Ganbadrakh Danzan-Ayush

MSc. | CISSP | CCSP | CISM | CRISC | CCSK

Passionate GRC & Information Security Professional with 5+ years of expertise in both information security and cyber security. Skilled in the implementation and development of Information Security Management Systems (ISO 27001), Business Continuity Management Systems (ISO 22301), and Risk Management Systems (ISO 31000).


Experience

Information Security Manager

A1 Telekom Austria (Austria)

- Development of enterprise-wide requirements in the form of security policies, guidelines and baselines

- Development of concrete security controls based on best practices and stakeholder feedback, and

- Support in the interpretation and implementation of these controls

- Design of enterprise-wide security reporting

since August 2023

Information Security Officer / Business Continuity Manager

Credi2 (Austria)

- Improvement of the information security management system (ISMS) according to the ISO/IEC 2700X series of standards

- Develop information security strategies, policies and procedures

- Optimize integrated risk management framework

- Preparation and execution of information security awareness programs

- Identify and evaluate security vulnerabilities, threats and risks

- Incident response handling

- Develop and operate Business Continuity Management

May 2022 - July 2023

Information Security & GRC Consultant

T-Systems (Austria)

- Consulting in various focal areas of information security management as well as GRC (Governance, Risk & Compliance)

- Support in setting up & further development of management systems, incl. process definition and development, as well as workflow process automation in GRC/Security Management Tool "BIC GRC"

- Execution and process development of threat and risk analyses, risk management as well as security assessments

- Definition and implementation of technical and organizational security countermeasures

April 2022 - May 2022

Information Security Manager

Deloitte (Austria)

- Development, controls and operations of the ISMS

- Conducting risk analyses and risk assessments

- Identifying vulnerabilities/security risks and developing improvements and countermeasures

- Create and revise policies, procedures and processes

- Handling security incidents

- Collection and monitoring of security-related KPIs

May 2019 - March 2022

Advisory Associate / RPA Developer

KPMG (Austria)

- Process evaluation and feasibility assessment for RPA

- Design, development, UAT and deployment of RPA bots<

February 2019 - April 2019

System Administrator for Payroll Systems

IBM (Austria)

- Database administration and IT support in Payroll Systems

- Maintenance and operations of payroll databases

- Deputy Security Officer in Payroll Team

- Maintenance and administration of internal HR website

- Preparation of various monthly reports from payroll databases

September 2017 - November 2018

Translator Mongolian-German

"Ikh-Uils Center" NGO (Mongolia)

- Translation of official documents and records

September 2006 - April 2007

Project Manager

"Ikh-Uils Center" NGO (Mongolia)

- Acquisition of sponsors

- Management and supervision of the project team

- Project management and coordination

June 2003 - September 2004

German teacher (Part-time)

Alexander-von-Humboldt School Nr. 38 (Mongolia)

- German lessons for high school upper classes

November 2003 - July 2004

Education

University of Applied Sciences Technikum Wien

Master of Science in Engineering (MSc.)
Master's Program in Information Management and IT Security.
September 2016 - June 2018

University of Vienna

Bachelor of Science (BSc.)
Bachelor's Program in Business Informatics.
October 2007 - September 2016

State Pedagogical University of Mongolia

Bachelor of Arts (BA)
Bachelor's Program in Teaching profession German-Mongolian.
September 1999 - June 2003

Skills

Skill set

  • Excellent knowledge and hands-on expertise with ISMS implementation, operations, and auditing.
  • Strong communication skills, both written and verbal, with the ability to convey technical information to non-technical stakeholders.
  • Integrated management system (ISMS + BCMS) design and architecture implementation.
  • Extensive knowledge of industry rules and compliance standards such as ISO 27001, ISO 22301, ITIL, GDPR, and NIST CSF.
  • Ability to work independently as well as collaboratively within cross-functional teams.
  • Collaborative leadership style and knowledge of project management and agile methodologies.

Languages



Interests

In my free time, I enjoy spending time with my family, riding my bike with my son when the weather is nice, taking pictures of nature, or visiting museums.

I also like to stay at home and keep up with current cybersecurity issues. To relax, I also like to tinker with my small home server or try new things on Raspberry Pi.