IT Infrastructure Stream Leader
NLB Group
Keywords
Computer Security
Finance
Auditing
Operational Risk Management
Business Continuity
Business Continuity Planning
Business Efficiency
Make decisions
Disaster Recovery
Diversity Awareness
Skills
Senior with over 20 years in IT and 15-year experience in high level IT management positions, with expertise in finance/banking industry and government administration.
Rich experience gained through CIO level positions - director of IT Operations and Support Division (NLB, Komercijana banka), head and deputy-head of ICT Division, Ministry of Foreign Affairs, Serbia.
Proven ability to create and execute IT strategies, align IT and business strategies, lead and organize/reorganize large IT teams, improve and optimize processes and operational efficiency, with special focus on successfully delivering large scale strategic IT projects, especially in the area of information security and IT infrastructure.
Wide, in-depth knowledge of IT systems/processes and associated risks – assessment, decision making and implementation of controls. Served as a member of the Bank`s Operational Risk Management Board, representing IT function.
While working in banking industry, gained understanding and wide experience in information security and other related legislations (Information Security Law, National Bank of Serbia regulations, EBA guidelines, GDPR etc), also with best practices in disaster recovery and business impact analysis, business continuity plans, information risk management and IT operational risk management.
Extensive experience as a responsible person in front of IT function for cooperation with internal and external IT audits, financial audits and regulatory inspections, also for certification and recertification (ISO 27001, ISO 20000)
Experienced in working within dynamic, multistakeholder and multicultural environments.
Rich experience gained through CIO level positions - director of IT Operations and Support Division (NLB, Komercijana banka), head and deputy-head of ICT Division, Ministry of Foreign Affairs, Serbia.
Proven ability to create and execute IT strategies, align IT and business strategies, lead and organize/reorganize large IT teams, improve and optimize processes and operational efficiency, with special focus on successfully delivering large scale strategic IT projects, especially in the area of information security and IT infrastructure.
Wide, in-depth knowledge of IT systems/processes and associated risks – assessment, decision making and implementation of controls. Served as a member of the Bank`s Operational Risk Management Board, representing IT function.
While working in banking industry, gained understanding and wide experience in information security and other related legislations (Information Security Law, National Bank of Serbia regulations, EBA guidelines, GDPR etc), also with best practices in disaster recovery and business impact analysis, business continuity plans, information risk management and IT operational risk management.
Extensive experience as a responsible person in front of IT function for cooperation with internal and external IT audits, financial audits and regulatory inspections, also for certification and recertification (ISO 27001, ISO 20000)
Experienced in working within dynamic, multistakeholder and multicultural environments.
Project history
03/2021
-
05/2022
Scope of IT Infrastructure Stream included defining, planning and operational integration of IT infrastructure of both banks into a consolidated infrastructure, covering:
o Target Infrastructure Layout (TIL) which fully supports defined Target Application Layout (TAL) of the integrated bank – defining TIL architecture, capacity planning, technologies and vendor selection for IT infrastructure solutions (
o Asset management – Unification of all IT assets in two entities, harmonization with NLB Group standards and consolidation of
Marija Savic
SKILL PROFILE
Enfina – Security s.r.o. 13.01.2023
Ruska 1895, CZ-25082 Úvaly Page 3 of 6
office@enfina.com
asset inventories from different sources (SAP, CA CMDB, SCCM, Service Now, EasyVista)
o Creation and maintenance of required IT environments for the integration process – data migration environments, application gaps consolidation environments, dress rehearsal etc. Ownership of the environments
o Consolidation and merger of other banking services – digital channels, ATMs, branch office network, Call centre, client desktop integration
o Storing and archiving data of previous legal entities in compliance with national and international regulatory standards, providing future access to archive environment for business users and regulatory compliance purposes
o Operational integration and cut-off – defining operational risks associated with the cut-off procedures, creating mitigation plans and measures Creation and execution of go-live plan, live communication among all streams, post-integration monitoring and incident response during stabilization period.
o Target Infrastructure Layout (TIL) which fully supports defined Target Application Layout (TAL) of the integrated bank – defining TIL architecture, capacity planning, technologies and vendor selection for IT infrastructure solutions (
o Asset management – Unification of all IT assets in two entities, harmonization with NLB Group standards and consolidation of
Marija Savic
SKILL PROFILE
Enfina – Security s.r.o. 13.01.2023
Ruska 1895, CZ-25082 Úvaly Page 3 of 6
office@enfina.com
asset inventories from different sources (SAP, CA CMDB, SCCM, Service Now, EasyVista)
o Creation and maintenance of required IT environments for the integration process – data migration environments, application gaps consolidation environments, dress rehearsal etc. Ownership of the environments
o Consolidation and merger of other banking services – digital channels, ATMs, branch office network, Call centre, client desktop integration
o Storing and archiving data of previous legal entities in compliance with national and international regulatory standards, providing future access to archive environment for business users and regulatory compliance purposes
o Operational integration and cut-off – defining operational risks associated with the cut-off procedures, creating mitigation plans and measures Creation and execution of go-live plan, live communication among all streams, post-integration monitoring and incident response during stabilization period.
03/2021
-
05/2022
IT Security Stream / Deputy Stream Leader
NLB Group
The goal of the IT Security stream was alignment with NLB Group IT security strategy, policies and standards in the area of IT security, as well as achieving Group level KPIs in this area.
First phase of the Project included thorough inspection of overall security posture of the Banks information system, finding vulnerabilities, assessing risks and proposing actions for resolving and mitigation measures.
Activities included participation in third party IT Security Assessment and AD Security Health Check (conducted by CSIS Security Group, Denmark), followed by penetration testing, NLB Group CISO / Compliance assessments, regular vulnerability scanning etc,
Second phase focused on analysis of the reports and recommendations, prioritization of activities based on severity and potential impact on production systems, creation of Action plans for resolving vulnerabilities and implementation of risk mitigation measures, regular follow-ups and progress reporting,
The scope of the Stream also included operational integration into Group Standard SIEM solution (IBM QRadar) with all related tasks, as well as integration into the Group level SOC service.
First phase of the Project included thorough inspection of overall security posture of the Banks information system, finding vulnerabilities, assessing risks and proposing actions for resolving and mitigation measures.
Activities included participation in third party IT Security Assessment and AD Security Health Check (conducted by CSIS Security Group, Denmark), followed by penetration testing, NLB Group CISO / Compliance assessments, regular vulnerability scanning etc,
Second phase focused on analysis of the reports and recommendations, prioritization of activities based on severity and potential impact on production systems, creation of Action plans for resolving vulnerabilities and implementation of risk mitigation measures, regular follow-ups and progress reporting,
The scope of the Stream also included operational integration into Group Standard SIEM solution (IBM QRadar) with all related tasks, as well as integration into the Group level SOC service.
03/2021
-
05/2022
Stream Leader
NLB Group
The aim of the Project was consolidation of the primary and secondary (DR hot sites) data centres of two banks, creating the secondary data centre from scratch. The scope and tasks included analysis of local telehousing service providers, procurement procedure and contract negotiation for telehousing service, providing interconnection service between data centres, procurement and implementation of IT infrastructure solutions - storage, servers, network and IT security appliances, and finally operational migration of all IT services to the new site.
01/2020
-
01/2022
Project Sponsor
NLB Group
Project goal was implementation of Softwer Defined Network (SDN) solution, in datacentres in both Ljubljana, Slovenia and Belgrade, Serbia as part of NLB Group IT strategy – to form a backbone of future corporate infrastructure, simultaneously introducing a new layer of security by implementation of micro segmentation features.
Activities included Project initiation, providing approval and funds by Executive and Management Board respectively, defining scope and budget, taking active role in defining Project plan and oversight of all subsequent activities - market research of global leaders and SDN technologies, in depth technical and financial analysis for optimal SDN solution, oversight of selection and procurement process, third party contracting, and subsequently providing seamless implementation, while minimizing operational risk and impact on business continuity.
Activities included Project initiation, providing approval and funds by Executive and Management Board respectively, defining scope and budget, taking active role in defining Project plan and oversight of all subsequent activities - market research of global leaders and SDN technologies, in depth technical and financial analysis for optimal SDN solution, oversight of selection and procurement process, third party contracting, and subsequently providing seamless implementation, while minimizing operational risk and impact on business continuity.
01/2018
-
01/2020
Member of the Project core team, IT representative
Komercijalna banka AD, Belgrade
Preparing and presenting all relevant IT documentation – IT Strategies, policies and procedures, organisational charts and job descriptions, IT budgets and other financial documentation, third party contracts, IT external and internal audit findings, Disaster recovery documentation, BC plans, HR analysis of IT staff, technical documentation – service models, architectures, IT assets, etc. Preparing presentations, participating in workshops and direct Q&A sessions with bidders, verification of closing documentation in the IT area.
Also responsible for in-house development, implementation and maintenance of VDR (Virtual Data Room) for due – diligence purposes, creating related policies and procedures, access and authorization rights management (Microsoft AD RMS)
Also responsible for in-house development, implementation and maintenance of VDR (Virtual Data Room) for due – diligence purposes, creating related policies and procedures, access and authorization rights management (Microsoft AD RMS)
01/2017
-
01/2020
Project Sponsor
Komercijalna banka AD, Belgrade
Serving as a Project Sponsor for several project in the area of information and cyber security, with the aim to mitigate operational risk in this area.
Task included project initiation, definition of scope and budget, creation of Project Charter, active participation in project planning. Also, oversight of all project activities - research and analysis of global leading vendors and solutions, procurement process, selection and contract negotiation, as well as project implementation.
Task included project initiation, definition of scope and budget, creation of Project Charter, active participation in project planning. Also, oversight of all project activities - research and analysis of global leading vendors and solutions, procurement process, selection and contract negotiation, as well as project implementation.
01/2008
-
01/2011
Project Manager
Ministry of Foreign Affairs, Republic of Serbia
This strategic project aimed at introduction of completely new IT infrastructure and applications in the area of information security and data protection, in the MFA headquarters and its diplomatic missions around the world.
Tasks included preparing Project documentation, coordination between different government bodies/stakeholders, coordination of activities with third parties (vendors, suppliers), granting certification of hardware and software components and relevant legislative approvals. Active participation in procurement process (international procurement), contract terms negotiation, oversight of software development process for this custom solution. Planning and organizing implementation process in diplomatic missions, also end user training programmes. Drafting new internal MFA procedures, related to operation of the new solution.
Tasks included preparing Project documentation, coordination between different government bodies/stakeholders, coordination of activities with third parties (vendors, suppliers), granting certification of hardware and software components and relevant legislative approvals. Active participation in procurement process (international procurement), contract terms negotiation, oversight of software development process for this custom solution. Planning and organizing implementation process in diplomatic missions, also end user training programmes. Drafting new internal MFA procedures, related to operation of the new solution.
Local Availability
Open to travel worldwide
