You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Bozhidar GinevBG

Bozhidar Ginev

Information Security Consultant | CISSP

€400/day
Kazanlak, BG
3-7 years

Average response time: 1 hour

About Bozhidar

I'm an Information Security professional with 5+ years across IAM, Incident Response, and GRC.

My experience across these areas lets me assess security with full awareness of both governance requirements and technical implications. Working in a regulated financial institution, I operate in an environment where security and regulatory alignment are non-negotiable.

I approach security as a business enabler — practical, proportional, and aligned to how the organization actually operates, without overengineering controls beyond what the business needs.

Engagements I take on:
- ISO 27001:2022 readiness assessment and gap remediation
- DORA gap analysis, third-party register build-out, ICT risk framework alignment
- PCI DSS 4.0 readiness for SaaS and payment-adjacent businesses
- Business Continuity, Disaster Recovery planning, and Business Impact Analysis
- Security questionnaire response and third-party assurance
- Internal audit and pre-certification dry runs
  • English

    Fluent

  • Bulgarian

    Native or bilingual

Remote only
Primarily works remotely

Experience

  • ZettaOnline
    Technology GRC Analyst
    BANKING AND INSURANCE
    January 2025 - Today (1 year and 7 months)
    Sofia, Bulgaria
    • Own compliance program for ISO 27001, ISO 20000-1, and PCI DSS in a regulated financial environment; maintain audit readiness and evidence libraries
    • Conduct internal audits; coordinate findings, track remediation, and report to management
    • Lead Business Impact Analysis across internal and external services; define contractual and technical controls for third-party service delivery
    • Develop and maintain security policies, procedures, and governance documentation
    • Automate Third-Party assessment flow in OneTrust
    • Assess and monitor access control compliance including user provisioning, privileged access, and periodic access reviews aligned to ISO 27001
    PCI DSS ISO 27001 DORA Business Continuity / Disaster Recovery Data Privacy
  • Accenture
    Information Security Risk Assessor
    CONSULTING AND AUDITS
    January 2024 - May 2025 (1 year and 4 months)
    Prague, Czechia
    • Conducted information security due diligence for 5 European M&A targets across GDPR, ISO 27001, and regional frameworks
    • Identified and quantified security risks across systems, infrastructure, and third-party dependencies; produced gap analyses and remediation roadmaps
    • Estimated financial exposure from identified risks to inform deal structuring and integration planning
    M&A Risk analysis
  • Mews
    IT Security Engineer
    HOSPITALITY
    January 2023 - June 2024 (1 year and 5 months)
    Prague, Czechia
    • Maintained ISMS aligned to PCI-DSS 4.0, ISO 27001:2022, SOC 2, GDPR, and NF525 for a global SaaS platform
    • Conducted tens of third-party vendor security assessments and led compliance monitoring activities
    • Managed Microsoft Purview
    • Collaborated with Legal on data privacy risk management
    • Evaluated third-party and internal IAM controls as part of risk assessments and vendor security reviews
    Audit Third-party Risk Management ISO 27001 PCI DSS SOC

Recommendations

Be the first to recommend Bozhidar

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • CISSP — ISC2
    2026
    CISSP — ISC2
  • Azure Administrator Associate — Microsoft
    2024
    Azure Administrator Associate — Microsoft

Categories