← Back to list
senior
Registration: 25.12.2019

Aleksandr Volkov

Specialization: IT Security Analyst
Project Management Information Security Management System
Project Management Information Security Management System

Portfolio

Luxoft GmbH

Responsibilities: Deliver IT Audit, Compliance and Quality Assurance services. Functions: Support the progress of the Identity and Access Management project, ensuring Identity and Access Concepts quality and compliance with the Company Information Security Policies, Principles and Standards. SoD management.

Novartis Group

Responsibilities: Improve and sustain the company’s information security level state in accordance with the corporate standards. Information security topics single entry point. Functions: Collaborate with the company management, company associates, global IGM team and external consultants in order to reduce the information security risks to acceptable level. Report to the management in Russia (CEO, CFO, CIO) and global IGM team. Lead regular Risk Committees with the management. Facilitate the established information security procedures. Achievements: Progressed with the company IGM gap remediation project within the determined timeline. Implemented the Records Management procedure, prepared and delivered related trainings. Executed smooth transition from company-specific IGM procedures to globally unified policies.

Mazars

Responsibilities: Deliver IT Audit, IT Security and IT Consulting services. Functions: Ensured projects success from the very start till completion. Managed resources, timing and quality. Focus on the added value delivery. Collaborated with other departments on external and internal projects (Data Privacy, GDPR, IT tools). Supported the IT Audit/Security awareness program. Delivered IT Audit trainings. Achievements: Delivered successful IT Security consulting projects. Fostered self-sufficient IT Audit team. CISA certified.

Skills

Risk management
Project management
Information Security
Networking
Leadership Skills

Work experience

Security Analyst
since 10.2018 - Till the present day |Luxoft GmbH
.
Responsibilities: Deliver IT Audit, Compliance and Quality Assurance services. Functions: Support the progress of the Identity and Access Management project, ensuring Identity and Access Concepts quality and compliance with the Company Information Security Policies, Principles and Standards. SoD management.
Lead IT Security Analyst
since 09.2018 - Till the present day |Deutsche Bank Chief SecurityOfficer project
Maintenance
Maintaining the control environment in the areas of Identity & Access Management & SoD at a level acceptable to the Bank in accordance with the requirements of internal policies.
IT Audit Manager
02.2017 - 06.2018 |Mazars
.
Responsibilities: Deliver IT Audit, IT Security and IT Consulting services. Functions: Ensured projects success from the very start till completion. Managed resources, timing and quality. Focus on the added value delivery. Collaborated with other departments on external and internal projects (Data Privacy, GDPR, IT tools). Supported the IT Audit/Security awareness program. Delivered IT Audit trainings. Achievements: Delivered successful IT Security consulting projects. Fostered self-sufficient IT Audit team. CISA certified.
CISO
01.2016 - 08.2017 |“Arsenal”, Insurance Company
.
Responsibilities: Perform a balanced Information Security risks management. Functions: Collaborated with the company management, business representatives, IT team, internal audit and external consultants in order to reduce the information security risks to acceptable level. Performed Information Security and risk assessments, advise and implement measures to close the gaps. Updated the established information security policies and procedures, facilitated their implementation, organized necessary education and awareness campaigns, monitored the established procedures. Supported internal and external audits related to Information Security. Lead regular Risk Committees with the management (CEO, CIO). Achievements: Successfully passed external IT audits without critical observations. Improved internal IT Security documentation.
IGM Officer
03.2014 - 08.2015 |Novartis Group
.
Responsibilities: Improve and sustain the company’s information security level state in accordance with the corporate standards. Information security topics single entry point. Functions: Collaborate with the company management, company associates, global IGM team and external consultants in order to reduce the information security risks to acceptable level. Report to the management in Russia (CEO, CFO, CIO) and global IGM team. Lead regular Risk Committees with the management. Facilitate the established information security procedures. Achievements: Progressed with the company IGM gap remediation project within the determined timeline. Implemented the Records Management procedure, prepared and delivered related trainings. Executed smooth transition from company-specific IGM procedures to globally unified policies.
Assistant Manager
07.2012 - 03.2014 |PwC
.
Responsibilities: Serve as a fieldwork leader of Risk Assurance Services group. Get familiar with specifics of telecom and media industry in order to develop opportunities to improve clients’ efficiency and effectiveness through the design of their operations, processes, IT and business functions. Contribute to development Information Security practice of PwC with my competences and experience. Functions: Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other planning documents. Work with the client and audit team to document the business processes dependant on information technology. Direct daily progress of fieldwork, inform supervisors of engagement status, manage staff performance. Execute procedures, perform data analysis and risk assessment, reach conclusions, document results and suggest ideas for efficiencies. Complete work in a timely manner. Taking part and managing several IT security consulting projects (ISO 2700x, Data Privacy (FL-152), National Payment System (FL-161), SysTrust). Achievements: Accomplished several IT-audits of telecom and media companies in a timely manner. Participated in SOX project (NI 52 109) as part of international team and received positive feedback for my contribution.
Senior Consultant
11.2010 - 07.2012 |Ernst & Young
.
Responsibilities: Serve as a fieldwork leader of IT Risk and Assurance services. Improve clients’ efficiency and effectiveness through the design of their operations, processes, IT and business functions. Functions: Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other planning documents. Work with the audit team to document the business processes dependant on information technology. Direct daily progress of fieldwork, inform supervisors of engagement status, manage staff performance. Execute procedures, perform data analysis and risk assessment, reach conclusions, document results and suggest ideas for efficiencies. Complete work in a timely manner. Achievements: Accomplished more than ten IT-audits of financial companies in a timely manner during a short period of time. Took part in several IT/IT security consulting projects (ITIL/COBIT-related, IT Security audit, Due Diligence, etc.) Received a highly positive feedback for my work on IT Security audit project with an international audit team.
Information Security specialist
04.2006 - 11.2010 |"HCF Bank", LLC
.
Responsibilities: Participate in Bank's projects, information security part. Audit, testing of Bank's systems for information security requirements compliance. Systems monitoring for security incidents. Functions: Analyze, test data-network and application-server systems, stand up for IT security best practices. Participate in the process of external and internal audit on IT Security issues. Participate in projects on designing, creating, implementing & maintaining security components of network and server systems (Web-application security, VPN+Firewall systems, WiFi networks, Secured OS, IDS/IPS). Participate in the project of building the Information Security Management System. Maintain the cryptographic systems, and perform the key-management procedures. Perform monitoring of data-network and application-server systems, for security-related events. Achievements: Implemented a cryptographic system in a bank infrastructure. Implemented a technical project on secured data transmission between Czech Republic and Russia with several tunnels. Putting into operation regulating documents. Securing the IT-Security department network.

Educational background

Information Security
Till 2000
Institute of Cryptography, Communication and Informatics

Languages

FrenchAdvancedEnglishProficientGermanIntermediateRussianNative
Project Management