Anastasiia Novoselova

Security GRC | Governance & Reg Engagement @ Goldman Sachs

Warsaw, Mazowieckie, Poland

About

Information security governance, consulting services, compliance audit. Regulations: ISO/IEC 27001, AICPA TSC (SOC 2), GDPR, NIST SP 800-53, EBA Guidelines on ICT and security risk management, DORA.

Experience

  • Governance & Regulatory Engagement at Goldman Sachs
    Jul 2025 - Present · 1 yr

  • Security Governance, Risk and Compliance Specialist at Finalto
    Oct 2022 - Mar 2025 · 2 yrs 6 mos

    Direction of security governance and compliance initiatives, ensuring alignment with regulatory requirements and organisational policies. Development and refinement of the security framework to meet industry standards and evolving regulatory requirements. Information Security Management System (ISMS) governance, security and compliance risks management. Oversight of IT assets lifecycle management, including proper classification and protection; Business Impact Analysis (BIA) to assess asset criticality and impact on business operations. Risk management; integration of risk assessment processes into organisational operations. Suppliers’ security verification, including thorough assessments to ensure third-party vendors' compliance with security standards and organisational requirements. Coordination and management of internal and external audits, including evidence gathering, review, and delivery for thorough evaluation and compliance. Administration of the security awareness program, including development and execution of training and assessment initiatives to enhance organisational understanding of security practices.

  • ISMS & Risk Manager at Fairo App
    Nov 2020 - Oct 2022 · 2 yrs

    Information Security Management System (ISMS) implementation, refinement and management. Business Continuity (BC) and Disaster Recovery (DR) governance. Internal and external audits coordination.

  • Senior Consultant at 10Guards
    Aug 2019 - Nov 2020 · 1 yr 4 mos

    Information security compliance audit and consulting services.

  • Lead Information Security Officer at Active Audit Agency
    Jun 2016 - Jul 2019 · 3 yrs 2 mos

    Information security compliance audit and consulting services ensuring compliance with information security industry standards.