Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Name Davydych Viktor Mobile Phone: +3 8 066 546 70 77 E

advertisement 
Name
Davydych Viktor
Mobile Phone:
+3 8 066 546 70 77
E-mail:
viktor.davydych@gmail.com
Skype
viktor.davydych
Citizenship:
Ukrainian
Date of birth:
19.09.1986
Family:
single
Duties
IT Security Manager
Purpose
Implement own experience in building up and maintaining effective security system in accordance with international
standards and best practice.
Education
2011 - MBA “Peoples' Friendship University of Russia”, "Enterprise management".
2010 - Master`s Degree of National Technical University of Ukraine «Kiev Polytechnic University», major - « Information
security in computer systems and networks ».
2009 - International Finance Institute of Ukraine, «Management of small and medium business».
Advanced trainings
-ISO 27001:2005 (BSI).
-CISCO IPS 6.0.
-CISCO: CCNA Exploration.
-Microsoft: M2823 (Microsoft Windows Server 2003 based network security administration).
-«Qualys Guard» installation and operation.
-Certified Professional Coach (International coaching academy, ECF & ACSTH Compliance).
-PMI (Project Management Institute) – “Management of project”.
Work Experience
«IT Outsourcing» (Kyiv, Head Office) - Chief Information Security Officer – Since November 2013
Areas of responsibility:
- Implementation of IT security and Physical security process, as well as best practices and standards (PCI DSS, ISO, ITIL).
- Examined risk assessment and developed a set of documents.
- Employees training and testing system.
Results and achievements:
- regulatory documents has been worked out.
- Developed and implemented security processes.
- Implemented the process of briefings and inspections.
Since March 2012 – Chief Information Security Officer at «Goloseevo-K» (Kiev).
Areas of responsibility:
- building up information security system
- work out of regulatory documents.
- Analysis of the requirements for the electronic payment system.
Results and achievements:
- regulatory documents has been worked out.
- Developed and implemented security processes.
- Implemented the process of briefings and inspections.
May 2011 – February 2012 - Chief Information Security Officer at “OK Processing” (Moscow).
Areas of responsibility:
- Information security.
- Card Security.
- Physical Security.
- Audits of payment systems.
Results and achievements:
- The company has been conformed with the standards of PCI DSS 2.0, VISA & MASTERCARD Security and successfully
passed all three audits. (The audit was performed by companies from the U.S., Hong Kong and Russia).
Developed:
Regulatory documentation, including the requirements of all three standards for payment systems, in informational, physical
and card security aspects, as well as the standards of Russia.
- Employees training and testing system.
- Periodic system and configuration check on compliance.
System of physical access control, video surveillance, alarm systems, panic buttons, motion detectors, fire alarm systems,
window alarm.
Security zones of improved security.
Implemented
-
Informational, physical and card security processes.
Secure printing of payment cards and PIN envelopes.
Safe use and storage of critical data card.
Control for printing cards.
December 2010 – May 2011 - “EVRAAS.IT” (Moscow, Head Office).
Areas of responsibility:
- Conduct audits on compliance with the international standards of PCI DSS and expert audit.
- Development of regulatory documents and methods of audit procedures.
- Development of automation network vulnerability management and compliance.
Results and achievements:
- Conducted more than 5 audits to ensure compliance with PCI DSS as an auditor and manager of the project (in Russia and
Azerbaijan).
- Worked out "Methodology of the peer audit" and terms of reference for automation control network vulnerabilities and
compliance.
October 2008 – November 2010 Senior network security engineer of IT security department at “OTP Bank” (Kyiv, Head
Office).
Areas of responsibility:
- Support for information security: ArcSight, IBM IDS, Qualys, Nessus, WebSence, Retina, MBSA.
- Development of regulatory documents, in particular the " Informational Network Policy of OTP Bank."
- Project management for the implementation of security systems: ArcSight, Qualys, WebSence.
- Employee instruction on security rules of the Bank.
- Providing consult during the audits on compliance with international standards.
Results and achievements:
- Building up a network vulnerability management system, that reduced the number of vulnerabilities in IT systems in more
than 10 times.
- Implementation of the system of collection and correlation of data allowed to reveal more than 100 disloyal employees.
- A system of writing test cases for software testing on safety compliance has been implemented.
- Revealed and investigated several episodes of illegal activities.
- Instructed several hundred employees.
June 2007 – October 2008 IT Security Manager at «IMU» more than 800 employees, 5 geographically distributed offices.
Areas of responsibility:
- Management of Information Security (3 persons).
- Development, implementation and monitoring of security processes, development of regulatory documents.
- Conduct investigations.
- Manage access to resources.
- Audit.
Results and achievements:
- Building up Information Security from scratch. Working out of regulatory documents.
- Development and implementation of an access control system and performance indicators (KPI). As a result, the
efficiency of accesses has been increased 5 times.
- Conduct audits, briefings and implementation of testing. The number of unintentional security breaches has been
decreased 3 times.
- Implementation of network vulnerabilities control. As a result, the number of vulnerabilities in the systems has been
decreased 7 times.
Completed Projects
- Bringing the company to compliance with the requirements of PCI DSS 2.0 standard, VISA and MASTERCARD logical and
physical requirements (Project Team - 10 internal staff people and involved auditors from USA, Hong-Kong and Moscow. The
projects are successfully completed).
- Implementation of the system of collection and event correlation of information security (SIEM). (Project team - 11 people,
number of operated system types - 12, the number of event source types - more than 10 000. The project was successfully
completed).
- Work out of vulnerability management and implementation of the system (QualysGuard, Nessus). (Project Team - 4 people,
operated systems (servers, PCs) - 4000. The project was successfully completed.).
- Work out of access control to internal systems of the company and the implementation of (ServiceDesk). (Project Team - 5
people, clients base - 500. The project was successfully completed.).
- Implementation of the control system Web-access and antivirus protection (GFI). (The project team - 3 persons, clients
base- 1000. The project was successfully completed.).
Cards security
Working out:
-Secure printing process of payment cards and PIN printing.
-System of processing and storage of card data.
-Logging processes of card. Developing journals and regulation documents.
-Investigation and prevention of card fraud incidents.
- Communicating with VISA and MASTERCARD in cases of fraud investigation and suspicion of fraud.
Physical security
- Structure development and implementation of:
-Physical access control.
-Video surveillance systems.
-Alarms.
-Security systems in the improved security area.
-Regulations and controls of physical security.
Audit
Completed:
- PCI DSS 1.2.1 – “Millikart”(Baku, Azerbaijan).
- PCI DSS 1.2.1 – “System maintenance” (Moscow, Russia).
- Involvement in projects as an auditor, the chief specialist and the development manager of audit performance on
compliance with standards: ISO 27001, PCI DSS and expert audit.
- Document work out: «Technique of performance of expert audit». .
- Development the plan-schedule of operations and writing of reports.
Management skills
- Managing security team with 3 subordinates. The development and task setting to subordinates, task execution monitoring.
- Managing the department of physical security (4 subordinates). Setting and monitoring tasks.
- Development and implementation of effectiveness indicators - KPI.
- Working out and amendment of existing policies and procedures that regulate aspects of information security, control on
the implementation and further execution.
- Cooperation with internal and external departments for the joint achievement of the objectives.
- Conduction of periodic briefings on information security for employees.
- Experience in the investigation of information security incidents.
- Providing consult of the CEO of the company in security matters.
Technical skills
Operating experience of:
Installation, tuning, administration of Windows (2003/2008), DNS, DHCP, Active Directory.
Microsoft SCOM, SMS, WSUS.
Installation and administration PKI infrastructure (Microsoft PKI).
Installation and operating of Symantec, McAfee, Nod32, Kaspersky, DrWeb report analysis.
Network scanners XSpider, Qualys, Nesus, Retina, MBSA, IBM ISS (PES).
Installation and administration of IBM IDS system, Cisco IPS, internet traffic control system Websense, GFI Monitor.
Use Device Lock, Zlock access control systems.
Outpost, Kerio Win Route, User Gate proxy-servers and firewalls.
Set up CISCO routers and switch, routing protocol (RIP, OSPF, etc), VLAN configure, VTP protocol, etc.
ОS Red Hat, Debian, Kubuntu (basic skills).
Tickets processing system in IT security – Service Desk, Jira, RT.
- Working out technical projects for writing following systems modules:
- Company resources access monitoring system (IDM).
- Automatic audit in compliance with standards: ISO 27001, PCI DSS.
Legislative base
- Practical skills of calculating loss and costs by the method of hierarchal analysis.
- ISO 27005, ISO 27001 based risk classification work out.
-Usage the following standards:
ISO / IEC 27001 - ISO / IEC 27005, BS 25999, PCI DSS, SOX, Basel II, NIST(800-40).
- Familiar with the standards:, ITIL, COBIT.
- Familiar with the state standards of the Ukraine, the requirements of regulatory documents (DSTU 3396.0-96, DSTU 3396.196, etc.), as well as the requirements of Russian law.
Languages
- Russian, Ukrainian – fluent
- English - intermediate
In addition.
I have a wide range of professional contacts in the CIS countries.
Publish articles in professional journals in CIS: «Inside», «CIO», «Personal data", "Carte Blanche".
Speaking at conferences on topical issues of information security (Infosecurity, INFOBEZ, Russian CIO forum, IDC IT Security
Roadshow).
I have experience in consulting and sales of security services.
Interested in international certifications: CISA, CISM (ISACA).
Have a driver's license category B. Possible long trips abroad.
Focused on goals achieving. Fond of team sports and travel.
Personal professional blog: davydych.blogspot.com
Professional profile in Linkedin: http://www.linkedin.com/pub/viktor-davydych/16/989/523
Related documents
Gathering and using information extracted and integrated from
Gathering and using information extracted and integrated from
Cubilis by Stardekk
Cubilis by Stardekk
cts-software-engineer-junior
cts-software-engineer-junior
System Integration Engineer
System Integration Engineer
ISO 27002 vs PCI DSS 3.0
ISO 27002 vs PCI DSS 3.0
Departmental Procedures for Acceptance of Payment Cards
Departmental Procedures for Acceptance of Payment Cards
PCI DSS - National Bank of Dominica
PCI DSS - National Bank of Dominica
Infant Staff Classroom Orientation Checklist
Infant Staff Classroom Orientation Checklist
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
Software Engineer
Software Engineer
Download
advertisement