Maxim Ribakowski - Information Security Officer

Recommended expert

Rüdersdorf, Germany

Experience

Jan 2023 - Dec 2024

2 years

Managing the Information Security program per ISO27001:2022, BAIT, BSI 200-1/4
Creating and updating IT policies and guidelines
Communicating with C-level and the board (weekly, monthly, quarterly reports on incidents, risks, measures, audits, strategic and staffing plans)
Coordinating external and internal audits (JAP, BAIT, BaFin)
Risk management (monitoring remediation measures, assessing new risks, planning and reporting countermeasures)
Incident management (analyzing security-related incidents, monitoring and planning countermeasures and improvements)
Training employees on incidents, internal policies and emergency procedures
Business Continuity Management (review and update of the BIA, emergency plans, recovery concepts, test results)
Managing communication between departments as a mediator
Managing and auditing external service providers (IT, cloud services; SOC 1/2, ISAE 3402 Type 1/2, C5 reports, on-site audits)

Jan 2023 - Dec 2024

2 years

Leading a team of four specialists in Identity and Access Management
Managing workflows and ensuring timely achievement of goals
Coordinating and delegating tasks, monitoring progress and compliance with legal requirements
Policy management (developing and implementing policies, guidelines and standards: authorization concept, SoD policy, onboarding/offboarding, IT resources, emergency access)
Training and supporting the secure use of access credentials and IT systems
Coordinating with IT, information security, data protection, legal and HR for appropriate access rights
Supporting internal and external reviews

Jan 2023 - Dec 2023

1 year

Preparing for ISO 27001:2022 and ISO 22301:2019 certification
Developing and reviewing ISMS documentation (security concepts, policies, work instructions)
Conducting training on information security, data protection and ISO standards
Auditing information security of service providers
Implementing an Information Security Management team (3 members)
Planning, coordinating and managing IT audits (year-end, insurance, partners)
Collaborating closely with IT, legal, HR and product development

Jan 2021 - Dec 2023

3 years

Implementing a GRC tool (selection, training, centralization and optimization of risk management, improved customer and partner services)
Collaborating closely with IT, legal, compliance, HR and product development
Designing IT policies in accordance with ISO 27001:2022, BAIT, MaRisk, GDPR, NIST
Managing the Information Security program with standardization and automation across IT infrastructure, cloud, development, encryption, backups, cyber security, access management, and data protection
Conducting security checks of business partners (ISO 2700x, SOC 1/2, ISAE 3402 Type 1/2, C5, on-site audits)
Centralized risk management and incident management through the GRC tool
Business Continuity Management (emergency scenarios, test monitoring)
Internal audits according to ISO 27001 and BAIT (planning, preparation, training, execution)
Managing external audits
Security Champions program to drive internal motivation and development in information security management and data protection
Preparing the CISO role for Nuri Bank GmbH

Jan 2018 - Dec 2021

4 years

Leading and developing an agile team (5 members) in information security management
Managing workflows, coordinating and delegating tasks
Central coordination and communication of security requirements
Collaborating closely with executive directors of all branches, IT, legal, HR and product development
Overseeing the group-wide IT security strategy
Preparing and managing certifications for ISO 27001 and ISAE 3000 / SOC Type 1/2 for financial SaaS services
Conducting training on information security and data protection
Risk management as well as internal and external audits
Coordinating and managing suppliers and partners
Building and improving the emergency management system (BCMS) according to ISO 22301
Project leadership and management

Jan 2018 - Oct 2018

10 months

Organization and further development of security concepts based on ISO/IEC 27001 and IT baseline protection for the public sector and BAIT for the financial sector
Advising on GDPR for app development (IT industry)
Auditing data centers
Implementing legally required documents for GDPR and ISMS (financial industry)
Handling tenders and pre-sales activities
Project management and coordination
Ongoing development and improvement of the ISMS according to ISO 27001 and BSI 100-1/4

Jan 2015 - Dec 2017

3 years

Risk analysis according to ISO 27005 in conjunction with ISO 31000 (financial industry)
Audits according to ISO/IEC 27001 (energy provider)
Customer IT compliance audits according to BAIT (financial industry)
Data protection audits (telecommunications industry)
Advising on ISO/IEC 27001 implementation (energy provider)
Advising on BSI IT baseline protection based on ISO 27001 (public sector)
Preparation for ISO/IEC 27001 certifications (data center)
Strategic and conceptual consulting on information security management (SaaS)
Training on information security, data protection, and ISO standards (public sector)
Development of security concepts according to BSI, BaFin, BNetzA, and international standards (financial industry)
IT compliance project management and coordination

Jan 2012 - Dec 2015

4 years

Conducting certifications for data centers according to ISO 27001, ISO 22301, ISO 9001, SOC 1/2, and PCI DSS
Interacting with internal and external stakeholders from various backgrounds
Central coordination and communication of security requirements to HR, IT, developers, support, and sales
Coordinating suppliers and partners
Leading teams in data protection, information security, and SOC
Risk management, as well as internal and external audits
Business continuity management
Project management and coordination

Jan 2010 - Dec 2012

3 years

Strategic coordination of data protection tasks with internal and external IT and HR staff, legal department, sales, and executive management
Establishing an ISMS according to ISO 27001
Acting as the company's data protection officer
Implementing the data protection concept
Conducting awareness activities on data protection and information security
Preparing data protection reports
Creating and revising internal policies on information security
Adjusting general terms and conditions and corporate rules
Conducting supplier audits