Ganbadrakh Danzan-Ayush

MSc. | CISSP | CCSP | CRISC | CISM | CISA | CGEIT

I am a passionate professional with over 8 years of experience in Information Security, Cybersecurity, and Governance, Risk & Compliance (GRC). I specialize in IT Governance, risk management, and strategic security frameworks, with extensive experience in implementing Information Security Management Systems (ISMS), Business Continuity Management Systems (BCMS), and Risk Management Systems (RMS).

I have developed deep expertise in identifying and managing risks, ensuring compliance with regulatory requirements, and aligning IT strategies with business objectives to enhance resilience and safeguard critical assets. My focus is on building and maintaining robust governance structures, establishing security controls and policies, and continuously improving IT risk management practices to address the ever-evolving threat landscape. Driven by a passion for both protecting data and enabling organizational agility, I help businesses navigate complex security challenges while ensuring sustainable growth and compliance.

Let's connect and explore how I can contribute to your security initiatives and help you achieve compliance and resilience in today's dynamic threat landscape.

Experience

Information Security Manager

A1 Telekom Austria (Austria)

- Creation and maintenance of company-wide security policies, standards, and guidelines.

- Development of security controls based on best practices and stakeholder feedback.

- Consulting on the implementation of security measures and their integration into existing processes.

- Creation and presentation of company-wide security reports

since August 2023

Information Security Officer / Business Continuity Manager

Credi2 (Austria)

- Optimization of the ISMS according to ISO/IEC 2700X and improvement of the integrated risk management framework.

- Development and implementation of security strategies, policies, and procedures to enhance information security.

- Conducting awareness programs and employee training to promote information security awareness.

- Identification, assessment, and management of security gaps, threats, and risks, including handling of security incidents.

- Development and operation of Business Continuity Management (BCM) to ensure organizational resilience.

May 2022 - July 2023

Information Security & GRC Consultant

T-Systems (Austria)

- Consulting in various focal areas of information security management as well as GRC (Governance, Risk & Compliance)

- Support in setting up & further development of management systems, incl. process definition and development, as well as workflow process automation in GRC/Security Management Tool "BIC GRC"

- Execution and process development of threat and risk analyses, risk management as well as security assessments

- Definition and implementation of technical and organizational security countermeasures

April 2022 - May 2022

Information Security Manager

Deloitte (Austria)

- Development and operation of the ISMS, including conducting risk analyses and risk assessments.

- Creation and revision of security policies, processes, and procedures to enhance information security.

- Monitoring of KPIs to measure and improve information security measures.

- Internal consulting and training on information security topics, including conducting security awareness training.

- Coordination and support of internal and external audits to ensure compliance.

May 2019 - March 2022

Advisory Associate / RPA Developer

KPMG (Austria)

- Process evaluation and feasibility assessment for RPA

- Design, development, UAT and deployment of RPA bots

February 2019 - April 2019

System Administrator for Payroll Systems

IBM (Austria)

- Database administration and IT support in Payroll Systems

- Maintenance and operations of payroll databases

- Deputy Security Officer in Payroll Team

- Maintenance and administration of internal HR website

- Preparation of various monthly reports from payroll databases

September 2017 - November 2018

Translator Mongolian-German

"Ikh-Uils Center" NGO (Mongolia)

- Translation of official documents and records

September 2006 - April 2007

Project Manager

"Ikh-Uils Center" NGO (Mongolia)

- Acquisition of sponsors

- Management and supervision of the project team

- Project management and coordination

June 2003 - September 2004

German teacher (Part-time)

Alexander-von-Humboldt School Nr. 38 (Mongolia)

- German lessons for high school upper classes

November 2003 - July 2004

Education

University of Applied Sciences Technikum Wien

Master of Science in Engineering (MSc.)
Master's Program in Information Management and IT Security.
September 2016 - June 2018

University of Vienna

Bachelor of Science (BSc.)
Bachelor's Program in Business Informatics.
October 2007 - September 2016

State Pedagogical University of Mongolia

Bachelor of Arts (BA)
Bachelor's Program in Teaching profession German-Mongolian.
September 1999 - June 2003

Skills

Professional skills

  • GOVERNANCE, RISK & COMPLIANCE (GRC)
    • Developing GRC strategies: Implementation and monitoring of governance, risk management, and compliance strategies.
    • Risk Management: Application of frameworks like ISO 31000 and ISO 27005 for risk identification and mitigation.
    • Compliance Management: Ensuring compliance with relevant standards (ISO 27001, ISO 22301) and legal requirements.
  • SECURITY MANAGEMENT SYSTEMS (ISMS & BCMS)
    • ISMS Implementation: Establishment, maintenance, and continuous improvement of an ISMS in accordance with ISO 27001.
    • BCMS Implementation: Establishment and management of a Business Continuity Management System according to ISO 22301.
    • Integrated Management Systems: Integration and optimization of ISMS, BCMS, and other management systems.
  • SECURITY POLICIES AND PROCESSES
    • Security Policies: Creation, revision, and implementation of security policies and procedures.
    • Training and Awareness: Conducting training to raise employee awareness on information security.
  • CONSULTING AND PROJECT MANAGEMENT
    • Internal Consultant for Cybersecurity Projects: Advising leadership and teams on the implementation and optimization of cybersecurity strategies.
    • Project Management: Leading and coordinating cybersecurity projects, including planning, execution, and monitoring of security initiatives.
    • Stakeholder Management: Collaborating with various departments and external partners to ensure successful implementation of security projects.
    • Process Optimization: Identifying areas for improvement in security processes and systems, and implementing solutions.

Languages

Achievements

Certifications

Certificates

Interests

In my free time, I cherish moments with my family, especially enjoying bike rides when the weather permits. I have a passion for photography, particularly capturing the beauty of nature, and I love exploring museums to gain new perspectives and inspiration.

At home, I stay engaged with the latest cybersecurity trends and issues, ensuring I'm always informed. To unwind, I enjoy tinkering with my small home server, which allows me to experiment and explore interesting tools and stuff.