Saso Mickov

Curriculum Vitae Saso Mickov First / Given Name: Saso Last / Family Name: Mickov Date of Birth: - Place of Birth: Skopje, Macedonia Mailing address: Nereska 7a, 1 000 Skopje, Macedonia Phone: Home: +- E-mail address: -/- Internet CV : http://www.linkedin.com/in/sasomickov Marital status: Married Driving licence: B Blog: http://netiks.blog.com.mk/ Army call: Served 1998 / 1999; military camp “Ilinden”,Skopje, Macedonia Educational background  GSM: - Secondary School- “Rade J. Korcagin”, Skopje, Macedonia – major subject: mathematics-informatics  Electrotechnical faculty Skopje, University "Ss. Cyril and Methodius"- Skopje,- Bachelor’s Degree : Computer Techniques, Informatics and Automatic  Postgraduate Studies: E-Business Management, Faculty of Economics, University "Ss. Cyril and Methodius"- Skopje, 2011/2012 Master Theses: “AUDIT OF INFORMATION SYSTEM IN THE BANKING SECTOR USING COBIT METHODOLOGY “ Professional Certification      CISA - Certified Information Systems Auditor CIA - Certified Internal Auditor Information Security ISO 27001 Lead Auditor ITIL v3 Foundation Certificate Microsoft Certified Systems Engineer- MCSE Employments Profile  - Login Systems, Skopje System Administrator 2002 - 2005 Stopanska Banka, Skopje System Administrator 2005 – 2014 Stopanska Banka, Skopje Information System Auditor 2014 – present Sparkasse, Banka Skopje    Information Security Officer Key Points and Competencies Over 20 years of professional experience, of which 10 years of experiences as IT audit and assurance professionals with appropriate technical and business knowledge will require that they not only understand the IT issues, but also how to address effectively any risks or deficiencies through recommendations that are logical, practicable and business-focused. Strong analytical, presentation and writing skills. Result-oriented team player excellent in problem solving, with strong communication and interpersonal skills. Enthusiastic, hard worker, and highly creative. Main Technical Skills  Microsoft Desktop applications (Word/ Excel/ Access/Power Point)  Microsoft Operating systems  IBM AIX UNIX operating systems  Microsoft Server applications o Windows Server, SQL Server, Exchange Server, ISA  TCP/IP protocol suite: design and implementation  McAfee Enterprise security and protect products suite  SAP Administration and Audit  CISCO Network and Security Management Suite  GRC Paisley Audit Management Tool  ACL - Data analysis, audit and reporting software Current main objective at the current position - CISO:  Performing assessment of effectiveness and efficiency of system of secuirty controls implemented in Bank Information System; through collecting and evaluating evidence of an IT organization, practices and operations. More specific to determine if a Bank has adequate standards in place for system development, data center operations, data base management, network administration and overall information security.  Assess the adequacy and mature of the Bank Operational Risk Management framework in accordance with the best practice ( COBIT, COSO) or law and regulation (SOX, Basel II), that would ensure the legitimacy, accuracy and correctness of operations and security of the Bank.  Implementation of database and development of scenarios for analysing of financial statements and transactions to detect and deter fraud in the Bank.  Establishment and coordination of the Business Continuity and Business Impact Assessment in the Bank Professional Experience / Main Projects last update: July 2014 2  Member of the project team in cooperation with Directorate for Personal Data Protection in Macedonia for establishment of Privacy Impact Assessment Methodology  Actively participation in the seminars and training programs of The IIA Chapter of Macedonia (National Conference 2004,2015)  One of the initiator for establishment of Information Security Committee and CIRT as part of Macedonian Chambers of Commerce Previous main projects:   Participating in international Audit engagement as part of National Bank of Greece Group Audit Team in following : o SOX implementation in United Bulgarian Bank, Sofia October 2006. o T24 GLOBUS implementation in Vojvodzanska Banka, Novi Sad, October 2008 o Risk assessment and Audit of IT Governance in NBG Tirana, June 2009 Development of – Information Security Management System (in accordance with ISO 27001 - Security Standard in Information Technology), which includes technical and as well many organizational and administrative related tasks (Developing Information Security Procedures, Managing Business Continuity Planning and Information Security Planning). Part of this framework was implementation and development of procedures and framework for effective IT Project Management in the Bank.  Consulting engagement in Implementation of project for migration and consolidation of (private cloud) of main Banking software (GLOBUS).  Participation in the project for E-bank improvement of security and functionality of E-bank solution. The project was focused on implementation of adequate mechanism for authentication for the clients, as base for all alternative channels in the Bank.  Implementation of Windows Active Directory in computer network of the Bank  Consulting and implementation the system of payments between local banks, central bank and Payment Operational Services in RM o last update: July 2014 The system provides secured connection of Payment Operational Service and all parts of commercial banks with central nod of POS and Central Bank. Through this system banks deploy their payment orders to POS and Central Bank for processing and approval. All data is placed in relational database SQL Server, and the 3 connection is made throw Windows NT router with Eicon WAN adapters, TCP/IP and use X.25.  Consulting and implementation the Central Register in RM o  Consulting and implementation of new system architecture in the Payment Operational Services in RM o  Installing and supporting Microsoft software, Eicon WAN and ISDN products, Veritas software and Network Associates Design of system architecture (integration, connectivity, security, performance), installation and configuration system software (BackOffice, Windows NT Workstation, Backup Exec, Office….); connection of the location with primary connection through Frame Relay and secondary connection with ISDN. Maintenance and supporting the payments systems in various local banks in RM o Designing, implementing and supporting Login Systems Helpdesk services  Project lead for implementation of Cyrillic and Macedonian Language localisation in Windows 98 – for the first time in the Microsoft products  Technical support for the system of auction between central bank and local banks in RM o  Installing and supporting auction system in the banks Participating in relevant seminars and events related to IT technology as follows: presenter in MICROSOFT VIZIJA 2003 conference in Macedonia (Subject of presentation: Microsoft Project) o 4th SEEITA Conference & 3rd MASIT Open Days Skopje, Macedonia, May 2006 o DECUS User Group Conference, 2008 o itSMF Regional Conference Ohrid Macedonia, My 2009 o First International Conference, IIA Macedonia, 24-25 October 2013, Skopje Planning and execution of a training and awareness program for the various relevant target audience, as follows: o  o o o o last update: July 2014 System engineer for Microsoft server products – Login Systems Executive training for system engineer for Microsoft server products in Alexandria Computer Academy Executive training for information security - CISSP Preliminary Exam; USAID/Impact Project, Alexandria Computer Academy “Information Security Initiative” project; implemented by the Metamorphosis Foundation with the support of the 4 o Professional membership Other Qualifications and Certifications last update: July 2014 Foundation Open Society Institute – Macedonia (www.metamorphosis.org.mk) Training and consultancy regarding the IT Governance, Risk and Control as part of EU IPARD program in Macedonia for the local staff. (10 – 14 May 2010)  Member of ISACA - Information Systems Audit and Control Association (www.isaca.org)  Member of the Association of Internal Auditors from the Republic of Macedonia (www.aiam.org.mk) affiliate of international Institute of Internal Auditors (na.theiia.org)  Member of ISSA (Information Systems Security Association) and promoter for developing of Macedonian chapter  Active member and promoter of Macedonian Training Network (www.mmo.org.mk) – organization for promotion and establishing rules and professional ethics for trainers  Participating in Information Security Initiative for establishing security of information systems in all segments of societal and business environments remains basic assumption for functional information society.  Member and active participating of developing awareness for IT Security (Club ISO17799 – organization)  Microsoft Certified Systems Engineer- MCSE, which include following exams: o Implementing, Administering and Supporting Microsoft Windows 2000 Server o Installing, Configuring and Administering Microsoft Windows 2000 Professional o Implementing and Supporting Microsoft Exchange Server 5.5) o Implementing and Administering a Microsoft Windows 2000 Network Infrastructure o Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure o Designing a Microsoft Windows 2000 Directory Services Infrastructure o Designing Security for a Microsoft Windows 2000 Network  Certificate: Information Security Management Systems (according to ISO 17799:2000) – provided by TUV Austria Hellas  Certificate: BS 779 Lead Auditor - Information Security Management Systems (according to BS 7799:2002 / ISO 17799:2000) – provided by British Standards Institution 5 Languages Training  CISCO certified trainer for CCNA 1 – Basic Network Module  Microsoft Sales Specialist  Brainbench-the measure of achievement (www.brainbench.com) certifications for: last update: July 2014 MS Windows NT.40 Administration o MS Windows 2000 Server Administration o Internet concepts o TCP/IP Administration  Native: Macedonia  Fluent: English, Serbian, Croatian, Bulgarian  Beginner level: German  COBIT - Improving IT Governance Athens, Feb. 2008; lecturer: Hendrik Ceulemans  Implementation of SAP Audit Information System Athens, Greece Sept. 2007  The COBIT framework seminar Athens, Greece Dec. 2006 Implementation Security Management System Opus, Athens, Greece Feb. 2005  Main Career focus o  Internal Audit for BS 7799: 2002 / ISO 17799 BSI Official Course - December 2004, Skopje  Network Management NIL Training Center, Ljubljana June, 2004  Train the Trainer SEED, Sept. 2002  AIX IBM Unix 4.3 Stopanska Banka, Apr. 2001  Conference for Exchange 5.5 Hamburg, Germany, Sept. 1999  COBIT Implementation: IT Governance / Management  Business Process Management / Business Process Reengineering  Information Security Management System (ISO/BSI 27001)  Business Continuity and Disaster Recovery Management Process  Operational Risk Management 6