of staff. Achievements: improving the data quality of incident management system (adding data sources and development of accounting system); implementation of a system for investigating and minimizing fraudulent cases; optimization of the database and reporting system.

Образование

Accounting and Audit (Бакалавр)

2004 - 2007

Ural State Technical University

Social Security (Бакалавр)

2002 - 2007

Ural State Technical University

Языки

РусскийРоднойАнглийскийВыше среднего