Nov 2017 – Feb 2019 · 1 yr 3 mos · London Area, United Kingdom

• Responsibilities include developing the UK cybersecurity strategy aligned to business goals and the delivery of a transformation programme aimed at reducing cybersecurity risk and improving key stakeholder relationships, both internally and externally (e.g., FCA, EBA, ECB).

Dec 2016 – Jan 2019 · 2 yrs 1 mo · London Area, United Kingdom

• The primary objective of the Institute is to develop novel, innovative social-science and socio-cultural techniques for cyber security. Panel member practitioners help shape and improve the future research agenda in the cyber security space at UCL, and engage with testing and validating the research outputs.

Sep 2015 – Sep 2017 · 2 yrs · London, United Kingdom

• Risk oversight with a strategic focus on fostering key stakeholder relationships and building trust; Cybersecurity transformation programme; Strategy alignment to risk appetite for effective risk mitigation; Conduct group cyber risk assessment and establish the information and cyber security risk management framework; Establish and maintain appropriate information / cyber security governance, assurance and compliance frameworks. Build a risk aware cyber security culture.

Nov 2014 – Aug 2015 · 9 mos · London Area, United Kingdom

• ° Develop and maintain an overarching security strategy
• ° Develop and monitor compliance with information security policies
• ° Review security controls and make recommendations for continuous improvement of the ISMS
• ° Ensure legal and regulatory compliance with the Data Protection Act, Freedom of Information Act, PCI DSS, NHS' Information Governance Toolkit Assessment, etc.
• ° Facilitate risk assessments and assist business units identify residual risk and pro-actively reduce the potential for security incidents
• ° Develop, roll-out and maintain a cybersecurity awareness programme pitched at all users across the University (staff, students, guests and visitors)
• ° Respond to and communicate with sector-wide, national and international bodies in relation to cyber security

Jan 2009 – Oct 2014 · 5 yrs 9 mos · Timis County, Romania

• I launched this business in 2009 as one of the two co-founders, consulting for a wide range of international businesses, across multiple security domains: Information Security Management, Information Security Risk Management, Supply Chain Risk Management, ISO 27001, Web Application Security, Awareness, Education and Training, Implementation of Information Security Classification Schemes.
• Responsibilities:
• ° Provide strategic, pragmatic and business focused security advice to clients
• ° Help organisations effectively assess, transform, optimise and manage their information security function
• ° Define and implement Information and Cyber Security Governance Frameworks, Compliance Frameworks, Information Security Policy and Assurance Frameworks, Customer Assurance Frameworks
• ° Conduct risk assessment of mission-critical information assets, changes, processes, projects and services
• ° Refine and expand the due diligence, triage and supply chain security risk assessment methodology
• ° Assist clients to ensure organisational compliance with ISO 27001, PCI DSS, COBIT and various other Information Security and Data Protection standards.
• ° Define and implement information security and business continuity risk assessments in line with the ISO 27001, 27005 and 22301 requirements

Apr 2006 – Dec 2008 · 2 yrs 8 mos · Mehedinti County, Romania

• Within the Ministry of Internal Affairs, the Security Component for Information Technology and Communications (CSTIC) coordinates, advises and controls the entire activity in the area of protecting information classified as 'secret', and above, for each County/General Border Police Inspectorate.
• Responsibilities:
• ° Advise Inspectorate’s management team regarding all aspects of securing and protecting classified information
• ° Ensure safekeeping and archival of national security clearance certificates and authorizations to access classified information for the Inspectorate’s personnel
• ° Monitor the implementation of government policies, regulations and legal requirements regarding classified information across all Inspectorate departments and divisions
• ° Audit and monitor all administrative, logical and physical security controls specific to IT and communication systems to ensure classified information is adequately processed, stored, transmitted and/or destroyed

Jan 2004 – Apr 2006 · 2 yrs 3 mos · Timis County, Romania

• Responsibilities:
• ° Perform information security risk assessments, take appropriate actions to escalate and mitigate risks.
• ° Translate technical vulnerabilities to business risk terminology and communicate to senior management
• ° Create, manage and review the company's information security policies and procedures
• ° Running or preparing, reporting and remediation of penetration tests and vulnerability scans
• ° Identify and prioritise security-related requirements
• ° Develop and implement appropriate controls to address security risks identified – security policies, network and host monitoring solutions IDS/IPS, antivirus, VPN, proxy firewall, encryption, logging and auditing, backup and restore capabilities
• ° System access rights review and role profiles documentation
• ° Train staff and raise awareness regarding the misuse of information, security risks, threats and the potential business impact
• ° Promote a risk aware, security-positive culture

May 2000 – Sep 2001 · 1 yr 4 mos · Mehedinti County, Romania

• Responsibilities:
• ° Configure and troubleshoot network equipment such as modems, hubs, routers & switches.
• ° Identify, troubleshoot and resolve hardware, software and network related problems encountered by end- users.
• ° Configure and install Windows/Linux workstations.