Miloš Siebert, CISSP
Information Security and Risk Management Consultant - Contractor at Modrá pyramida- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
angličtina Full professional proficiency
Topline Score
Bio
Credentials
-
Cambridge First Certificate in English
-Jan, 2006- Nov, 2024 -
CISSP
ISC2Mar, 2019- Nov, 2024
Experience
-
MPSS
-
Czechia
-
Banking
-
400 - 500 Employee
-
Information Security and Risk Management Consultant - Contractor
-
Mar 2022 - Present
As Information security and risk management advisor for CISO I work on various activities. • Developing Information Security Management System (ISMS) upon ISO27001, ISO27002 making also sure it is compliant with EBA GL and other regulations and legislation • Updating and creating new information security policies and standards • Establishing Information Security Risk Management process • Creating methodologies for risk assessment and risk management itself • Performing risk assessments upon the new methodology Show less
-
-
-
HCLTech
-
India
-
IT Services and IT Consulting
-
700 & Above Employee
-
Information Security and Risk Management Consultant - Contractor
-
Jun 2021 - Dec 2021
• Performed threat modelling, architecture security reviews and risk assessments for an HCL global client. • Performed threat modelling, architecture security reviews and risk assessments for an HCL global client.
-
-
-
Komerční banka
-
Banking
-
700 & Above Employee
-
IT Security and Risk Management Consultant - Contractor
-
May 2019 - May 2021
As a member of Information Security Centre of Expertise, I fulfilled a role of Security specialist for Platform services tribe. • Provided IT security consultations within agile development activities • Performed application sensitivity assessments, various information security risk assessments, threat modelling and Data privacy impact assessments (DPIA). • Provided consultations on scope of pentests and on pentest results within SDLC to ensure appropriate security level of the information systems. Show less
-
-
-
Thales Digital Identity and Security (ex Gemalto)
-
France
-
IT Services and IT Consulting
-
700 & Above Employee
-
Software Security Consultant
-
Mar 2019 - Apr 2019
• Provided consultancy on security, risk management and data privacy compliance within SDLC process on three projects run by Gemalto Government Business Unit (GBU). • Performed information system risk assessments based on threat modelling and GDPR compliance assessments. • Provided consultancy on security, risk management and data privacy compliance within SDLC process on three projects run by Gemalto Government Business Unit (GBU). • Performed information system risk assessments based on threat modelling and GDPR compliance assessments.
-
-
-
Novartis
-
Switzerland
-
Pharmaceutical Manufacturing
-
700 & Above Employee
-
Information Risk & Security Manager - contractor
-
Jan 2017 - Dec 2018
• Successfully worked in Security Risk Assessment team providing consulting to Novartis group entities globally. • Gained solid experience with analysing information systems (including GxP systems) and performing information security risk assessments also including advisory for risk treatment. • Within various projects I have been analysing information system architecture, technology, configuration as well as operational processes to provide solid information about relevant risks and recommendation for their reasonable treatment. • Actively participating on implementation of a new security program related to outsourcing of security assessment services. Providing supervisory and quality assurance. Show less
-
-
-
Provident Financial s.r.o. (IPF)
-
Czechia
-
Financial Services
-
200 - 300 Employee
-
Senior Information Security and Business Continuity Expert
-
Oct 2016 - Dec 2016
Successfully fulfilling position of IT Security Manager being responsible for Information security management, IT security management and Data protection within Czech and Slovak markets.• Established regular meetings with top management, identified most critical security issues in the company and created action plans for their mitigation.• Assessing and continuously improving Information Security Management System (ISMS) in terms of ISO 27001.• Implemented MDM solution securing company mobile devices; Initiated and participated on tenders for Identity and Access Management (IAM) system as well as SIEM system.• Providing consultations within projects and making sure that InfoSec, IT sec and Data protection aspects are considered.• Implemented perimeter data leakage monitoring tool to inspect data traffic to the Internet to detect confidential information leaking out.• Created Information classification policy also covering handling rules for classified information; helped to create Group information security framework and helped review Group IT security framework.• Prepared security awareness for users, organized physical security assessment of all company physical premises• Organizing regular vulnerability scans of company systems, evaluated reports and setup action plans for mitigation upon severity of the findings. Show less
-
-
IT Security Manager
-
Mar 2015 - Sep 2016
Responsible for information security, IT security and data protection.Reported to the board of directors as well as to the group head of information security.
-
-
-
KBC Bank & Verzekering
-
Belgium
-
Financial Services
-
700 & Above Employee
-
ICT security specialist
-
Oct 2008 - May 2014
Successfully worked in Information Risk Management (IRM) team providing consultations to KBC IT CZ, CSOB bank as well as to other entities within CSOB holding • Participating on number of local and international IT projects as an information security consultant, helping to design the IT solutions by determining appropriate security requirements • Responsible for Identity and Access Management process (IAM) by fulfilling the role of application manager for application ITIM, making sure the process is reliable, flexible and secure • Gained solid experience with information risk management in KBC IT CZ as a secretary of Quality and Risk Committee Fulfilling role of Information Security Officer in CSOB Lease entity • Responsible for development and maintenance of Information Security Management System (ISMS) in terms of ISO27001:2005 • Reporting to the top management on quarterly meetings • Developed information security strategy upon risk assessment covering all key areas of ISMS • Performing risk assessments and risk analysis and suggesting ways to mitigate the risk on acceptable level, responsible for development and maintenance of local security action plan • Responsible for development and maintenance of processes and internal directives covering all key areas of ISMS; performing yearly information security awareness campaigns During the five and half years I gained extensive hands-on experience in information security management in a big as well as middle-sized financial company. Show less
-
-
-
WSP in the UK
-
Professional Services
-
700 & Above Employee
-
Systems engineer
-
Oct 2007 - Jul 2008
• Successfully worked in IT team providing support within three projects for Highways Agency • Responsible for managing, maintaining, administering and troubleshooting computer networks consisting of Windows Servers 2003 as well as Windows XP workstations and Windows Mobile devices. • Successfully worked in IT team providing support within three projects for Highways Agency • Responsible for managing, maintaining, administering and troubleshooting computer networks consisting of Windows Servers 2003 as well as Windows XP workstations and Windows Mobile devices.
-
-
-
Net Root Ltd.
-
IT Services and IT Consulting
-
IT support engineer
-
Aug 2007 - Sep 2007
• Provided user and technical support to business clients in central London • Gained additional experience in maintaining and supporting networks with MS Windows Server 2003 + Active Directory • Provided user and technical support to business clients in central London • Gained additional experience in maintaining and supporting networks with MS Windows Server 2003 + Active Directory
-
-
-
IP (N) Ltd
-
London, United Kingdom
-
IT manager
-
Jan 2007 - Jul 2007
• Provided IT support to the clients (private schools in Wimbledon area) • Got hands-on experience with administering Microsoft Windows servers 2003 + AD • Provided IT support to the clients (private schools in Wimbledon area) • Got hands-on experience with administering Microsoft Windows servers 2003 + AD
-
-
-
Harline Ltd
-
London, United Kingdom
-
Computer network engineer
-
Jan 2006 - Dec 2006
• Gained extensive hands-on experience in building-up Ethernet networks • Gained extensive hands-on experience in building-up Ethernet networks
-
-
-
Ing. JAN NOVÁK s.r.o.
-
Ústí nad Labem, Czech Republic
-
Manager
-
Apr 2004 - May 2005
• Dealing with business clients, preparing and presenting proposals regarding ICT and web design solutions • Dealing with business clients, preparing and presenting proposals regarding ICT and web design solutions
-
-
-
University of J. E. Purkyně
-
Ústí nad Labem, Czech Republic
-
Helpdesk Support Technician
-
Sep 2002 - Mar 2004
• Successfully worked in the unversity IT department, providing helpdesk and onsite support to the university network users • Successfully worked in the unversity IT department, providing helpdesk and onsite support to the university network users
-
-
Education
-
1996 - 2002
University of West Bohemia in Pilsen - Faculty of Applied Sciences
Masters, Mathematical engineering -
1992 - 1996
Secondary School of Engineering and Electrotechnics
Automation engineering
Community
