Key tasks: 1. building an information security architecture (including ISPD, CII, CT, Industrial cluster); 2. deployment and administration of information security systems; 3. support of all integration projects, participation in acceptance works, implementation control, within the competence; 4. finding and eliminating vulnerabilities in the configuration of network equipment and information services; 5. Information security incident management; 6. managing changes and configurations of information security tools; 7. business process development; 8. development of organizational and administrative documentation on information security of the institution (instructions, regulations, etc.); 9. consulting support of employees in terms of installation, configuration and control of the functioning of information security tools. 10. Interaction with state bodies exercising control in the field of information protection (RCN, FSTEC, FSB (including Sector 9 in the field of data exchange regime with GIS GOSSOPKA)). Key results: 1. ensured the successful implementation of the following information security projects, including: - development of the SIEM system based on the open source product Wazuh; - implementation of a system for monitoring the operability of information security protection tools based on Kibana; - recovery and launch of the OpenVAS-based vulnerability control system from 0; - Development of automated control system rules based on the OSSEC protocol; 2. developed methodological and regulatory documentation in the direction of information security; 3. participated in the development/updating of the Playbook (description of procedures for responding to information security incidents, implementation of control mechanisms). 4. participated in the field of import substitution 5. the strategy for the agrocluster in the field of information protection was worked out and implemented 6. The principles of OSSTMM (Open Source Security Testing Methodology Manual) were implemented, and implementation based on controls (more than 1000 control points) was also carried out

Key tasks: Building an information security architecture; Business process development; Development of organizational and administrative documentation on information security of the institution (instructions, regulations, etc.); Elaboration of unique techniques, namely: Elaboration of methods for ensuring trade secrets; Elaboration of the methodology for the implementation of the PCI-DSS Apex standard. Ab BQ-A Elaboration of the internal audit methodology in accordance with the requirements of the international standard Consulting support of employees in terms of installation, configuration and control of the functioning of information security tools. • Key results: The developed ORD and NSD allow us to create a unified and unified approach to determining the degree of compliance of organizations/branches of PJSC Rostelecom; • The developed methodology calculates the level of maturity of information security systems processed within the responsibility of departments; • The developed methodology calculates the degree of criticality of the business units of PJSC Rostelecom in the field of ensuring the continuity of economic activity; • The developed methodology calculates the level of the information security index within the framework of the development strategy; • The developed methodology makes it possible to identify and develop compensating measures if it is impossible to implement a set of software and hardware and organizational measures aimed at protecting information. • An approach has been developed to minimize the costs of information security tools • An approach has been developed to assess the degree of financial risk

Key tasks: 1. building an information security architecture; 2. deployment and administration of information security systems; 3. support of all integration projects, participation in acceptance works, implementation control; 4. finding and eliminating network vulnerabilities; 5. incident management; 6. managing changes and configurations of information security tools; 7. business process development; 8. development of organizational and administrative documentation on information security of the institution (instructions, regulations, etc.); 9. consulting support of employees in terms of installation, configuration and control of the functioning of information security tools. Key results: 1. Ensured the successful implementation of 15 information security protection projects, including: - implementation of SAP S4/Hana modules (full cycle, including risk analysis); - implementation of a system for monitoring the operability of information security protection tools; - recovery and launch of the vulnerability control system based on MaxPatrol from 0 level, including reverse black-hat; - implementation of a two-factor authentication system based on Buytex; 2. developed methodological and regulatory documentation in the direction of information security for 185 companies that are part of the holding; 3. Participated in the development/updating of the Incedents Playbook (description of procedures for responding to IS incidents).

• Developed and implanted Information and IT asset management framework for one of TOP-10 Russian Banks. • Developed and implanted IT asset management policy and procedure for one of TOP-50 insurance companies. • Developed and facilitated training and education materials for one of TOP-5 medical equipment manufacture company regarding personal data protection in Russian Federation. • Validated automated systems access against HIPAA compliancy. • Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. Participated in PCI-DSS ver. 1.3 preparation and certification project with 2 Russian Banks. • Participated in СТО БР ИББС preparation project with BARS Finance company. • Developed and implemented global policies, business process controls, security and standards to meet the requirements of Personal Data Protection Law and European Community PDA Directive. • Ensured clients company's key internal security controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law. • Participated in developed of strategic plan for ISO 27001 certification for client companies, internal audit and supported them in preparation for external audit. • Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. • Participated in Fraud Risk assessment project in one of top-10 insurance companies. • Provided risk management assessments, security practices and procedures and solutions. • Developed and implemented global policies, business process controls, security and standards to meet the needs of the Global IT and Business organizations. • Developed Governance, Risk, and Compliance (GRC) methodology and strategic plan for TOP-5 clients. • Developed and implemented IT Investigation Process. • Developed and implemented BCM strategy at clients suite. • Conducted internal investigations based on internal security incident management procedure. • Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. • Ensured the company's key internal controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law. • Developed a strategic plan for ISO 27001 certification in 2012 for an insurance company.

• Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. Participated in PCI-DSS ver. 1.3 preparation and certification project with Russian Banks. • Developed and implemented global policies, business process controls, security and standards to meet the requirements of Personal Data Protection Law. • Ensured clients company's key internal security controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law. • Participated in developed of strategic plan for ISO 27001 certification for client companies, internal audit and supported them in preparation for external audit. • Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. • Provided risk management assessments, security practices and procedures and solutions. Developed and implemented global policies, business process controls, security and standards to meet the needs of the Global IT and Business organizations. Developed and implemented IT Investigation Process.

• Developed and implemented global policies, business process controls, security and standards to meet the requirements of Personal Data Protection Law. • Ensured clients company's key internal security controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law. • Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. • Provided risk management assessments, security practices and procedures and solutions. • Instrumental in the establishment, implementation and monitoring of the company compliance program based on GAZPROM requirements.

o Developed complex information protection solutions based on client requirements o Participated in presentations of solutions to clients. o Information security project support

• Developed complex information protection solutions based on client requirements • Participated in presentations of solutions to clients. Information security project support • Ensured clients company's key internal security controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law. • Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. • Provided risk management assessments, security practices and procedures and solutions.

• Developed, implemented and monitored company information security program. • Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement. • Conducted internal investigations based on internal security incident management procedure. • Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion. • Ensured the company's key internal controls are designed effectively, documented and operating effectively to meet the requirements of the clients and Russian and international Law.