Evgeniy Kozlachkov

Experience

• 

  British Council

  Sept 1998 - Sept 2003

  IT Manager, CIS & Baltic States
• 

  Cartier

  Sept 2002 - Sept 2005

  IT Regional Manager
• 

  PwC Russia

  May 2006 - Sept 2010

  Assistant Manager / Systems & Process Assurance

  • Financial Audit / SOX compliance projects / Internal Controls assessment. • ERP system controls implementation & assurance/security assessment, SAP (FI/CO, Basics). • Internal Controls, Risk Management, IT Governance and Compliance,

• 

  EY

  Sept 2010 - Nov 2011

  Manager / Advisory Department, IT Risks & Assurance Group

  Banking, Industry, Retail & Consumer Sectors• Finance Audit systems support and engagements management.• IT consultancy projects management. • ERP systems / IT automated control assessment,• GRC ( Risks & Compliance analysis), SOX compliance

• 

  ПАО "МТС-Банк"

  Dec 2011 - May 2022

  Head of IT Audit / Internal Audit Department

  • Developing IT Audit Plan based on COBIT methodology & Risk universe matrix. Compliance audit, - Central Bank regulations, PCI DSS and compliance with internal policies (HQ & Branches)..• Integrated audit based on Internal Audit standards. Identifying high risks in the area: automating Retail Banking, IT project management; IT Strategy and investments review.Central bank regulatory compliance on IT and IT security recommendations.• Managing unit of Internal Audit professionals within Internal Audit Department. Recruiting IT audit staff and building an effective team. • Implementation of Risk Based Automated Audit system (TeamMate). Control recommendations & audit issues follow up. Show less

• 

  UniCredit Bank Russia

  May 2022 - Jul 2022

  DR Policy Manager

  Implementing Global Disaster Recovery (DR) Policy and IT DR plans. Supervise and prepare DR testing reports. Participation in BIA (Business impact Analysis) and alining DR activities for IT Systems according to risk level and critical level of Business process. Assessment of mission critical IT services and systems. IT Governance and internal processes analysis and improvement (sustainability of IT services) based on CobIT methodology.

• 

  T1

  Sept 2022 - now

  Chief Information Technology Auditor

  Assessment of IT controls efficiency & Information security in T1 Group companies, - IT General controls, IT infrastructure & system access controls (PAM systems), banking applications development, TransWare processing, IaaS/PaaS service. General IT risk assessment, IT and Data Governance. Information security controls, compliance with requirements (Central Bank, RosComNadzor, PCI DSS). IT Audit based on RBA approach and CobIT methodology. IT/ITSec risks identification. Applications development controls assessment (SDLC, OWASP secure coding). Business\Mission critical IT process identification (RPO\RTO), DR planning assessment. Show less