Nausika Peshkopia

ALEAT is a private company operating in the Identity Industry in Albania. It produces the customized Biometric Passports and Identity Cards for Albanian Government.

Governance Risk and Compliance

• Ensure continuous compliance of the Organization with ISO 27001 and eIDAS standards.
• Developing, implementing and monitoring of regional IT risk management processes in alignment with global IT Security policies and guidelines
• Providing IT Security Management technical support and assistance using own judgment in risk analysis and management, escalating more complex queries
• Defining and managing the ongoing refinement of our IT Security policy
• Manage ISMS Periodic Reviews and escalate up identified issues
• Pilot security certifications, internal, external audits and inspections
• Information Security Awareness Program
• Good knowledge of IT Processes in regard to Information Security, Information Assurance, Business Risk Management and IT Solution Development (e.g. Systems- and Network Design)

Information Security Program

• Continuous assessment of the company information security posture
• Vulnerability Management
• Security Incidents Event Management (threats identification, management, risk reduction)
• Set up processes to monitor the status of the company networks
• PKI Infrastructure - Encryption and Cryptography
• Providing IT Security Management technical support and assistance using own judgment in risk analysis and management, escalating more complex queries
• Good knowledge of IT Processes in regard to Information Security, Information Assurance, Business Risk Management and IT Solution Development (e.g. Systems- and Network Design)

Business Continuity and Incident Management

• Maintain the BCP Program and procedures
• Identify new BCP Scenarios
• Manage Security Incidents

Department management

• Create/maintain team staffing and scheduling to include time tracking and capacity planning
• Responsible for coordinating resources and driving efforts leading to the completion of key initiatives as specified on the Security Roadmap.

Governance Risk and Compliance

• Maintain compliance of Information security policies and procedures with the regulatory and in scope security standards (ISO 27001, PCI DSS, Central Bank of Albania)
• Prepare, validate, and maintain security documentation including, but not limited to: system security plan (SSP), risk assessment (RA), contingency plan (CP).
• Identify opportunities to improve risk posture, designing security controls for re-mediating or mitigating risks, and assessing the residual risk.
• Provide ongoing feedback for risk management, mitigation, and prevention
• Prepare and deliver security and privacy awareness training to different project team audiences
• Provide leadership and work with business team for processes streamline

Information Security Program

• Conduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero day exploits, published vulnerabilities, IDS/IPS and SIEM alerting, etc.) in order to proactively assess and investigate emerging threats and potential impact.
• Responsible for identifying, assessing, reporting, the remediation of IT security vulnerabilities
• Access Management
• Identify and tailor customized security requirements in Change Management or in-house developed programs.

Business Continuity and Incident Management

• Assists in the overall management and implementation of business continuity initiatives
• Business Continuity Planning and Implementation: Pandemic Response scenario, Disaster Recovery (earthquake), Incident response scenario.

Projects Management

• Develop and maintain program and project level status and reporting to stakeholders and management
• Ensure communications within project/program teams, portfolio teams, and others are of highest accuracy, and consistent with overall messaging the organization supports.
• Project Types: Risk Assessment, IAM and PAM (initial phase), PCI DSS related project (Project related to the change of Bank Processor).

IT Auditing

• Perform IT Audit and IT General Controls, Application Controls,
• Develop audit programs, test scripts, working papers for information systems audits
• Assist financial audit teams and audit clients in the evaluation of IT audit findings
• Proactively interact with key client management to gather information, resolve problems and make recommendations for business and process improvements
• Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status and managing staff performance

Information Security Risk Consulting

• Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement
• Assist with different Business Solutions Consulting (BSC) engagements – worked as a team member of larger project teams
• Advising in the creation of IT security policy and the implementation of that policy across large, autonomous IT environments
• Lead security due diligence reviews over third party services providers to determine if implemented security and control practices align industry best practices.
• Develops and maintains relationships with customers

Proposal writing

• Assist Managers developing proposals
• Assist partners and senior management on proposals and business development calls
• Provide high quality client service by providing updates on the status of engagement work to the client and KPMG leadership
• Responsible for creating a communication plan and managing the calendar of activities for the year

Standards applied

ISO/IEC 27001: 2013, ISO/IEC 27002:2013, COBIT, ITIL, KPMG customized methodology

Type of projects

• IT Audits, SOX compliance, GITC, Application Controls, Project Coordination in IFRS Implementation, IT Advisory, Project in the Public Administration, Project Coordination in SAP Implementation and User Access Management.

Clients Geography

• Albania, Kosovo, UK, Germany

• Banking Industry in Albania and Kosovo: Central Bank of Albania, Central bank of Kosovo Raiffaisen Bank, Intesa San Paolo Bank, Credins Bank, Banka Kombetare Tregtare, etc
• Telecommunication Industry: Vodafone Albania, IPKO, Eagle Mobile, etc
• Insurance Industry: Vienna Insurance Group, INSIG, etc

Financial Consultant for "Procure to Pay Module" under the Project for implementation of "Oracle financials 11i", on behalf of Treasury department within the Ministry of Finance of Albania.

• Supporting Oracle Consultants as main drivers of implementing Oracle Financial for Treasury department at the Ministry of Finance of Albania.
• Analysis of business and accounting procedures,
• Customization of Oracle Application, design of business processes, implementation, user acceptance testing, train the trainers and training to end users for Procure to Pay modules and interfaces developed with external systems. Interfaces between institutions, for invoices, purchase orders.