Page 1/6 - Curriculumvitae of

Kalantzis Panagiotis
Curriculum Vitae
Personal information
Surname / First name
Kalantzis Ch. Panagiotis
Address / Telephone / E-mail /
Social
3 Veroias str, GR 14122, Athens, Greece/ +30 6980 335566/ pkalantzis@gmail.com/ Online
profile at http://www.linkedin.com/in/pkalantzis
Summary/ Info/ Key
Achievements
Over 11 years experience driving Information Security & Risk Management initiatives for leading
telecom, banking, consumer/trade, and public sector organizations. Passionate about integrating
risk into IT & business culture and appropriately aligning information security needs with business
goals. Experienced in Information Security and Cyber Defense, Business & Information Risk
Management, Business Continuity & Disaster Recovery, Penetration Testing, and IT Audit.
Demonstrated success record in:
Developing, implementing and leading comprehensiveInformation Security programs;
Designing, establishing and maintainingInformation Security Management Systems,
ensuring compliance to industry standards, regulatory and legal requirements;
Establishing and maintainingBusiness Continuity, Disaster Recovery andEmergency
Response frameworks;
ImplementingBusiness Risk Management frameworks, to identify business risks and
guide management to define risk appetite;
Establishing and maintainingFraud Management frameworks, implementing fraud
prevention and investigation mechanisms mitigating the fraud risk to acceptable risk level;
Designing and implementinginformation security awareness programs for employees
leading to the development of a security awareness culture;
Delivering on time and budget complex Information Security & Risk Management projects.
Highlighted Career Achievements:
Information Security Strategy Established the first Information Security function in MTN
Cyprus and executed a strategic 3-year plan aimed to implement key tenants of the
department.
Information Security Management System Designed and maintained in MTN Cyprus
the first at group level ISMS framework, in compliance with ISO/IEC 27000 standard.
Business Continuity Management Designed and implemented in MTN Cyprus the first
Business Continuity, Disaster Recovery and Emergency Response framework.
Enterprise Risk Management Designed and implemented in MTN Cyprus the first
Internal Financial Controls (IFC) framework and the respective assessment methodology as
well as the first holistic Customer Experience (CX) Assessment methodology.
IT Audit Successfully remediated ~88% of past outstanding IT Audit findings in first two
years at MTN Cyprus.
ISO Standardization Participating as Cyprus national representative at the international
ISO/IEC JTC 1/SC 27 - IT Security techniques working group.
Research Activities Participating as a Senior Subject Matter Expert in various national
and European funded research projects.
Team Leading/Mentoring Awarded as YelloStars Winner for the category of Knowledge
Share.
Nationality / Date of birth / Gender Greek / 30.10.1975 / Male
Page 2/6 - Curriculumvitae of Kalantzis
Panagiotis
Work experience
Dates October 2013Today
Occupation or position held Information Security, Business Continuity, GRC and Audit Senior Consultant
Main activities and responsibilities As a senior consultant / freelancer, I am actively involved in a wide range of engagements,
including:
Governance, Risk & Compliance (GRC) engagements, including Risk Assessments,
Business Continuity Planning, Cyber Security and Cyber Defense strategies, Corporate
Security Policy, ISO/IEC 27001 design and implementation services, Incident Response
planning;
Technical Security missions, such as Security Architecture Review, Web / Network /
Infrastructure Penetration Testing, Vulnerability Assessments, Software Security Testing and
Source Code reviews ;
Design and delivery of various Professional Certification training programs, as well as
general security awareness sessions;
Participation as a Subject Matter Expert in various national and European funded research
projects;
Project management and supervision of information security engagements;
Business Development and Presales activities focusing on large enterprises in Financial,
Telecommunications and Retail business sectors.
Name and address of employer Freelance Consulting, Greece & Cyprus
Type of business or sector Management and Technology Consulting
Work experience
Dates January 2013August 2013
Occupation or position held Business Risk Management &Internal Audit Head
Main activities and responsibilities Headed the independent function- reporting directly to CEO and the Audit & Risk Committee-
designed to add value and improve control systems and governance within MTN Cyprus
operation, by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of the business and its risk management, control and governance. Duties and
responsibilities, as Head of the Department, included:
Providing guidance and leadership in the business risk management area, serving as an
internal risk consultant to management providing with risk management insights relevant to
the Operation strategic priorities; drive implementation of risk management;
Ensuring coherence and alignment across all business units of the operation regarding
Business Risk Management & Internal Audit processes;
Ensuring alignment with the Group Business Risk Management strategy and framework;
Provide Internal Audit assurance via development and acceptance of an annual audit plan;
provide effective and independent internal audit services; communicate audit results
effectively; monitor progress on the implementation of audit recommendations;
Implementing effective fraud prevention and investigation mechanisms, investigating
reported cases of fraud and/or corruption where applicable and report results to relevant
management;
Prepare proper budgets and introduce financial management discipline for BRM activities;
manage direct reports.
Key Achievements Influenced and encouraged the management team so that it sees the necessity and the
need to have an effective functioning Business Risk Management framework in place and
accept responsibility for implementing effective governance, risk management and control;
Empowered key stakeholders, through training, open communication and good interpersonal
relationship;
Designed and implemented an Internal Financial Controls (IFC) framework and the
respective assessment methodology as well as the respective audit program;
Designed a Segregation of Duties (SOD) assessment framework and coordinated the
respective audit program;
Designed and implemented a pioneering at MTN Group level Customer Experience (CX)
assessment framework as well as the respective audit program.
Name and address of employer MTN Cyprus87 Kennedy Avenue, 1077 Nicosia, Cyprus
Type of business or sector Telecommunications
Page 3/6 - Curriculumvitae of Kalantzis
Panagiotis
Dates January 2010- August 2013
Occupation or position held Information Security Risk Manager at MTN Cyprus
Main activities and responsibilities Served as an Information Security & Risk Manager with extensive responsibilities in Information
Security, Governance, Risk Management, Business Continuity and Disaster Recovery principles.
My main duties included:
Designing, establishing, and implementing an effective Corporate Information Security
Management System, ensuring compliance to industry standards including all Cypriot and
European regulatory and legal requirements (e.g. Data Protection and ISO/IEC 27001),
leading to the empowerment of a risk culture;
Establishing and maintaining a Business Continuity, Disaster Recovery and Emergency
Response framework;
Managing of risk and control processes (Identification, Confirmation, Analysis, Remediation
and Mitigating actions reviews) to ensure that risks are managed appropriately;
Carrying out regular monitoring and ad-hoc testing of the operational effectiveness of the
information security framework, including the execution of Risk Assessments on information
security issues and market trends and developments, Security Audits, Penetration Tests and
Technical Vulnerability Assessments;
Establishing an information security awareness program for employees leading to the
development of a security awareness culture;
Designing and implementing a process within the organization to classify and manage
assets and information in line with information security standards;
Creating actionable enterprise information security metrics on departmental and enterprise
level;
Coordinating information security related projects;
Key Achievements Established the Information Security Department and executed a strategic plan aimed to
implement key tenants of the department over the past 3 years;
Designed, established and maintained in MTN Cyprus the first - in group level - ISMS
framework, in compliance with ISO/IEC 27000 standard;
Designed established and maintained in MTN Cyprus the first Business Continuity, Disaster
Recovery and Emergency Response framework;
Involved as a subject matter expert, at MTN Group level, in the design and development of
an ISO27000 compliant MTN Group Information Security Management System (ISMS);
Awarded as YelloStars Winner for the category of Knowledge Share;
Within two years, successfully remediated ~88% of past year outstanding IT Audit findings.
Name and address of employer MTN Cyprus87 Kennedy Avenue, 1077 Nicosia, Cyprus
Type of business or sector Telecommunications
Dates September 2008 toNovember 2009
Occupation or position held Assistant Manager / Supervising Senior Information Security Advisor at KPMG S.A.
Main activities andresponsibilities Served as an Assistant Manager in the Information Risk Management (IRM) department focusing
in the areas of Information Security & Compliance:
Leading client engagements in all industry sectors, providing IT & Business Risk services
with a focus on information security and contributing in the development and growth of the
firms IRM practice;
Provisioning of advisory services for the design, development, implementation and
assessment of enterprise security architectures, GRC and Risk Assessment tools and
methodologies;
Provisioning of services for the implementation of Information Security Management
Systems (in line with ISO27001/27002) and Business Continuity and Disaster Recovery
frameworks;
Provisioning of services in the areas of information security assessment, penetration testing
and vulnerability assessment, internal audit and compliance (PCI-DSS, Sarbanes Oxley) for
a number of clients;
Coordinating the specification writing, planning, budgeting and overall supervision of the
biding and tending process for requests for tenders/proposals of potential future
engagements in the public and private sector;
Coordinating and preparing the planning, scoping, bench marking, time & budget, and
overall managing the external IT audit of General IT/Application Control assurance testing
and data analytics (CAATs).
Name and address of employer KPMG S.A. - 3 Stratigou Tombra Street, Ag. Paraskevi, 153 42, Athens, Greece
Type of business or sector Information Security Advisory/Auditing
Page 4/6 - Curriculumvitae of Kalantzis
Panagiotis
Dates March 2007 to February 2008 (in Greece), February 2008 to September 2008 (in Belgium)
Occupation or position held Senior Information Security Consultant / Security Specialist at Trasys S.A.
Main activities and responsibilities As a senior member of the Information Security practice, I was actively involved in a wide range
of activities, including:
Risk Management engagements, including Risk Assessments, Business Continuity
Planning, Corporate Security Policy / Process Development, BS7799 / ISO27001 design and
implementation services;
Advisory and Consulting missions, including Feasibility Studies and Corporate Organization
Consulting;
Technical Security missions, such as Web / Network / Infrastructure Penetration Testing,
Security Architecture Review, Critical Infrastructure Physical and Information Security
Studies, Study EU Member States and Agencies secure connectivity requirements;
Project management and supervision of information security projects;
Business Development and Presales activities.
Name and address of employer Trasys Greece - IT Services - 113 Sevastoupoleos Str. 11526, Athens, Greece
Trasys Belgium - IT Services - Terhulpsesteenweg 6C, Hoeilaart 1560, Belgium
Type of business or sector Information Security Consulting
Dates January 2005 to March 2007
Occupation or position held Web Application Developer at Greek Yellow Pages (former InfOTE S.A.)
Main activities and responsibilities Being part of the Information Technology department team, I was actively involved in all phases
of the Development Life Cycle of the company's major IT projects. Specifically, I leaded the
introduction of Secure Development Life Cycle (SDLC) principles and methodologies and
embodiment into everyday activities. I participated in the analysis of the company's business
requirements as well as technical requirements, and design of technical solutions, delivering
secure architecture designs for the hosting and the development of the company's projects.
Name and address of employer Greek Yellow Pages- 184 Michalakopoulou St. 11527, Athens, Greece
Type of business or sector Internet ServicesDirectory Services
Dates June 2004 to October 2004
Occupation or position held Data Network Specialist
Main activities and responsibilities As an experienced member of the Data Network Team I was responsible for the setup and
everyday operation of the networking infrastructure of specific event venues. More specifically, I
played a key role in management of network equipment and verification that they are in alignment
with the predefined security and performance specifications, while executed security and
performance auditing of established network connections.
Name and address of employer Athens 2004- subcontracted by Atos Origin
Type of business or sector Information Systems Services Sport Games
Dates September 2003 to June 2004
Occupation or position held Information Systems Security Researcher
Main activities and responsibilities Participated as a senior researcher in the "PASO- PKI Applications and Security for OTE"
project, playing a key role in the business requirement and technical specifications analysis, as
well as the design of the PKI platform. Led the team undertaking the installation and configuration
of the PKI platform solution. Supervised the drafting and assured of the quality of deliverables
concerning normative and technical issues of PKI.
Name and address of employer Hellenic Telecommunications Organization
Type of business or sector Telecommunications
Page 5/6 - Curriculumvitae of Kalantzis
Panagiotis
Education
Dates September 1998 to December 1999
Title of qualification awarded Master of Science (MSc) in Information Systems
Principal subjects Emphasis on Information Security
Name of organization Athens University of Economics and Business- Department of Informatics
Dates September 1993 to February 1998
Title of qualification awarded Bachelor of Science (BSc) in Mathematics
Principal subjects Emphasis on Informatics and Computational Mathematics
Name of organization University of Patras- Department of Mathematics
Certifications
March 2014 ISO/IEC 27001 Lead Implementer/Auditor / PECB
March 2014 ISO/IEC 22301 Lead Implementer/Auditor / PECB
January 2014 Certified Forensic Lead Examiner / PECB
March 2013 Certified Trainer / PECB
January2013 Certified ISO/IEC 31000/27000 Risk Manager / PECB
September 2011 Certified in Risk and Information Systems Control (CRISK) / ISACA
March2011 Certified Information Security Manager (CISM) / ISACA
March2011 Certified Information Systems Auditor (CISA) / ISACA
May 2010 Certified Business Continuity Practitioner (CBCI) / BSI Passed Exam with Merit
January2010 Certified Information Systems Security Professional (CISSP) Associate / ISC
November 2006 Computer Hacking Forensic Investigator (C|HFI) / EC-Council - Retired
November 2006 Certified Ethical Hacker (C|EH) / EC-Council - Retired
June 2004 CISCO Certified Network Associate (CCNA) / CISCO- Retired
Trainings and Seminars
January 2014 Certified Lead Forensic Examiner (CLFE) Preparation Course
December 2011 Introduction to Insurance Risk Management
November 2011 Introduction to Fraud Risk Management
November 2011 Introduction to Enterprise Risk Management
July 2010 Leading Bold Change Workshop
May 2010 BCI Business Continuity Training Course
March2009 Introduction to Telecoms
December 2008 Microsoft Products Technology & Security Features
November 2006 EC-Councils Computer Hacking Forensic Investigator training course
October 2006 EC-Councils Certified Ethical Hacker training course
August 2005 University of Aegean- Intensive Programme on Information and Communication Security (IPICS)
June 2004 CISCOs Interconnecting Cisco Network Devices (ICND) training course
June 2004 CISCOs Introduction to Cisco Networking Technologies (INTRO) training course
June 2004 Athens University of Economics and Business- Research Methodology Seminar
Publications /
Presentations
May2014 ADVENT: A System Architecture for Advanced Monitoring of Elders with Chronic Conditions - 7
th
International Conference on Pervasive Technologies Related to Assistive Environments
October 2013 Free Microsoft Security Tools for Developersfor CWABlog Publication
July 2013 10 Common Information Security Web Application Vulnerabilities (and mitigation guidelines) for
CWA Blog Publication Series
April 2008 Encrypt your emails for Linux Magazine (Greek)
February 2008 Joomla- Set it upwith Security for LinuxMagazine (Greek)
June 2002 Information Warfarefor School of Research and Informatics Officers of the Hellenic Army
(SAEP) Magazine
Page 6/6 - Curriculumvitae of Kalantzis
Panagiotis
Skills and competences
Mother tongue / Other languages Greek / English
Technical skills and competences General Information Security Knowledge:
- Cyber Security
- Information Security Strategy
- Information Security Management
- Risk Management / Risk Analysis Tools and Methodologies (OCTAVE, CRAMM, ISF)
- Business Continuity Management
- Penetration Testing / Vulnerability Management
- Web Application / Infrastructure / Application Security
- Information Security / Compliance Auditing / PCI DSS / Sarbanes Oxley (SOX)
- Security Incident Response Management
- IT Audit
- Internal Control design and evaluation
- Internal Control assurance
- Defense in Depth
- Information Classification
- Information Security Architecture design
- Network Security,
- OS Security / Hardening
- Cryptography
- Identity Management
- Bid and Tender Management
- Business Process Modeling and improvement
- IT governance
- Program / Project Management
- Senior Staff Training
Professional Organizational
Memberships
- Member of the Professional Education Certification Board (PECB)
- Member of ISO/IEC JTC 1/SC 27 Information Technology - Security Techniques ISO
standardization subcommittee
- Member of ENISA Awareness Raising (AR) Community
- Member of Business Continuity Institute (BCI)
- Member of Information Systems Audit and Control Association (ISACA)
- Member of International Information Systems Security Certification Consortium (ISC
2
)
Personal Achievements - Various Security Publication in Professional Magazinesand Portals
Other skills and competences Music, Martial Arts, Water Sports, Amateur Radio Show Production
Driving license Holder of a European drivers license. Category A and B vehicle
Additional information
Academic and Work references (Not from the current employer), transcripts and copies of
degrees and qualifications available upon request. Willing to travel.