What I can help with

Strategy: Advisory on IT strategy aimed to support business strategy for the company.

  • partnering with C-level when disseminating on business goals,
  • tackling each component
  • advising on an elaborated and effective IT Strategy supporting the company toward that direction.

Enabling IT for business, working together with business people or whatever approach is picked-up, this is an art. CIO might need to play an intelligent game in order to be successful within the underlying organisation. Digitisation is the trend and this game is a winning game depending on how much CIO succeeds to persuade the Board to act upon these new trends.

Security: I have extensive experience in reviewing Information Systems and assessing Governance of Enterprise IT (COBIT) as well as practicality (ITIL). Familiar with IT security standards (a hot topic nowadays).

Balancing protection of enterprise with actions mitigating security risks is challenging when CIO/CTO is required to prove efficiency and effectiveness of (IT) operations. I would advise to exercise practicality while keeping the high level objective in check.

Project management: I am familiar with transposing business requirements into technical requirements so they can be understood by IT people within software development projects. Also, explaining cybersecurity to C-level members not IT savvy is what I am resourcefull and very good at. Also, I help CIO in managing projects in that area (cybersecurity).

I do (or review) GDPR projects. I work also in teams doing due diligence for M&A (besides 12 years faced with IT, another 15 years were spent in financial field, so I fit perfectly and feel comfortable in large teams of financial experts collaborating to spot risks of new businesses, including my part in spotting IT risks).

Additionally being a programmer: I use to script in Python, as well as in legacy languages such as Classic ASP or Visual Basic or Visual Basic for Applications. But this is for fun. By the way: I am learning Flutter (mobile apps) – also for fun.

Databases: I am used to design databases and create data flows / data models for IT systems / IT aplications from scratch, or consider dependencies of other systems. I am familiar and worked with (for example) MS SQL Server, MySQL, SQLite.

IT Technical Due Diligence (mergers & acquisitions – click here -> will redirect to my presentation posted already on LinkedIn)

Security of processing the information

(including for GDPR purposes)

IT Security – always a balance between cost and risk -> see my view

When it comes to legal / regulatory purposes, this is like compulsory rather than views or opinions. For GDPR it just needs to demonstrate compliance (in order to avoid fines from authorities). See below my offer for such case.

OFERTA – SERVICII de CONSULTANTA IT pe GDPR

Consiliere tehnica si organizationala privind securitatea prelucrarii conform art 32 GDPR

Activitate de consiliere / consultanta intr-un domeniu specific (detaliat in prezenta Oferta) referitor la securitatea prelucrarii datelor cu caracter personal prevazut in Regulamentul general privind protecţia datelor cu caracter personal nr. 679 din 27 aprilie 2016.

Aria de cuprindere

Definirea si adoptarea unor masuri tehnice de securitate IT (informationala) si organizatorice in cadrul organizatiei Client in vederea conformarii cu o parte din cerintele articolului 24 “Responsabilitatea operatorului” din Regulamentul general privind protecţia datelor cu caracter personal nr. 679 din 27 aprilie 2016), respectiv sa puna în aplicare măsuri tehnice și organizatorice adecvate pentru a garanta și a fi în măsură să demonstreze că prelucrarea datelor personale se efectuează în conformitate cu Regulamentul mentionat.

Nota:

Prezenta Oferta de consiliere / consultanta acopera doar o parte din masurile tehnice și organizatorice la care face referire articolul 24 din Regulamentul GDPR, respectiv cele prevazute de art 32 din acelasi Regulament (securitatea prelucrarii).

Oferta de servicii contine in esenta consultanta acordata Clientului in vederea luarii unor masuri in urmatoarele sectoare de activitate:

  • Protejarea resurselor informationale si de comunicatie (RIC) din cadrul Clientului impotriva riscurilor informatice interne si externe Clientului, cu scopul de a asigura confidenţialitatea, integritatea, disponibilitatea şi rezistenţa continue ale sistemelor şi serviciilor de prelucrare a datelor cu caracter personal din cadrul organizatiei Client.
  • Implementarea de catre Client (sau revizuirea de) masuri de pseudonimizare si criptare a datelor cu caracter personal.
  • Implementarea de catre Client (sau revizuirea de) masuri de restabilire a disponibilitatii datelor cu caracter personal şi accesul la acestea în timp util în cazul în care are loc un incident de natură fizică sau tehnică.
  • Crearea si adoptarea de catre Client (sau revizuirea de) politici / proceduri / norme interne referitoare la gestionarea incidentelor de securitate privind datele cu caracter personal care sa cuprinda raportarea si investigarea acestor incidente de securitate
  • Crearea si adoptarea de catre Client (sau revizuirea) procesului pentru testarea, evaluarea şi aprecierea periodice ale eficacităţii măsurilor tehnice şi organizatorice pentru a garanta securitatea prelucrării.
  • Crearea si adoptarea de catre Client (sau revizuirea de) politici / proceduri / norme interne referitoare la masuri de paza si protectie fizica impotriva accesului neautorizat din exteriorul Clientului la documentele pe suport hartie care contin date cu caracter personal, in vederea prevenirii producerii sau diminuarii riscului de incidente de natura fizica.
  • Crearea si adoptarea de catre Client (sau revizuirea de) politici / proceduri / norme interne referitoare la masuri de protejare printr-o politica de securitate si configuratii tehnice standard ale echipamentelor mobile proprietatea Clientului (telefoane mobile, tablete, laptop-uri) care sa restricitioneze accesul neautorizat al gasitorului, in caz de neglijenta (pierdere fizica) de catre angajati a acestor echipamente (daca este cazul de telefoane mobile / tablete proprietatea organizatiei Client utilizate de angajati in interes de serviciu).