Eugene Kozlachkov

Регистрация: 07.02.2023

Специализация: Security GRC (Governance, Risk and Compliance) Specialist

Security audit Security consulting Security testing Управление рисками

Портфолио

T1 Holding

- Assessment efficiency of IT controls and IT/SEC processes in the companies of T1 Group. - IT General controls, IT infrastructure & system access controls (PAM system), banking software development, processing banking TranzWare (Compas +), cloud IaaS/PaaS service. - IT risk identification, helping to improve IT processes efficiency. - IT / Data Governance, compliance requirements (Central Bank, RosComNadzor, Personal Data Law -152 (GDPR), PCI DSS). - Risk based IT audit, CobIT methodology. IT/ITSec risks identification (GOST 57580- Security of Financial (banking) operations, ISO/IEC 27001). Software development controls assessment (SDLC, OWASP secure coding). - Business\Mission critical IT process identification, recovery criteria (RPO\RTO), DR planning assessment.

UniCredit Bank

- Global Disaster Recovery (DR) Policy and DR plan implementation. - Supervise and prepare DR testing reports. - Participation in BIA (Business impact Analysis) and aligning DR activities for IT Systems according to risk level and critical level of Business process. - Assessment of mission critical IT services and systems. - IT Governance and internal processes analysis and improvement (sustainability of ITservices) based on CobIT methodology. - Participation in CAB-Change Advisory Board, change impact assessment. - Participating in TPRM - Third party risk management, scoring (risk profile) external IT service providers. - Preparing reports & project status presentation.

MTS Bank

- IT audit based on RBA (risk analysis) with focus on business continuity. IT Governance, Business Continuity Management / DRP planning. - IT processes alignment based on ITIL/COBIT methodology, systems access control & SoD analysis. ITGC, change control and SDLC (systems development) controls management. - ERP & core banking system post implementation evaluation, ITGC and information security controls evaluation. - Preparing reports & recommendations, IT Projects effectiveness evaluation, follow up on remediation actions. - IT security Incidents and IT risk assessment, providing Business IT Risk Model. - Implementation of DRP plan. Recovery procedures testing. Internal Audit documents flow automation based on TeamMate solution.

Скиллы

Agile Project Management

Audit Expert

COBIT

ITSM

Making presentations

Negotiating

PMBOK

Scrum

Team Management

Опыт работы

Chief Information Technology Auditor

с 09.2022 - По настоящий момент |T1 Holding

DR GP & Recovery Manager

05.2022 - 08.2022 |UniCredit Bank

Head of IT Internal Audit

12.2011 - 05.2022 |MTS Bank

Manager / Advisory services, IT Risks and Assurance

10.2010 - 06.2011 |EY Russia

IT consulting, IT Risks and systems processes effectiveness improvement: - IT consultancy projects management. Preparing technical & commercial proposals. Business case pursuit. Tender participation, management presentations, ERP systems controls assessment. - SAP Access Control, SoD roles authorities analysis, SAP GRC post-implementation, FI, AP - business & security controls review. - IT infrastructure assessment. Analysis IT expenditures effectiveness, advising on efficiency improvements. Implementing ITIL procedures and practices. - IT Processes effectiveness improvement. - Risk Technology assessment, providing Risk Technology expertise to cross-functional projects. - IT strategy development, providing detailed review for management on IT processes. SDLC change management controls assessment. - Staff management, timing and budgeting. Managing deliverables, results presentation. - Developing IT Security policies, Business Continuity planning (BCP) and Disaster Recovery procedures. Assessment company personal data systems to be compliant with personal data (Federal Law N 152) requirements. Finance Audit systems management / Banking, Industry, Retail & Consumer Sectors: - Analysis of client IT General Control environment, ERP systems / Application controls, Business Accounting system and IT security as part of Financial Audit. Meeting with the client management over final recommendation reports, controls deficiencies and remediation actions. - SOX compliance projects. - Finance Audit systems support and engagements management. Review of IT Controls assessment work, planning, budgeting. - Engagements staffing and consultants team management.

Assistant Manager / Systems Process Assurance (ERP systems & processes)

05.2006 - 09.2010 |PricewaterhouseCoopers Audit

Systems Process Assurance: Energy Utilities & Mining, (EU&M) Retail & Consumer. - Analysis of client IT General & Business Control environment, Finance / Accounting systems control assessment and IT security as part of Financial Audit / SOX compliance projects / Internal Controls evaluation. - Providing detailed reports on controls deficiencies and remediation actions for clients Senior Management. - ERP system controls implementation / security assessment, SAP (FI/CO, Basics). Pre-and post-implementation review (mainly SAP, Scala, Navision, Oracle). Finance audit support for assessment of reliance of ERP-system generated automated reports, SAP built in business automated controls (IS security, P&P, FI). - SAP business user roles assessment, system user authorities analysis and SAP GRC pre-implementation review. - IT Project Management and Internal Audit. Risk analysis and reports on control weaknesses. Preparing Internal Control Recommendations (ICR), reports based on audit results finding. Holding meeting for discussion with the client Management CIO, CFO, Chief Accountants. - SOX compliance controls assessment (SEIC listed clients), IT environment Due Diligence assessment. COBIT, COSO components evaluation and Risk management. - Internal Controls, Risk Management, IT Governance and Compliance, Process Improvements and IT Project Management. - Project budget management, Timing & Resources planning, Staff management. - Developing work plans and project approaches in the financial audit context and/or consulting world.

Systems, Networks & Security Department, IT Systems Architect, Senior Expert

11.2005 - 04.2006 |JSC “Banque Societe Generale Vostok”, BSGV

Responsible for new IT Systems projects development.Presenting projects for approval to IT Advisory Board. IT Risk management. Projects: • Developing Storage Area Network solutions. • Implementing secure Internet Bank-Client solution for the the bank clients. • Developing concepts and general requirements for Data Centre. Building up Disaster Recovery site. Case study. Preparing requests for Proposals (RFP). • New bank filial setting up, assisting in deploying bank standard IT services for the new branches. • IT Projects management. Assessing new IT technologies relevant to the bank business requirements. • IT architecture - requests for proposals, writing documentation and tender technical requests (RFP).

CIO, Russia CIS & Baltic’s IT Site Manager

09.2002 - 10.2005 |Richemont Luxury Group

Richemont - leading luxury goods groups, with the strengths in terms of jewellery and luxury watches. Group encompasses the most prestigious names in the industry including Cartier, Piaget, Vacheron Constantin, etc. Currently, operates the network of over 11 Boutiques in Moscow. Responsible for start up of all IT infrastructure, business application implementation for Moscow HO and network of Boutiques. Reporting to local General Director and Swiss based functional IT Director. - IT projects management. Designing & implementing IT Infrastructure / telecommunications for Head Office & boutiques. Implementing secure WiFi technology in boutiques for sales staff access. - Implementing and supporting Finance systems: Navision Attain, SAP, etc. - Managing Sales/Stock analytic system and sales reporting activities (Cognos PowerPlay tool). - Overall responsibility for maintaining main office automation system (Lotus Notes messaging, Navision (160+ nodes, 7 Servers, telecoms and VPNs). - IT staff management.

Образование

ITIL Foundation

По 2018

Cleverics

DevOps CI/CD

По 2019

Cleverics

Security Management ISEB, England

По 2002

Baltimore Security Academy, UK

Oracle Security Gate training

По 2007

PwC / Moscow

IT Risk Management

По 2010

PwC office, Moscow

Certified Ethical Hacker, СЕН2. Hacker penetration testing and Security Analysis

По 2021

International Council of E-Commerce Consultants (EC-Council)

Computer Systems, Computer & Automation systems

По 1987

Moscow University of Radiotechnique Electronic & Automatic

CISA – Certified Information System Auditor – International Certification

По 2006

ISACA

SAP FI / CO, Business Controls / Purchase & Payables / Revenue Receivables, ITGC

По 2008

PwC / Warsaw

SAP GRC (Governance, Risk & Compliance)

По 2009

Latimer Centre, UK

Integrated Audit approach

По 2010

PwC, Moscow, In-house

Sales influencing / Presentation skill

По 2003

Winston Lake, UK

Certified Training Centre, Project Management based on Standard ANSI PMI PMBOK v.6.0 & Agile Practice Guide

По 2021

Training Center at Bauman Moscow State Technical University

Языки

ФранцузскийБазовыйАнглийскийПродвинутыйРусскийРодной