Vasileios Giannakopoulos

IT Risk, Information Security, and Privacy

Download PDF

SUMMARY

As an IT Risk, Information Security, and Privacy professional, I lead and support various initiatives to identify, assess, and mitigate IT Risks, enhance Information Security Awareness, and ensure compliance with data protection regulations.

With over 15 years of experience in the IT industry, I have developed a broad set of skills and knowledge in IT infrastructure, project management, security systems, and cyber resiliency.

I am passionate about integrating Security and Privacy by Design as a corner stone in any business environment and providing high-quality solutions to meet the business needs and challenges. I have successfully monitored a comprehensive enterprise information security and IT risk management program and partnered with stakeholders to raise awareness of risk management concerns. I hold multiple certifications and an MSc in Computer Network Security.

Experience

3
8
Information Security & Privacy Officer
October 2021 - Present
  • Regarding the Information Security role:
    • Identifying IT risks areas within projects, guides, reviews, and challenges projects.
    • IT Risk assessments and supports informed decision making by MT, Digital Transformation Board, project, or Risk committees.
    • Supporting Ayvens in meeting the Information Security needs by explaining these to the business and translating these to non-functional requirements.
    • Ensuring proper monitoring and reporting of Information Security risks and the related implementation of IT controls at global and local level and ensures adherence to all relevant, policies, standards, and models.
    • Protecting Ayvens against all kind of security threats and mitigates Information Security and business continuity risks.
    • Enhancing Information Security Awareness and improve best practices.
    • Acting as a center of expertise and serving as a trusted advisor on the improvement of Information Security and related governance within the Digital Transformation.
    • Coordinating and facilitating Information Security related risk assessments.
    • Reviewing and challenging the design of IT controls and monitor the implementation of these IT controls.
    • Designing and implementing the Information Security plans, which aim on adherence to applicable laws, rules and regulations and internal standards.
    • Managing of Information Security Incidents.
    • Supporting the business with managing day-to-day Information Security risks or issues.
    • Supporting the business in assessing the CIA of the information assets.
  • Regarding the Privacy role:
    • Identifying Privacy risks areas within projects, guides, reviews and challenges projects privacy risk assessments and supports informed decision making by MT, Digital Transformation Board, project, or Risk committees.
    • Supporting Ayvens in meeting the Privacy by Design needs by explaining these to the business and translating these to functional and non-functional requirements.
    • Ensuring proper monitoring and reporting of privacy risks and the related implementation of privacy controls at global and local level and ensuring adherence to all relevant policies and standards.
    • Enhancing privacy awareness and improve best practices.
    • Coordinating and facilitating Privacy risk assessments.
    • Reviewing and challenging the design of privacy controls and monitor the implementation of these controls.
    • Serving as a trusted business advisor by proactively challenging and assisting the business and be able to build bridges between management and employees.
    • Contributing to information and recordkeeping obligations and maintain local processing register.
    • Assisting in handling of personal data breaches and notification requirements.
    • Monitoring developments, trends, and future changes in the privacy environment, including applicable laws and regulations, relevant for Ayvens and (new) products / projects and advice on how they affect Ayvens and what is required to keep up.
    • Assisting with translating business needs for Information Security and governance into specific initiatives and projects
savagi_full_large
2014
  • Orchestrated the setup of robust and efficient network infrastructures for SME clients, ensuring seamless communication and data flow.
  • Developed and implemented data protection strategies that evolved with the constantly changing regulatory landscape, safeguarding sensitive information.
  • Empowered client personnel with the knowledge and tools to uphold compliance standards and foster a culture of data protection.
  • Established a robust incident response framework for clients, enabling rapid and effective resolution of security incidents.

Core skills and proficiencies

  • Proficient in the implementation and roll-out of ISO 27001.
  • InfoSec Management System Documentation.
  • Communications and Presentations.
  • Team leading and mentoring.
  • Project team lead and admin.
  • Reporting to senior management.
  • Purposeful personality.
  • Design and implementation of secure data centers.
  • Systems Integration and support, architecture, and infrastructure hardening.
  • Designing and implementing secure networking technologies.
  • Implementing Jira and Confluence solutions.
  • Training skills.

Soft skills

Friendly, professional, persistent, patient, resilient towards high demanding environments.

Diligent at accountabilities, duties, and workloads. Mentor perspective and goal oriented.

Certifications highlights

International organizations

Education & Certifications

  • Certified Information Security Manager, 2022
  • ISO 27001:2013 Lead Auditor, 2021
  • Certified Information Privacy Manager (IAPP CIPM) – training only
  • Certified Information Privacy Professional Europe (IAPP CIPP/E), 2019
  • Certified Cloud Security Professional (ISC2 CCSP), 2017
  • Prince2 Foundation, Axelos 2016
  • Dutch for foreigners A3, 2015
  • Helicopter Underwater Escape Training, Including Emergency, 2015
  • Breathing System, Basic Offshore Safety Induction and Emergency & Response Training, 2015
  • Compressed Air Emergency Breathing System initial deployment training 2015
  • Apple Certified Associate: Mac Management 10.10, 2014
  • Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist, 2014
  • Apple Certified Associate: Mac Integration 10.7, 2012
  • Microsoft Certified Professional (MCP), 2011
  • Microsoft Certified Technology Specialist (MCTS), 2011
  • Microsoft Certified System Administrators (MCSA), 2011
  • MSc in Computer Network Security, LJM University, 2008
  • BSc in Mobile Communications & Internet Technology (Hons), University of Wales, Swansea, 2007
  • Computers and Computer Networks Technician, SVIE, 2003

Other

  • University of Cardiff: Guest Speaker – 2018 – 2021.
  • KNOWLEDGE ACADEMY: Delivering courses – 2019 – 2020.
  • University of Swansea: Mentor – 2021 – 2023.
logo
Chief Information Security and Privacy Officer

(pre-startup)

June 2021 - April 2023
  • Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program that pertains to ML.
  • Develop and enhance an information security management framework tailored to AI.
  • Provide leadership to the organization towards security.
  • Partner with business stakeholders to raise awareness of risk management concerns.
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
  • Evaluating the IT AI threat landscape, devising cyber security policy and controls to reduce risk, leading auditing, and compliance initiatives, and more.
  • Developing cyber resiliency so the organization can rapidly recover from hacking, security incidents, or infringements.
  • Determining if the data security initiatives are worth the financial investments.
  • Contributing to a variety of security policy domains associated with compliance, governance, risk management, incident management, HR management, and additional domains.
  • Ensuring that the organization is adaptable to evolving compliance regulations.
  • Proactively conduct audits to ensure compliance and address potential issues.
  • Maintain records of all data processing activities carried out by the company.
  • Serve as the point of contact between the company and the data protection authorities. • Weighing business opportunities against security risks that can potentially compromise the organization’s long-term financial rewards.
  • Establishing a system that reduces human error and its impact on the organization’s security posture.
  • Act as the primary point of contact within the organization for members of staff, regulators, and any relevant public bodies on issues related to data protection.
  • Ensure the company’s policy is in accordance with GDPR and codes of practice.
  • Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues.
  • Devise training plans and provide data protection advice and support for members of staff.
  • Inform and advise the Data Controller or Data Processor (where applicable) on all matters related to data protection.
  • Promote a culture of data protection compliance across all units of the organization.
  • Provide expert advice and educate employees on important data compliance requirements.
  • Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
  • Hold training with staff members across different business units who are involved in data handling or processing.
Read More
2.jpg
Senior Security Architect
July 2020 - September 2021

Evaluating and designing IT architecture solutions to ensure user requirements and solutions are met. Provides integrated systems planning and recommends innovative technologies that will enhance the current system. Recommends appropriate desktop, computer platform, and communication links required to support organizational goals and strategy. Manages Due Diligence exercises and internal/external IT audits. Provides the Security Management function.

  • Responsible for the development and maintenance of the security architecture to ensure its consistent and correct use in order that IT solutions and systems optimally support the Group’s primary processes and strategy.
  • Monitoring compliance with the architecture.
  • Team leading and mentoring.
  • Creating understanding and acceptance for the solution direction and patterns amongst architects, programs, and IT stakeholders.
  • Guiding engineers and programs on following the security architecture in their designs.
  • Gathering security requirements from business stakeholders and IT professionals to develop risk-based security solutions and services. • Working within the NIST framework and InfoSec Policy
  • Working from the current security architecture and available analysis
  • Enhancing the architecture by making it practical, creating the right solutions and services for a shared security platform.
  • Mapping those solutions to the CISO’s 5-year plan and identify gaps.
  • Creating additional proposals and business cases where necessary, in agreement with the CISO
  • Creating clear technical patterns in the reference architecture for projects to follow.
  • Providing high level security designs and support low level designs for Atradius Business Transformation program and IT investment portfolios.
Read More
9
Information Security & Privacy Officer
November 2018 - June 2020
  • Documenting and reviewing GDPR and other compliance documents such as Data Processing Agreements
  • Demonstrating the ability to understand security needs, as well as the core business requirements, understanding the need for security whilst acknowledging the needs to minimize business disruption.
  • Consulting with business unit owners, and product managers to ascertain their security requirements.
  • Working with the CISO in the implementation and adoption of security principals, throughout the organization
  • Creating Records of Processing for the complete Group of companies (Ad-Tech and Game-Tech) • Designing and implementing the Cookie Policy / Notice for the game sites
  • Taking ownership for security projects, and leading implementations across the businesses
  • Representing the DPO on GDPR compliance issues
  • Implementing and supervising of privacy activities
  • Guiding the business units at achieving security baselines.
  • Advising on new security technologies and implementations Designing, implementing and rolling-out security policies and architecture
  • Introducing security concepts into business units working processes
  • Implementing and Maintaining a Privacy Framework
  • Being part of the implementation team of privacy by design and privacy by default principals
Read More
1
Infrastructure Specialist
August 2016 - October 2018
  • Risk Assessment including PCI-DSS compliance by conducting vulnerability scans both internal faced and external.
  • Performing OWASP Top 10 security risk assessments for identifying exposure and impact using a variety of tools.
  • ISO 27001:2013 implementation policy documentation design and support as a lead implementer.
  • Engineering of IT infrastructure and security related solutions for various business, customer projects and operational needs, in highly governed and security intensive financial environment.
  • Creating / aligning IT security hardening baselines using best practices and guiding IT support into implementing and verifying.
  • Contact with UL internal business and security organization with regards to implementation of Data Protection and Information Privacy in accordance with GDPR concerns. • Design, implement and maintain IT policies (based on ITIL), procedures and security controls. Design, implement and support Access management for cloud tenants. Performing security monitoring; design preventive countermeasures; assisting in projects related to network security.
  • Identifying approaches that leverage resources and provide economies of scale. Maintaining datacenter environmental and monitoring equipment.
  • Support due diligence audits and support remediation and closure of findings.
  • Security Services support, end point of escalation for my client’s portfolio.
  • Developing and maintain installation and configuration procedures, technical security controls creation and implementation. Research and recommendation innovative, automated approaches for system administration tasks.
  • Projects related to EU governance and security requirements.
  • Being the liaison with corporate IT organization on aligning needs of local operation to UL global IT and security policies.
Read More
7
purepng.com-lockheed-martin-logologobrand-logoiconslogos-251519939105mamef
System Administrator Supervisor
March 2016 - July 2016

Team Lead position providing oversight and mentorship to the IT service delivery team, backup and absence cover support to the information security officer and security manager. Escalation point for all security incidents and support issues and supervision of daily operations. Senior network and systems administration including systems integration, infrastructure and architecture design, and security operations and management lead. IT audit and implementation of audit and security requirements.

537-5374533_case-characteristics-seaway-heavy-lifting-logo-clipart
Senior System and Network Administrator
July 2015 - February 2016

Senior project team lead role providing infrastructure and systems integration project support and administration, providing effective service delivery under ITIL and ISO 27001 standard frameworks.

  • Project leadership and administration
  • Provision of technical consultancy to infrastructure and systems projects
  • Project workload administration and management
  • Maintenance of Microsoft based datacentre infrastructure, servers and systems
  • Effective security incident handling and remediation, Incident resolution and troubleshooting
  • Technical consultancy – acted as a subject matter expert for project workloads, effectively advising and steering the organisation to ensure service delivery quality and assurance
  • Development of work instructions and other documentation based on Prince2 and ITIL principles
  • Continual re-design and improvement of systems and security hardening of the architecture
Read More
purepng.com-lockheed-martin-logologobrand-logoiconslogos-251519939105mamef
Systems and Infrastructure Systems Administrator
January 2012 - June 2015
  • Taking the initiative to go above and beyond normal tasking for stretch assignments that increase workload throughput, leverage innovation, increase customer value, or provide outstanding quality. Utilize analytical and creative problem solving skills along with standard processes and technologies resulting in secure and reliable connections to and use of systems, applications, and infrastructure Accountability, relationship building, effective communication skills, and quality service in the process of collaborating with, supporting, advising, and educating customers and team members on the use of services, handling of sensitive data, and resolving security incidents and requests, resulting in meeting or exceeding customer needs, established performance metrics, and efficient, effective, and compliant use of services.
  • New building migration (network, firewall design, server and systems design, upgrading, implementation, management, and implementation of ISMS).
  • Construction, design implementation of secure cloud environment of financial services, including:
  • Cloud infrastructure hardening
  • Deployment of defence in depth in cloud infrastructure
  • Data protection, management and access control for highly licensed data.
  • Building migration and reimplementation of a complete System and Network Infrastructure.
  • Provisioning of new systems and application servers and security infrastructure.
  • Plan, administer and supervise all computer network functions for the organization.
  • Ensure the WAN is operating at maximum efficiency with proper security, responsible for the cabling and wiring plant and facilities for the network.
  • Team-Lead Management. Actively coordinate with team members and other groups to effectively perform general and routine requests such as backup, restores, permissions changes, patch application, and testing. Interim information and security management and support during manager absences.
  • Provide quality service and accountability in the process of resolving requests, supporting daily operations, and ensuring system stability that results in accurate, timely, and efficient solutions and data as evidenced by meeting customer needs and meeting or exceeding established performance metrics.
  • Review and monitor systems for availability, error conditions, adequate space allocation, backup integrity, and performance to ensure system stability. Provide report and capacity data to support metrics for hardware warranty, software licensing and asset management systems.
  • Cisco Prime functional implementation and management.
  • Mobile Device Management implementation and management.
  • Lockheed based security hardening of Windows and Linux, Working with ISO 27001.
  • Implementation of Lockheed Martin Corporate Internal Audit requirements.
  • NetApp and Dell Storage Management, Dell Servers.
  • Documentation (Policies, Procedures, Processes), Purchasing administration.
  • Advanced wireless security using a certificate authority to incorporate Network Access Protection
Read More
4
purepng.com-lockheed-martin-logologobrand-logoiconslogos-251519939105mamef
Support Engineer
October 2011 - December 2011
  • Proactively monitored and swiftly resolved security incidents and simulator issues
  • Managed simulator security with regular updates, patching, and vulnerability remediation.
  • Maintained accurate security records and contributed to documentation improvement.
Read More
5
System Administrator
October 2008 - September 2011
  • Oversaw servers, network devices, and cloud services to ensure reliability.
  • Implemented firewalls, intrusion detection systems, and antivirus solutions to safeguard data.
Read More
unnamed
Deputy Security Supervisor
June 2006 - August 2006
  • Collaborated with the Security Supervisor to identify emerging threats and vulnerabilities related to IT, security, and privacy.
  • Supported the Security Supervisor in training and skill development programs for the security team.
  • Contributed to the development of risk mitigation strategies and ensure their effective implementation.
  • Collaborated with IT teams to minimize the impact of security incidents and prevent their recurrence.
Read More
unnamed
IT Support Technician
June 2005 - August 2005
  • Provided efficient end-user support to resolve hardware and software issues promptly.
  • Enforced security policies and ensure compliance with industry standards and regulations.
  • Identified and address IT infrastructure vulnerabilities through scans and patch management.
  • Prepared and present reports on security incidents, risk assessments, and compliance.
Read More
Front Desk Assistant - Nokia Club
June 2000 - August 2000
  • Greeted customers upon arrival and provided appropriate information regarding hotel services.
  • Verified identification and credit card information of guests prior to check-in.
  • Maintained accurate records of guest accounts using computerized systems.
  • Processed reservations made via telephone, fax, email or online travel sites.
Read More
OpenSUSE_Logo.svg_
International Translator
January 2000 - January 2007
  • Localized content to ensure cultural relevance and alignment with regional regulations and standards.
  • Developed a deep understanding of IT, security, and privacy terminology, jargon, and concepts in both the source and target languages.
  • Conducted thorough proofreading and quality checks to ensure translated content is error-free and adheres to company guidelines and industry standards.
  • Maintained a strong awareness of cultural nuances and sensitivities, adapting translations to respect and consider diverse cultural backgrounds.
Read More
Private IT Support and Private Tuition
January 2000 - September 2003
  • Tested telephone lines and equipment to identify any issues or malfunctions.
  • Responded to customer inquiries regarding PBX system use and functionality.
  • Repaired defective components within the phone system such as handsets and wiring.
  • Updated documentation for all changes made to the PBX systems for future reference.
Read More