Gorenjska banka

My work at Gorenjska banka

I've joined Gorenjska banka in the beginnig of 2024 as Chief Information Security Officer, with task to spearhead Information Securtiy efforts for the Gorenjska banka group.

Switch to hybrid work, cummuting to Kranj and grasping the complexity of banking sector regulations (especially for IT&IS governance) for the first time, the onboarding felt like preparing for a lunar landing expedition.

However, with help and support of truly amazing co-workers and peers, the gig soon became a (still lasting) joy ride.

Februarz 2024 - current
Chief Information Security Officer

Core responsibilities:

Ensure Gorenjska banka's cybersecurity resilience through the co-development of Holding Group security strategy, compliance with regulations and frameworks (e.g., NIS2, DORA, ISO 27001), and alignment of the infosec activities with local and group objectives.
Proactively manage risks and incidents, overseeing risk assessments, incident response coordination, and stakeholder reporting to ensure transparency, oversight, and continuous improvement in security posture.
Foster a strong cybersecurity culture by managing infosec and IT security teams, delivering tailored security awareness programs, and driving effective utilization of security resources within budget constraints.

ON A DAY-TO-DAY BASIS THIS TRANSLATES TO ⬇️

Co-Development of Group Information Security Strategy

Co-development of information security strategy in collaboration with the AEC Group CISO, and ensuring alignment with group-wide security objectives.

GB Group infosec budget forecasting and ensuring value oriented utilization.

Local Risk Management and Compliance

Leading the identification, assessment, and mitigation of information security risks at the GB group level, ensuring compliance with regulatory requirements such as NIS2, DORA and industry standards & best practices (mainly ISO 27001 framework).

Reporting to both local and group leadership, as well as to local supervisory board with aim to ensure transparency and oversight of security risks.

Incident Response and Crisis Management

Oversight on incident response plans, coordinating with internal teams and the AEC Group CISO to ensure timely and effective incident handling, including conducting post-incident reviews.

Local Information Security Governance

Implementing governance frameworks, policies, and procedures, ensuring alignment with both group-wide standards and the local entity’s operational/regulatory needs.

Stakeholder Engagement and Reporting

I serve as the bridge between the local entity’s senior leadership and the AEC Group CISO, regularly providing updates on the local security posture, incidents, and risks.

Close collaboration with other executives and team leads to ensure that security considerations are part of all critical business decisions.

Security Awareness and Training
Designing and delivering security awareness and training programs tailored to meet needs on both, company and individual level.

Fostering strong cybersecurity culture and ensuring employees are confident when it comes to handling any security threats.

Infosec & IT security team oversight
Managing infosec and IT Security team. Ensuring the effectiveness and alignment of teams effort with local & AEC group security strategy and requirements.

Ensuring best possible utilization of infosec technology stack within budget constrains.

Coordination in Crisis Situations
Collaboration with local crisis management comittee and AEC Group CISO to ensure a coordinated response during incidents, ensuring both local and group-wide resilience.

Page updated

Google Sites

Report abuse