Nadezda Ustinova

•Conduct comprehensive information technology audits aligned with different standards such as PCI DSS, ISO and SOC. •Collaborate with cross-functional stakeholders to enhance the organization’s security posture •Develop and mentor team members through on-the-job coaching and training programs. •Proactively drive operational improvements in internal processes through innovative ideas. •Advanced the Global PCI Compliance Program across six business areas and 60+ applications

Execution of technology audit field work on a range of various global and local banking audits, including: Communication of audit results and resolving complicated questions with audit stakeholders. Contributing to audit planning, risk assessment and presentation of findings to senior management for technology related audits, in close collaboration with the IT Audit Manager.

Manage information risk assessments and IT integrated audits (SOX) within financial audits of large international companies of various industries. Business processes review, with particular focus on the role of IT within wider business and financial reporting process risks. Communicate the identified risks, control observations and other IT audit findings with the relevant stakeholders and company’s management.

•Testing design, implementation and effectiveness of internal controls (including SoX audits) •Performing information risk assessment and testing of IT general controls as a part of KPMG financial audits (in financial services, telecommunication, consumer markets and energy industries) •Analysis of policies and procedures over IT governance and IT management comparing to the best practices and main standards

•Analysis of exchange, authentication and encryption protocols to determine if they provide necessary security level •Analysis of devices’ hardware realization to determine possible information leakage channels and protection of the devices from information loss •Development encryption systems devices and software-hardware realization of these devices •Source code and network security analysis during the development of special systems •Software development using C and Assembler programming languages

CISA (Certified Information Systems Auditor) Certification by ISACA (Information Systems Audit and Control Association) (www.isaca.org)