Austria
I am a seasoned Security and Compliance leader with a proven track record of elevating security frameworks within fast-paced, technology-driven environments. Currently, I spearhead the governance, risk, and compliance (GRC) initiatives at Sourcegraph, a pioneering Code AI Platform. Here, I oversee the strategic integration of security and compliance processes across the organization, directly contributing to the safeguarding of sensitive data and infrastructure for our clients. Bringing over 10 years of tech industry experience with a focus on security and compliance for the last 8 years, my journey has been about mastering and applying critical standards like ISO 27001, SOC 2, PCI DSS, NIST 800, etc.. At Sourcegraph, I've used this expertise to architect and maintain security frameworks that not only comply with these rigorous standards but also set a benchmark for operational security and compliance. My approach revolves around the strategic implementation of risk management frameworks, pivotal in driving informed decision-making and ensuring operational agility. I’m driven by a belief in the transformative power of security - it’s not just about defense but enabling faster, more secure sales processes. This vision shapes my work, turning security into a key driver for business growth and customer trust. I am eager to connect with like-minded professionals who share a passion for pushing the boundaries of what's possible in security and compliance. Let's explore how we can set new benchmarks for excellence and innovation in our field together.
- Led the swift and successful completion of SOC 2 Type I and II audits, securing an outstanding attestation report and establishing a secure, compliant framework for the organization. - Architected core security and compliance frameworks, including comprehensive third-party risk management and data management frameworks, crucial for SOC 2 audit success and enhanced protection of sensitive data. - Implemented a comprehensive risk management framework, resulting in a significant reduction in security incidents, improved board visibility into security operations, and optimized risk management and budget allocation for remediations. - Formulated a robust security and compliance roadmap leveraging risk assessments and security maturity evaluations, leading to notable improvements in security effectiveness and reduced exposure to cyber threats. - Pioneered the development of the entire Governance, Risk, and Compliance (GRC) function from the ground up, establishing a strategic framework that supports organizational objectives while ensuring compliance and risk management best practices. - Played a pivotal role in building and enhancing other security functions, contributing to a cohesive security strategy that covers all aspects of information security, from operational to strategic levels. - Enhanced customer experience through the creation of a security information portal, markedly reducing the need for manual information sharing and enabling quick access to security data for clients. - Enabled the sales team to effectively communicate security measures to customers with the creation of a detailed white paper, significantly reducing customer inquiries and shortening the sales cycle. - Developed and enforced a comprehensive suite of security policies aligned with ISO 27001, SOC 2, and NIST 800 standards, effectively reducing security gaps and ensuring compliance readiness for SOC 2 preparation.
- Spearheaded the development and maintenance of an Information Security Management System (ISMS), collaborating with cross-functional teams to enhance security controls and operational processes. This initiative improved organization-wide security awareness and compliance with industry standards. - Successfully led the full-scale implementation and certification of ISO27001 within 6 months, and managed the SOC2 Type 1 & 2 compliance process, achieving compliance in just 8 months. These achievements underscored a proactive approach to enhancing the organization's security posture and meeting rigorous international standards. - Instrumental in building and maturing the organization's security and compliance functions, aligning them with the company’s growth and evolving threat landscape. This involved developing sub-teams specialized in application security, cloud security, threat response, corporate security, security assurance, compliance, and risk management. - Established and maintained an extensive controls management framework, featuring an internal controls library and automated compliance workflows. This framework facilitated effective governance, risk management, and compliance (GRC) processes, improving the organization's ability to monitor and report on compliance statuses. - Implemented a robust risk management process, complete with risk assessment methodologies, remediation plans, and detailed reporting dashboards, significantly enhancing the organization's risk management capabilities. - Led the internal audit program, recruiting and training auditors to perform bi-annual audits, ensuring continuous compliance and improvement. - Managed company-wide security awareness programs, elevating the organization's security culture and compliance understanding across all levels.
I have held multiple roles within the Futures, Clearing and Collateral space, starting off as a business analyst in the trade execution and risk management team. I have designed and implemented in-house testing frameworks and reduced manual overheads by implementing a best in-class risk management system. More recently, I have delivered new applications within the collateral management space and have widened the scope of my responsibilities by regularly on-boarding major clients on Citi's Futures platform within challenging deadlines and tight budgets. Other key achievements include: - Managed vendor product for the Execution and Risk business by coordinating regulatory changes, exchange and clearing house upgrades, implementation of new business functionality, vendor performance reviews and hardware optimisation & management. - Managed all phases of the project lifecycle for a new Collateral Management suite, including client communication, requirement elicitation, system design and iterative development oversight. - Merged multiple books of work across the front office execution and risk team into a single global task management system to break regional silos, increase productivity by better knowledge sharing and provide a larger skilled resource pool.
As a graduate software developer with the Asset Servicing (ASPEN) Technology team, I delivered the user interface for several key components within the application. I designed this new model in Axure (interactive UI mock-up tool) and led a team of bright off-shore software developer to deliver the project.
Freelance software developer and User Interface (UI) designer for UCL Advances - a former innovation and entrepreneurship centre within UCL. I provided consultation on design choices to young entrepreneurs in areas such as aesthetics and branding. I analysed and identified useful digital marketing strategies to improve usability and align the interface with the overall strategic goals of the venture.