Projects I was involved in.

Projects I was involved in @ Eurobank Limited.

Projects I was involved in @ Eurobank Cyprus.

Projects I was involved in @ Hellenic Bank Public Company.

Projects I was involved in @ PwC Cyprus

Project Title:

Cyber Security Awareness Training

Project Duration:

May 2023 (2hrs)

Client:

Financial Institution / Bank

Project Description:

Cyber Security Awareness Training to the Board of Directors

Responsibilities / Duties:

Leading Member of the Implementation Team & Presenter

Project Objectives / Deliverables

Presentation of Cyber Security Awareness Training to the Board of Directors:

  • Cybersecurity Attacks

  • How to prepare for cyber attacks

  • How to respond to cyber attacks

  • Relevant Regulations

  • Next Steps


Project Title:

Risk Assessment & Cybersecurity / Information Security Awareness Training

Project Duration:

February 2023 – May 2023

Client:

Retail Fashion and Hospitality Organization

Responsibilities / Duties:

Leading Member of the Implementation Team & Presenter

Project Description:

Assessment of the risks faced by the information systems of the Organization in terms of infrastructure and security

Project Objectives / Deliverables

  • Evaluation of the current IT environment of the Organization

  • Identification of the risks faced by the Organization regarding the information systems it uses

  • Propose a Strategy for the upgrading of the Organization’s information systems

  • Presentation of the findings to the Organization’s Board of Directors

  • Information Security Awareness Training to all employees (5 sessions of 6hrs duration each)


Project Title:

Information Security Framework & Toolkit

Project Duration:

January 2023 – June 2023

Client:

Independent Government Authority

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Establish National Risk Assessment and Business Continuity Standards/ Methodologies for Critical Information Infrastructures of Cyprus based on specific framework

Project Objectives / Deliverable

  • Defining the overall scope of the framework, the applicable environment, the stakeholders, the general governance model, the improvement management processes, etc.

  • Defining roles and responsibilities in relation to the overall and specific governance model of essential service operators

  • Definition of risk data elements/parameters to create common understanding between essential service operators, relevant parties, and future users/applications of the developed framework, including risk assessment parameters, risk categories, threat descriptions, materiality, etc.

  • Define framework methodologies detailing the steps to be followed by essential service operators when performing Business Impact Assessment and Risk Assessments

  • Define standards that can be used by essential service operators to document the relevant model and policies:

    • Governance standard document

    • Risk assessment and Business Continuity Plan standards

    • Risk register standard

    • Risk Treatment Plan template to record actions, owners, and schedules

    • BCP template for documenting critical business functions (impact analysis), related risks and exposures, Recovery Time Objective, Recovery Point Objective, critical applications and resources, recovery team members, recovery processes, etc.

  • Development of the implementation toolkit, through the development of a set of documents, links to standards and guidance material to be used by the essential services operators to carry out BIAs and RAs according to the defined methodologies

  • Informing the staff of essential services operators about the project and training

  • Training program for specialized personnel to support the implementation of the developed cyber security frameworks

  • Tailored training program for senior management in each essential service operators to support information gathering related to RA/BIA processes

  • Training program to strengthen cyber incident reporting capabilities

  • Tailored learning by studying the essential service operators’ best practices from across Europe and the US to accelerate learning and enable benchmarking of their own practices against the latest technology


Project Title:

ESS IT Security Certification Assessment

Project Duration:

November 2022 – December 2022

Client:

PwC Netherlands

Responsibilities / Duties:

Member of the Implementation Team

Project Description:

Collaboration with PwC Netherlands for the performance of an ESS IT Security Certification Assessment for a Governmental Organization in Cyprus

Project Objectives / Deliverable

Provide security assurance for the ESS IT Security Framework thereby maintaining trust among the ESS members regarding secure and confidential data exchange


Project Title:

EMI Licensing

Project Duration:

October 2022 – December 2022

Client:

Electronic Money Institution

Responsibilities / Duties:

Member of the Implementation Team

Project Description:

Review of Policies, Procedures and Plans to ensure compliance with EMI requirements so that to ensure licensing of the client

Project Objectives / Deliverable

Review & Update of Policies, Procedures, and Plans


Project Title:

Information Security Management System

Project Duration:

September 2022 – November 2022

Client:

Governmental Organization

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Review and Update of the Information Security Management System based on the ISO/IEC 27001:2022

Project Objectives / Deliverable

  • Review & Update of Statement of Applicability

  • Business Continuity and Disaster Recovery Plans Training of relevant teams

  • Business Continuity and Disaster Recovery Scenarios Testing (Workshop)

  • Update of Asset Register and Business Impact Assessment

  • Update of Risk Assessment

  • Update of Risk Treatment Plan

  • Social Engineering Scenarios Testing (Physical)


Project Title:

Information Security Risk Assessment

Project Duration:

January 2022 – July 2022

Client:

Health Services Organization

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Analysis of risks faced by the Organization’s information systems in terms of their infrastructure and security

Project Objectives / Deliverable

  • Providing an overview and evaluation of the current environment of the Organization’s information systems

  • Highlighting the risks faced by the Organization regarding the information systems it uses

  • Propose the strategy at a high level that the Organization must follow to upgrade its information systems

  • Presentation of the findings to the Organization’s Board of Directors


Project Title:

Information Security Risk Assessment

Project Duration:

November 2021 – May 2022

Client:

Governmental Organization

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Preparation of a Security Risk Assessment

Project Objectives / Deliverable

  • Evaluation and assessment of the security procedures followed based on the ISO/IEC 27001 standard

  • Risk Management Framework that will cover the main points that need upgrading in security

  • Developing Organization’s Security Incident Response Plan and Procedure

  • Suggestions for adjusting the findings identified


Project Title:

Risk Assessment & Business Impact Assessment

Project Duration:

November 2021 – April 2022

Client:

Financial Institution

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Review and Update of the Information Asset Inventory, Risk Assessment Report and Business Impact Assessment

Project Objectives / Deliverable

  • Review and Update of the Information Asset Inventory

  • Review and Update of the Risk Assessment

  • Review and Update of the Business Impact Assessment


Project Title:

Design & Development of an Information Security Management System (ISMS)

Project Duration:

November 2021 – June 2022

Client:

Semi-Governmental Organization

Responsibilities / Duties:

Leading Member of the Implementation Team

Project Description:

Definition and development of an Information Security Framework to underpin the Identification, Detection, Response to and Recovery from Information Security Risks in line with the strategy and business scope of the organization

Project Objectives / Deliverable

  • Definition and development of a business-aligned Information Security Management System

  • Review, update and development of Information Security Policies, Procedures and Processes

  • Identification and documentation of assets and asset owners (Asset Inventory)

  • Definition and documentation of an Information Risk Management Methodology

  • Development of an Information Security Risk Register

  • Definition and documentation of a monitoring, measurement, analysis, and evaluation process of the ISMS

  • Definition and documentation of an Information Security Internal Audit Program

  • Definition and documentation of the Continual Improvement Process

  • Aligning Organization’s ISMS operation with the legal and regulatory requirements for the processing and protection of Personal Data

  • Reviewing, updating and/or developing Organization’s Incident Response Policy and Procedure


Projects I was involved in @ JCC Payment Systems Ltd.

Projects I was involved in @ Cablenet Communication Systems PLC.

Projects I was involved in @ PwC Malta

IT Systems Audits.

Perform IT Audits as part of the financial audit so that to ensure that the systems that produce the financial related data, are secure enough, following the security best practices.

Performed IT Audits for companies in the financial, insurance, entertainment, manufacturing, telecommunications, computer, food, etc. industries.

Cyber Security (Internal & External) Audits.

Perform Cyber Security Audits / Gap Assessments for companies in the banking and gaming sector, acting as Internal or External Auditors / Advisors.

Provide recommendations for the mitigation of non-conformities or gaps.

System Audits.

Perform System Audits with accordance to the Malta Gaming Authority (MGA) requirements checklist to Online Gaming companies seeking licensing from Malta Government.