Ganbadrakh Danzan-Ayush

Information Security Governance • ISMS (ISO 27001) • Risk Management • Cyber Resilience • Zero Trust
MSc | CISSP | CISM | CRISC | CISA | CCSP | CGEIT | CCZT

Information Security & GRC professional with 8+ years of experience supporting organizations in building, maturing, and scaling security governance frameworks in complex environments.

Specialized in ISMS (ISO/IEC 27001), enterprise risk management, and the application of modern security concepts such as Zero Trust within governance, risk, and control frameworks.

Experienced in helping organizations navigate evolving regulatory requirements including NIS2 and DORA, while aligning security initiatives with business objectives and risk appetite.

Focus Areas

  • Information Security Governance
  • Information Security Management Systems (ISO/IEC 27001)
  • Business Continuity Management (ISO 22301)
  • Enterprise & Information Security Risk Management
  • Cybersecurity Governance Frameworks
  • Regulatory Compliance (NIS2, DORA)

Certifications

Information Security & Governance

Cloud Security & Computing

AI & Data Science

Additional Certifications

Work Experience

Information Security Manager

A1 Telekom Austria

• Contribute to the development and continuous improvement of group-wide security governance frameworks and policies

• Support cybersecurity risk management and compliance initiatives across multiple operating companies within the group

• Collaborate with stakeholders to align security governance practices with regulatory and business requirements

• Support the implementation of security standards and governance processes to strengthen organizational resilience

August 2023 - Present

Information Security Officer & Business Continuity Manager

Credi2

• Integrated Business Continuity Management (BCMS) into the existing Information Security Management System (ISMS)

• Contributed to the development of an enterprise risk management framework including information security risk management

• Supported governance initiatives to strengthen regulatory compliance and organizational resilience

• Coordinated security governance activities across business and technical stakeholders

May 2022 - July 2023

ISMS Manager

Deloitte Austria

• Coordinated the local implementation of global cybersecurity initiatives defined by Deloitte Global

• Supported the operation and continuous improvement of the Information Security Management System (ISMS)

• Coordinated internal and external security audits and supported compliance activities across Deloitte Austria

• Engaged with leadership across multiple offices to support the implementation of global security initiatives

May 2019 - March 2022

Advisory Associate - RPA Consulting

KPMG Austria

• Supported consulting engagements focused on robotic process automation (RPA)

• Contributed to the analysis and optimization of business processes through automation initiatives

February 2019 - April 2019

System Administrator (Working Student)

IBM Austria

• Supported administration of payroll systems within the IT infrastructure

• Assisted with system maintenance and operational support activities

September 2017 - November 2018

Professional Skills

  • Information Security Governance & Management Systems

    Design and continuous improvement of ISMS aligned with ISO/IEC 27001, integration of management systems including BCMS, and development of governance frameworks supporting organizational resilience.

  • Governance, Risk & Compliance

    Enterprise risk management and information security risk management based on ISO 31000 and ISO/IEC 27005, including regulatory alignment with NIS2, DORA and other security requirements.

  • Security Policies, Processes & Awareness

    Development of security policies, standards and governance processes, combined with organizational awareness initiatives supporting sustainable security practices.

  • Cybersecurity Program & Stakeholder Management

    Coordination of cybersecurity initiatives, project management, and collaboration with technical and business stakeholders to implement security improvements.

Frameworks & Standards

Information Security & Governance

  • ISO/IEC 27001 – Information Security Management Systems (ISMS)
  • ISO/IEC 27002 – Security Controls
  • NIST CSF 2.0 – NIST Cybersecurity Framework
  • COBIT - IT Governance

Risk Management

  • ISO/IEC 27005 – Information Security Risk Management
  • ISO 31000 – Enterprise Risk Management
  • NIST RMF – NIST Risk Management Framework

Business Continuity & Resilience

  • ISO 22301 – Business Continuity Management Systems (BCMS)

Regulation & Compliance

  • NIS2 Directive
  • DORA – Digital Operational Resilience Act

Education

University of Applied Sciences Technikum Wien

Master's Program in Information Management and IT Security (MSc)
September 2016 - June 2018

University of Vienna

Bachelor's Program in Business Informatics (BSc)
October 2007 - September 2016

State Pedagogical University of Mongolia

Bachelor's Program in Teaching profession German-Mongolian (BA)
September 1999 - June 2003

Languages