Fulfilling the role of Information security officer
- Preparing and updating policy concerning information security and IT operation
- Accomplishment of legal compliance audits,
- Verification of IT systems and their control processes,
- Conducting IT risk assessments,
- Regular IT security reports for owners, upper management and internal auditors
- Information security trainings,
- Inspection and handling of security incidents.
Preparation for and accomplishment of IT audits
- General controls review (GCR)
- Application audits (ASA)
- Necessary preparation for obtaining the ISO27001 certificate
- Legal compliance audits (in compliance with the Act on Credit Institutions and Financial Enterprises,
- Information Security Management Act)
- SOX audit
- PCI-DSS preparation and audit
IT risk analyses
- Identification of critical business processes and their selection for risk analysis,
- Identification of security-related weak points of the IT system elements,
- Tests concerning the existence and the operational compliance of security controls,
- Conformity check of regulations and their application in practice,
- Preparation of risk analysis reports.
Preparation and verification of regulatory elements
- Information security policy
- Information security strategy
- User right management procedures
- Change-management procedures
- Incident-management procedures
- Business continuity plans and disaster recovery documents