Organization and coordination of the activities of Information Security Officers on the analysis of changes implemented by business&service teams for exposure to information security risks: - were updated and formalized approaches to the identification and assessment of information security risks associated with the implementation of changes at various levels (from minor&local changes and modificatios to strategic programs), developed approaches were implemented in both the classic and AGILE change delivery processes - was enhanced control over the implementation of InfoSec measures within the implementation of changes - were updated approaches on conducting of InfoSec risk-audits of the Bank's IT systems - performing the functions of InfoSec Officer within the implementation of strat. projects of the Bank ( including mergers & acquisitions) as well as within the framework of the Bank's activities to respond to COVID19 Development of the information security risk management system: - implementation of InfoSec risk profile, conducted RCSA according to the group's standards; - development of the system for monitoring InfoSec KRIs - developement and control of implementation of requirements for automation of processes and procedures in the area of responsibility in GRC ARCHER - enhancement of integration of InfoSec risk management processes into the Bank's overall risk management system - enhancement of InfoSec risk management to ensure compliance with the requirements of 716-P.

Run-tasks within the operational risk management framework: - analysis of new products, business & service changes for exposure to technical risks, participating in product, arhitecture and techenlogical committes; - loss data collection: ensuring process execution and improvement; - risk-advisory on operational & technological risk topics for IT&InfoSec units (acting as the business-partner) : OR incidents investigation & analisis; supporting & coordination of RCSAs; action plans monitoring; supporting of development and implementation of management control & supervison; conduction of scenario analysis for IT \ InfoSec-related issues; supporting of development, implementation and monitoring of KRIs and indicators of risk appetite; ; - risk reporting in the area of responsibility. Change - tasks within the framework of the OpRisks and BCP management under ORM Department governence: - new IT-system for managerial control & supervision was implemented, - automated interchange with technical data with SG Group was implemented to ensure the functioning of OpRisks tools and to provide compliece with ECB requlatory requirements; - implementation of single GRC-system for OpRisks management prepared and intiated ( inc. developed business-requirements, approved budgets) - IT-systems &tools owned by ORM Dept were fully transferred from self-administration provided by risk-management staff to IT-support Business continuity: - coordination of testing of DRs & BCP plans (scenarios of activation of the backup premisses, DataCenter, the activation of the crisis-management in case of cyber threats) - formalization and improvement of the BIA process, improvement of the BIA methodology - improvements of crisis communications - acting as BCP coordinator in crisis cell while responding to realized threats.

A methodology for the op.risk management has been developed and implemented in the management and operational processes of the organization, including: - the methodology for assessing operational risk, including legal and compliance risks; - the procedure for operational risk incidents management; - the process of collecting data on operational risk events; - the methodology for self-assessment of risks and control measures. In line with the RCSA- methodology was provided the risk- analysis for - processes, services and technologies to change / to implement; - separate business and service lines, business projects and transactions (securitization, rental housing, etc.); - the key operational business processes and projects for outsourcing (mortgage services, securitization transactions, rental housing, involvement in the economic turnover of land, etc.). The system of key indicators of operational risk was implemented, including local indicators on separate processes as well as the general indicators of the operational risk related to related to company's activity. The indicators of appetite for operational risk were defined and put on regular monitoring. The system of internal reporting on operational risk was implemented on different levels of the corporate management. The monitoring of compliance with certain significant conditions on securitization transactions was organized. The Business continuity management policy for company group has been developed and prepared to implementation. Separate ВСP plans were prepared for the implementation.

1. Organisation and carrying out activities of the risks and controls self-assessment within the units of the Bank • development and approval of guidelines • assistance in carrying out of RCSA • building of the risk-profile of business-processes 2. Organisation of the process of operational risk events registration and investigation (including fraud) • development of the process model • defining the business requirements for automation • development of the methodology ( including the anti-fraud policy) • participating in investigations, assessment / evaluation of losses, developing of the mitigation plans. 4. Assistance in optimisation of the existing processes / implementation of changes • identification of the weaknesses of existing procedures, assessment of the efficiency of existing controls in terms of operational risk management • implementation of the changes of the processes and methodology • participating in current tenders and outsourcing projects for the purposes of the risks identification and assessment, developing the mitigation plans, monitoring of compliance with the risk’s requirements in selection of suppliers and contracting). 3. Organisation of business continuity management in accordance with requirements of the Group's management company, and ISO 22301:2012 / GOST R 53647 standards • Development and approval of business continuity policy and updating of internal guidelines • Preparation (including developing the methology) and carrying-out of an business impact analysis • development of strategies and plans of business continuity and disaster recovery.

1. Project management, organisation and implementation of the project activities in the field of operational risk: • preparation, approval of the project and its budgets, calculation of economic efficiency • project plan development • preparation of the models, flowcharts of the process , cost estimation of the process • development and approvalof risk assessment models, carrying out valuation and measurements • participation in the development of analytical models/rules ( including AML, antifraud) • preparation of business requirements, terms of reference • organisation and performance of tests, applying processes in operation • management of mixed project teams (reporting line and immediate supervision, internal and third party contractors) Projects: • Implementation of the automated control system of operational risk powered by SAS EGRC • projects in the area of IT security and fraud management, including projects in the field of AML • projects on optimisation of business processes in corporate banking services ( especially lending activities) 2. Organisation and implementation of the routine activities of the unit • Process of identification of the operational risk events based on different sources • analysis and investigation of the operational risk events, maintenance of the database of such events. • quantitative and qualitative assessment of the operational risk, including self-assessment(RCSA) • monitoring the system of key indicators of operational risk • development and preparation of reports on operational risk for units, Board of Directors, CB, and formation of maps of the risk of individual processes and the whole Bank • development and preparation of proposals of process changes based on the accumulated information 3. Preparation of response to the request of Regulator (current and during the inspection), and assistance with queries of the units related to operational risk. 4. Development and implementation of internal normative documentation of the Bank. 5. Planning and organisation of the units' activities.

1. Development and implementation of operational risk management system • Preparation of the internal regulations related to the operational risk • Improvement of the identification procedure of operational risk, automation of procedures • Updating the business continuity and disaster recovery plan • internal reporting 2. Organisation and implementation of the routine activities of the unit • Data collection of the operational risk events from different internal and external sources of information • analysis of the projects concerned with implementation or changes of banking products, services or infrastructure in terms of exposure to operational risks • analysis of the outsourced processes and functions • development of the evaluation model of operational risk, assessments • assessment of existing and implemented measures to mitigate the risks • Formation of the regular reporting, risk-profile of Bank's processes 3. Planning and organisation of the unit's activity.

1. Project management of implementation of customer services and different electronic systems (including internet banking for retail customers). 2. Creating of business requirements, preparation of terms of reference 3. Development of conditions for accepting of retail deposits, conditions and tariffs for cash and settlement service. 4. Support of products and marketing 5. Financial modelling/analytics 6. Reporting activities

information technology, applied Mathematics and Physics, Applied information technology in management and business

Part-time study, Finance and Credit

Samara State University of Economics, Specialist of financial market in broker, dealer activities and securities management