Riccardo Meneghel

Overall responsibility for subsidiaries “Raiffeisen Leasing” and “Valida” in all Security domains (Information Security, Business Continuity/Disaster Recovery and Physical Security). Consult and advise major projects in regards to security requirements analysis, architecture and design check. Conduct business impact analysis across the operation of the bank in Austria, primarily through interviewing managers and other contacts, and collating the results. Plan and carry out crisis management exercises.

As CSO Austria my responsibilities included *manage and develop security officers in the Austrian Security Team *proactively manage and further develop the Austrian security strategy in line with the overall security strategy of RBI group *security policies, standards and directives *manage security projects in order to improve the security level *Security awareness concept *Business Continuity Management *Physical Security *manage critical security incidents and act as emergency manager

I developed and maintained group security regulations (policies and standards) according to established security standards (e.g. ISO 27001, COBIT, etc.). I continuously advised innovation projects in RBI during their entire life cycle by consulting stakeholders from the preliminary project phase until the approval. I supported all ongoing security projects (SIEM, DLP, Data Masking). I handled security incidents and supported BCM/DR activities.

At Cognosec I participated in pre-sales activities and customer acquisition. I elaborated needs and requirements together with customers, reflected in compiled proposals and project plans.I developed, tested and deployed new and current suite of risk management solutions and custom applications based on client requirements, using appropriate Governance, Risk and Compliance Governance Frameworks and last but not least, carried out risk assessments, based on tailored methodologies to the respective project.

My field of duties at bwin was among others to audit the IT infrastructure as well as related processes and procedures utilizing COBIT and ISO 27001 frameworks; to assess weaknesses and deficiencies of information processing systems and applications as well as processes and procedures, supporting them; to support the annual external audits (conducted by KPMG) as well as to support regulatory compliance audits (ARJEL, EGBA, eCogra) in the Gaming Industry.

• Companywide implementation of the Aveksa Compliance Manager solution. • Assessment and remediation of authorization levels, user access rights, authentication mechanisms and verification of segregation of duties. • Role based access control frameworks and assessments of Information Systems as well as of supporting processes and procedures. • Evaluation of various IDM solutions and conducting POCs with vendors and internal stakeholders.

Access Control Systems / Network Security / Physical Security