Sunteți pe pagina 1din 4

Panagiotis C. Kalantzis, CISSP, CISM, ISO2700LA

3 Veroias str, GR 14122, Athens, Greece +30 6980 335566 pkalantzis@gmail.com

STRATEGIC CYBERSECURITY LEADER & EXECUTIVE CONSULTANT Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Senior Subject Matter Expert

Over 13 years’ experience driving Information Security & Risk Management initiatives for leading telecom, banking, consumer/trade, and public sector organizations. Passionate about integrating risk into IT & business culture and appropriately aligning information security needs with business goals. Highly motivated and results-oriented experienced subject matter expert in Information Security and Cyber Defense, Information Security Vision & Leadership, C-Suite Collaboration, Business & Information Risk Management, Business Continuity & Disaster Recovery, Penetration Testing, IT Audit, Governance and Compliance. Demonstrated success record in:

Developing, implementing and leading comprehensive Information Security programs;

Designing, establishing and maintaining Information Security Management Systems, and Business Continuity, Disaster Recovery & Emergency Response frameworks ensuring compliance to industry standards, regulatory and legal requirements;

Designing and implementing Information Security awareness programs for employees leading to the development of a security awareness culture;

Designing and Delivering of various Information Security, Business Continuity and Risk Management training programs;

Managing vendors, partners, programs and resources

Delivering on time and budget complex Information Security & Risk Management projects.

CORE COMPETENCIES

• Cyber Security

• Vulnerability Management

• Enterprise Risk Management

• Regulatory Compliance

• Executive Training

• Information Security & Risk Management • Penetration Testing

• Business Continuity Management • Fraud Risk Management • Team Management & Coaching • Program & Project Management

• IT Audit & Assurance • Budgeting & Planning • Vendor Management

HIGHLIGHTED CAREER ACHIEVEMENTS

Information Security Strategy – Established the first Information Security function in MTN Cyprus and executed a strategic 3-year plan aimed to implement key tenants of the department.

Information Security Management System – Designed and maintained in MTN Cyprus the first – at group level – ISMS framework, in compliance with ISO/IEC 27000 standard.

Business Continuity Management – Designed and implemented in MTN Cyprus the first Business Continuity, Disaster Recovery and Emergency Response framework.

Data Privacy Protection (GDPR) Compliance – Designed a holistic DPP framework, applicable to Small/Medium and Enterprise organizations.

IT Audit – Successfully remediated ~88% of past outstanding IT Audit findings in first two years at MTN Cyprus.

ISO Standardization – Participated as Cyprus national representative at the international ISO/IEC JTC 1/SC 27 - IT Security techniques working group.

Research Activities – Participated as a Senior Subject Matter Expert in various national and European funded research projects.

Vendor Management - Due diligence of innovative vendors and niche technologies and startups for enriching service and product offering portfolio

Team Leading/Mentoring – Awarded as Y’elloStars Winner for the category of Knowledge Share.

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

PROFESSIONAL EXPERIENCE

Syntax IT, Greece Director, Information Security Governance, Risk & Compliance

As Information Security Governance, Risk & Compliance solution owner and practice leader, I am responsible of managing a team of 5 information security professionals for the provision of Enterprise Security Services & Solutions, creating value propositions for enterprise customers and ensuring project delivery, managing and expanding product and service offerings in the SYNTAX Territory. My responsibilities include:

Active participation in large-scale projects for multinational accounts acting as Project Manager for large and high profile engagements managing entire consulting process steps including pre and post- sales support, analysis, planning, design and implementation to provide solutions tailored to the client’s business strategy and IT needs;

Leading the pre-sales team developing strategic consulting opportunities in Consulting Services;

Budget formulation and execution;

Team building & coaching, reporting workflows & personnel KPIs;

Partner, contract, project, resource and SLA management;

Acting as CISO for internal ISO27000:2013.

AegIS Consulting, Greece & Cyprus

Information Security, Business Continuity, Governance, Risk, and Compliance Senior Associate

As a senior consultant / associate, I am actively involved in a wide range of engagements, including:

Governance, Risk & Compliance (GRC) engagements, including Risk Assessments, Business Continuity Planning, Cyber Security and Cyber Defense strategies, Corporate Security Policy, ISO/IEC 27001 design and implementation services, Incident Response planning;

Technical Security missions, such as Security Architecture Review, Web / Network / Infrastructure Penetration Testing, Vulnerability Assessments, Software Security Testing and Source Code reviews ;

Design and delivery of Professional Certification training programs, as well as security awareness sessions;

Participation as a Subject Matter Expert in various national and European funded research projects;

09/2015 – Today

10/2013 – 08/2015

Project management and supervision of information security engagements;

Vendor Management, Business Development and Presales activities focusing on large enterprises in Financial, Telecommunications and Retail business sectors.

MTN Cyprus, Cyprus Business Risk Management &Internal Audit Head

Headed the independent function - reporting directly to CEO and the Audit & Risk Committee - designed to add value and improve control systems and governance within MTN Cyprus operation, by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the business and its risk management, control and governance. Duties and responsibilities, as Head of the Department, included:

Providing guidance and leadership in the business risk management area, serving as an internal risk consultant to management providing with risk management insights relevant to the Operation strategic priorities; drive implementation of risk management;

Ensuring coherence and alignment across all business units of the operation regarding Business Risk Management & Internal Audit processes;

01/2013 – 08/2013

Ensuring alignment with the Group Business Risk Management strategy and framework;

Provide Internal Audit assurance via development and acceptance of an annual audit plan; provide effective and independent internal audit services; communicate audit results effectively; monitor progress on the implementation of audit recommendations;

Implementing effective fraud prevention and investigation mechanisms, investigating reported cases of fraud and/or corruption where applicable and report results to relevant management;

Prepare proper budgets and introduce financial management discipline for BRM activities; manage direct reports.

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

Achievements

Influenced and encouraged the management team so that it sees the necessity and the need to have an effective functioning Business Risk Management framework in place and accept responsibility for implementing effective governance, risk management and control;

Empowered key stakeholders through training, open communication and interpersonal relationships;

Designed and implemented an Internal Financial Controls (IFC) framework and the respective assessment methodology as well as the respective audit program;

Designed a Segregation of Duties (SOD) assessment framework and coordinated the respective audit program;

Designed and implemented a pioneering – at MTN Group level – Customer Experience (CX) assessment framework as well as the respective audit program.

MTN Cyprus, Cyprus Information Security & Risk Manager

Served as an Information Security & Risk Manager with extensive responsibilities in Information Security, Governance, Risk Management, Business Continuity, and Disaster Recovery principles. My main duties included:

Designing, establishing, and implementing an effective Corporate Information Security Management System, ensuring compliance to industry standards including all Cypriot and European regulatory and legal requirements (e.g. Data Protection and ISO/IEC 27001), leading to the empowerment of a risk culture;

Establishing and maintaining a Business Continuity, Disaster Recovery and Emergency Response framework;

Managing of risk and control processes (Identification, Confirmation, Analysis, Remediation and Mitigating actions reviews) to ensure that risks are managed appropriately;

Carrying out regular monitoring and ad-hoc testing of the operational effectiveness of the information security framework, including the execution of Risk Assessments on information security issues and market trends and developments, Security Audits, Penetration Tests and Technical Vulnerability Assessments;

Establishing an information security awareness program for employees leading to the development of a security awareness culture;

Designing and implementing a process within the organization to classify and manage assets and information in line with information security standards;

Creating actionable enterprise information security metrics on departmental and enterprise level;

Coordinating information security related projects;

Achievements

Established the Information Security Department and executed a strategic plan aimed to implement key tenants of the department over the past 3 years;

Designed, established and maintained in MTN Cyprus the first - in group level - ISMS framework, in compliance with ISO/IEC 27000 standard;

Designed established and maintained in MTN Cyprus the first Business Continuity, Disaster Recovery and Emergency Response framework;

Involved as a subject matter expert, at MTN Group level, in the design and development of an ISO27000 compliant MTN Group Information Security Management System (ISMS);

01/2010 – 08/2013

Awarded as Y’elloStars Winner for the category of Knowledge Share;

Within two years, successfully remediated ~88% of past year outstanding IT Audit findings.

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

KPMG Greece, Greece Assistant Manager / Supervising Senior Advisor

Served as an Assistant Manager in the Information Risk Management (IRM) department focusing in the areas of Information Security & Compliance:

Leading client engagements in all industry sectors, providing IT & Business Risk services and contributing in the development and growth of the firm’s IRM practice;

Provisioning of advisory services for the design, development, implementation and assessment of enterprise security architectures, GRC and Risk Assessment tools and methodologies;

Provisioning of services for the implementation of Information Security Management Systems (in line with ISO27001/27002) and Business Continuity and Disaster Recovery frameworks;

Provisioning of services in the areas of information security assessment, penetration testing and vulnerability assessment, internal audit and compliance (PCI-DSS, SOX) for a number of clients;

Coordinating the specification writing, planning, budgeting and overall supervision of the biding and tending process of potential future engagements in the public and private sector;

Coordinating the planning, scoping, bench marking, time & budget, and overall managing the external IT audit of General IT/Application Control assurance testing and data analytics (CAATs).

09/2008 – 11/2009

Trasys SA, Belgium Senior Information Security Consultant

As a senior member of the Information Security practice, I was involved in a wide range of activities, including:

Risk Management engagements, including Risk Assessments, Business Continuity Planning, Corporate Security Policy / Process Development, ISO27001 design and implementation services;

Advisory and Consulting missions, including Feasibility Studies and Corporate Organization Consulting;

Technical Security missions, such as Web / Network / Infrastructure Penetration Testing, Security Architecture Review, Critical Infrastructure Physical and Information Security Studies, Study EU Member States and Agencies secure connectivity requirements;

Project management and supervision of information security projects;

Business Development and Presales activities.

Greek Yellow Pages, Greece Web Application Developer

Athens 2004 Olympic Games, Greece Data Network Specialist

OTE SA, Greece Information Systems Security Researcher

03/2007 – 09/2008

01/2005 – 03/2007

06/2004 – 11/2004

07/2003 – 06/2004

PROFESSIONAL CERTIFICATIONS

Certified Information Security Manager (CISM), Information Systems Audit and Control Association (ISACA), 2016 ISO27001 Lead Auditor, International Register of Certificated Auditors (IRCA), 2016 Certified Information System Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC)², 2015 Certified Risk Manager (CRISK), Information Systems Audit and Control Association (ISACA), 2011 - Retired Certified Business Continuity Institute (CBCI), Business Continuity Institute, 2010 - Retired Certified Hacking Forensics Investigator (C|HFI), EC-Counsil, 2003 - Retired Certified Ethical Hacker (C|EH), EC-Counsil, 2003 - Retired

EDUCATION

Master of Science in Information Systems, Athens University of Economics and Business, Greece, 1999 Bachelor of Science in Mathematics, University of Patras, Greece, 1998