Zoe Sdogou, CISSP, CISA, CDPSE, ACDA

Experience

• 

  DEREE-The American College of Greece

  Feb 2002 - Dec 2004

  Lab Assistant, Computer Lab and Mathematics Lab Departments

  • End User Hardware and Application Support• Provision of training for Mathematica and Statistica Packages (MatLab, SPSS)

• 

  IASO Hospital

  Aug 2003 - Aug 2003

  IS/IT Assistant (Non Credit Internship)

  End User Hardware and Application Support

• 

  Retail@Link (Group Zinon)

  Nov 2005 - Nov 2007

  Senior Database Developer

  Responsible for the development, operations, redesign, debugging and support of the following services, using SQL:• Invoicing: Management, support and correction of invoices or orders of products from suppliers’ to retailers’• Distribution Channel Monitoring (using OLAP technologies): Management and support of a dynamic statistics service, supporting the retail-channel as well as monitoring of other sales channels, which are served through distributors, wholesalers or other intermediaries. Online reporting on the distributors’ sales data• Central Warehouse Replenishment (CRP/VMI/CMI): Inventory management of products in the retailers’ Distribution Center, comparable to the store level replenishment process• Process of Collaborative Store Ordering (PCSO): Management and support of the service which increases the effectiveness of Point-of-Sales (POS) data, store assortment, stock and promotions data, etc. Show less

• 

  Deloitte.

  Dec 2007 - Oct 2021

  Principal - Risk Advisory Services

  Key responsibilities:• Lead all IT Assurance and IT Consulting Projects (approximately 170 per year in total)• Develop and implement risk analysis methodologies for assessing business risks. • Design and execute solutions aimed at reducing and managing risks.• Support clients in adhering to new regulations impacting their operations, assessing the impact of regulatory changes, and implementing corrective measures to ensure compliance.• Research and development of methodologies and tools for enhanced risk management.• Design and deploy cyber-resilient solutions tailored to clients’ needs and specifications.• Deliver training and awareness programs regarding cyber threats and optimal security practices. • Evaluate, prevent, and mitigate cyber risks to safeguard systems and data.• Lead SOX (Sarbanes-Oxley Act) readiness and attestation audits, compliance reviews according to the Bank of Greece Governor’s Act 2577/06, IT Due Diligence, Quality Assessment Reviews, ISAE 3402 Third party readiness and attestation services (SOC1 & 2).• Evaluate and manage risks in Information Systems and assess compliance with regulations governing data protection and information security.• Formulate information security policies and procedures based on several frameworks (ISO27000 series).• Provide consultancy services aimed at enhancing the efficiency of information systems.• Lead audits based on the ISAE 3000 standard and the GRI (Global Reporting Initiative) framework for the preparation of corporate social responsibility reports.• IT Risk Assessments (based on ISF methodology) and Vulnerabilities Assessments.• Complex data analysis using Audit Command Language (ACL) software. Show less

• 

  Cepal Hellas Financial Services S.A.

  Oct 2021 - now

  Head of Risk Management

  Key Responsibilities:• Lead the Operational Risk Unit, the Data Protection Unit, the Information Security Unit, the Whistleblowing Unit.• Lead and monitor the implementation of corporate operational risk management framework, strategy and reporting requirements.• Maintain and evolve the corporate risk register and the risk appetite statements.• Lead and monitor the implementation of corporate business continuity strategy.• Lead and monitor information security, cybersecurity and IT risk management program based on industry-accepted information security and risk management frameworks. • Improve and communicate the maturity levels of information security, cybersecurity and IT risk practices.• Lead and monitor the implementation of corporate data governance/privacy framework, as well as monitor compliance with the applicable requirements of the local regulations and the GDPR.• Develop and maintain the Whistleblowing program.• Lead and monitor the Compliance and AML Unit for 2 years (2021-2023) ensuring compliance with regulatory requirements.• President of the Whistleblowing Committee.• Secretary of the Operational Risk and Internal Controls Committee. Show less