Panagiotis C.

Kalantzis, CISSP, CISM, ISO2700LA

3 Veroias str, GR 14122, Athens, Greece +30 6980 335566 [email protected]
STRATEGIC CYBERSECURITY LEADER & EXECUTIVE CONSULTANT
Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Senior Subject
Matter Expert
Over 13 years experience driving Information Security & Risk Management initiatives for leading
telecom, banking, consumer/trade, and public sector organizations. Passionate about integrating risk into
IT & business culture and appropriately aligning information security needs with business goals. Highly
motivated and results-oriented experienced subject matter expert in Information Security and Cyber Defense,
Information Security Vision & Leadership, C-Suite Collaboration, Business & Information Risk Management,
Business Continuity & Disaster Recovery, Penetration Testing, IT Audit, Governance and Compliance.
Demonstrated success record in:
Developing, implementing and leading comprehensive Information Security programs;
Designing, establishing and maintaining Information Security Management Systems, and
Business Continuity, Disaster Recovery & Emergency Response frameworks ensuring
compliance to industry standards, regulatory and legal requirements;
Designing and implementing Information Security awareness programs for employees leading to
the development of a security awareness culture;
Designing and Delivering of various Information Security, Business Continuity and Risk
Management training programs;
Managing vendors, partners, programs and resources
Delivering on time and budget complex Information Security & Risk Management projects.

CORE COMPETENCIES
Cyber Security
Vulnerability Management
Enterprise Risk Management
Regulatory Compliance
Executive Training

Information Security & Risk Management Penetration Testing

Business Continuity Management
IT Audit & Assurance
Fraud Risk Management
Budgeting & Planning
Team Management & Coaching
Vendor Management
Program & Project Management

HIGHLIGHTED CAREER ACHIEVEMENTS

Information Security Strategy Established the first Information Security function in MTN
Cyprus and executed a strategic 3-year plan aimed to implement key tenants of the department.
Information Security Management System Designed and maintained in MTN Cyprus the first
at group level ISMS framework, in compliance with ISO/IEC 27000 standard.
Business Continuity Management Designed and implemented in MTN Cyprus the first
Business Continuity, Disaster Recovery and Emergency Response framework.
Data Privacy Protection (GDPR) Compliance Designed a holistic DPP framework, applicable to
Small/Medium and Enterprise organizations.
IT Audit Successfully remediated ~88% of past outstanding IT Audit findings in first two years
at MTN Cyprus.
ISO Standardization Participated as Cyprus national representative at the international
ISO/IEC JTC 1/SC 27 - IT Security techniques working group.
Research Activities Participated as a Senior Subject Matter Expert in various national and
European funded research projects.
Vendor Management - Due diligence of innovative vendors and niche technologies and startups
for enriching service and product offering portfolio
Team Leading/Mentoring Awarded as YelloStars Winner for the category of Knowledge Share.
Page 1 of 4

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA

Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

PROFESSIONAL EXPERIENCE
Syntax IT, Greece
09/2015 Today
Director, Information Security Governance, Risk & Compliance
As Information Security Governance, Risk & Compliance solution owner and practice leader, I am responsible
of managing a team of 5 information security professionals for the provision of Enterprise Security Services &
Solutions, creating value propositions for enterprise customers and ensuring project delivery, managing and
expanding product and service offerings in the SYNTAX Territory. My responsibilities include:
Active participation in large-scale projects for multinational accounts acting as Project Manager for
large and high profile engagements managing entire consulting process steps including pre and postsales support, analysis, planning, design and implementation to provide solutions tailored to the
clients business strategy and IT needs;
Leading the pre-sales team developing strategic consulting opportunities in Consulting Services;
Budget formulation and execution;
Team building & coaching, reporting workflows & personnel KPIs;
Partner, contract, project, resource and SLA management;
Acting as CISO for internal ISO27000:2013.
AegIS Consulting, Greece & Cyprus
10/2013 08/2015
Information Security, Business Continuity, Governance, Risk, and Compliance Senior Associate
As a senior consultant / associate, I am actively involved in a wide range of engagements, including:
Governance, Risk & Compliance (GRC) engagements, including Risk Assessments, Business Continuity
Planning, Cyber Security and Cyber Defense strategies, Corporate Security Policy, ISO/IEC 27001
design and implementation services, Incident Response planning;
Technical Security missions, such as Security Architecture Review, Web / Network / Infrastructure
Penetration Testing, Vulnerability Assessments, Software Security Testing and Source Code reviews ;
Design and delivery of Professional Certification training programs, as well as security awareness
sessions;
Participation as a Subject Matter Expert in various national and European funded research projects;
Project management and supervision of information security engagements;
Vendor Management, Business Development and Presales activities focusing on large enterprises in
Financial, Telecommunications and Retail business sectors.
MTN Cyprus, Cyprus
01/2013 08/2013
Business Risk Management &Internal Audit Head
Headed the independent function - reporting directly to CEO and the Audit & Risk Committee - designed to
add value and improve control systems and governance within MTN Cyprus operation, by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of the business and its risk
management, control and governance. Duties and responsibilities, as Head of the Department, included:
Providing guidance and leadership in the business risk management area, serving as an internal risk
consultant to management providing with risk management insights relevant to the Operation strategic
priorities; drive implementation of risk management;
Ensuring coherence and alignment across all business units of the operation regarding Business Risk
Management & Internal Audit processes;
Ensuring alignment with the Group Business Risk Management strategy and framework;
Provide Internal Audit assurance via development and acceptance of an annual audit plan; provide
effective and independent internal audit services; communicate audit results effectively; monitor
progress on the implementation of audit recommendations;
Implementing effective fraud prevention and investigation mechanisms, investigating reported cases of
fraud and/or corruption where applicable and report results to relevant management;
Prepare proper budgets and introduce financial management discipline for BRM activities; manage
direct reports.
Page 2 of 4

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA

Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

Achievements
Influenced and encouraged the management team so that it sees the necessity and the need to have an
effective functioning Business Risk Management framework in place and accept responsibility for
implementing effective governance, risk management and control;
Empowered key stakeholders through training, open communication and interpersonal relationships;
Designed and implemented an Internal Financial Controls (IFC) framework and the respective
assessment methodology as well as the respective audit program;
Designed a Segregation of Duties (SOD) assessment framework and coordinated the respective audit
program;
Designed and implemented a pioneering at MTN Group level Customer Experience (CX)
assessment framework as well as the respective audit program.

MTN Cyprus, Cyprus

01/2010 08/2013
Information Security & Risk Manager
Served as an Information Security & Risk Manager with extensive responsibilities in Information Security,
Governance, Risk Management, Business Continuity, and Disaster Recovery principles. My main duties
included:
Designing, establishing, and implementing an effective Corporate Information Security Management
System, ensuring compliance to industry standards including all Cypriot and European regulatory and
legal requirements (e.g. Data Protection and ISO/IEC 27001), leading to the empowerment of a risk
culture;
Establishing and maintaining a Business Continuity, Disaster Recovery and Emergency Response
framework;
Managing of risk and control processes (Identification, Confirmation, Analysis, Remediation and
Mitigating actions reviews) to ensure that risks are managed appropriately;
Carrying out regular monitoring and ad-hoc testing of the operational effectiveness of the information
security framework, including the execution of Risk Assessments on information security issues and
market trends and developments, Security Audits, Penetration Tests and Technical Vulnerability
Assessments;
Establishing an information security awareness program for employees leading to the development of
a security awareness culture;
Designing and implementing a process within the organization to classify and manage assets and
information in line with information security standards;
Creating actionable enterprise information security metrics on departmental and enterprise level;
Coordinating information security related projects;
Achievements
Established the Information Security Department and executed a strategic plan aimed to implement
key tenants of the department over the past 3 years;
Designed, established and maintained in MTN Cyprus the first - in group level - ISMS framework, in
compliance with ISO/IEC 27000 standard;
Designed established and maintained in MTN Cyprus the first Business Continuity, Disaster Recovery
and Emergency Response framework;
Involved as a subject matter expert, at MTN Group level, in the design and development of an
ISO27000 compliant MTN Group Information Security Management System (ISMS);
Awarded as YelloStars Winner for the category of Knowledge Share;
Within two years, successfully remediated ~88% of past year outstanding IT Audit findings.

Page 3 of 4

Panagiotis C. Kalantzis, CISSP, CISM, ISO27000LA

Information & Cyber Security, Business Continuity, Governance, Risk and Compliance Executive

KPMG Greece, Greece

09/2008 11/2009
Assistant Manager / Supervising Senior Advisor
Served as an Assistant Manager in the Information Risk Management (IRM) department focusing in the areas
of Information Security & Compliance:
Leading client engagements in all industry sectors, providing IT & Business Risk services and
contributing in the development and growth of the firms IRM practice;
Provisioning of advisory services for the design, development, implementation and assessment of
enterprise security architectures, GRC and Risk Assessment tools and methodologies;
Provisioning of services for the implementation of Information Security Management Systems (in line
with ISO27001/27002) and Business Continuity and Disaster Recovery frameworks;
Provisioning of services in the areas of information security assessment, penetration testing and
vulnerability assessment, internal audit and compliance (PCI-DSS, SOX) for a number of clients;
Coordinating the specification writing, planning, budgeting and overall supervision of the biding and
tending process of potential future engagements in the public and private sector;
Coordinating the planning, scoping, bench marking, time & budget, and overall managing the external
IT audit of General IT/Application Control assurance testing and data analytics (CAATs).
Trasys SA, Belgium
03/2007 09/2008
Senior Information Security Consultant
As a senior member of the Information Security practice, I was involved in a wide range of activities, including:
Risk Management engagements, including Risk Assessments, Business Continuity Planning, Corporate
Security Policy / Process Development, ISO27001 design and implementation services;
Advisory and Consulting missions, including Feasibility Studies and Corporate Organization
Consulting;
Technical Security missions, such as Web / Network / Infrastructure Penetration Testing, Security
Architecture Review, Critical Infrastructure Physical and Information Security Studies, Study EU
Member States and Agencies secure connectivity requirements;
Project management and supervision of information security projects;
Business Development and Presales activities.
Greek Yellow Pages, Greece
Web Application Developer

01/2005 03/2007

Athens 2004 Olympic Games, Greece

Data Network Specialist

06/2004 11/2004

OTE SA, Greece

Information Systems Security Researcher

07/2003 06/2004

PROFESSIONAL CERTIFICATIONS
Certified Information Security Manager (CISM), Information Systems Audit and Control Association
(ISACA), 2016
ISO27001 Lead Auditor, International Register of Certificated Auditors (IRCA), 2016
Certified Information System Security Professional (CISSP), International Information Systems Security
Certification Consortium (ISC), 2015
Certified Risk Manager (CRISK), Information Systems Audit and Control Association (ISACA), 2011 - Retired
Certified Business Continuity Institute (CBCI), Business Continuity Institute, 2010 - Retired
Certified Hacking Forensics Investigator (C|HFI), EC-Counsil, 2003 - Retired
Certified Ethical Hacker (C|EH), EC-Counsil, 2003 - Retired
EDUCATION
Master of Science in Information Systems, Athens University of Economics and Business, Greece, 1999
Bachelor of Science in Mathematics, University of Patras, Greece, 1998
Page 4 of 4