You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Plamen NachevPN

Plamen Nachev

Senior Cybersecurity and GRC Consultant

€450/day
Luxembourg, LU
15+ years

Average response time: 1 hour

About Plamen

Senior IT professional with a 17+ years career in Fortune 500 companies across highly regulated industries Pharmaceuticals, Banking, Fintech. Specialized at driving business value by designing secure cloud solutions, implementing robust security frameworks, and leading cross-functional teams to deliver critical projects.

🔑Core Competencies:
🤖 Responsible AI, Data Protection and Privacy: Experience in security implementation, ethical and safe development and deployment of AI systems, and safeguarding sensitive data in AI and cloud environments.
đź“‹ Security Assurance and Governance: Establishing and maintaining robust security frameworks, policies, and procedures to ensure compliance with global standards (e.g., ISO , GDPR, DORA, NIS2, SOC2, PCI-DSS).
🔍 Internal Audit Excellence: Led risk-focused audits to identify vulnerabilities, drive process improvements and ensure regulatory compliance.
🛡️Security Posture Management: Reduced attack surface by 30% through Azure zero-trust implementations and AI-powered security analytics, established infrastructure hardening baselines (CIS, NIST CSF, ZTA), integrated DevSecOps pipelines with automated security tests to enhance code quality.
🎯Business Analysis & Strategy: Translating business needs into actionable IT strategies aligned with organizational objectives, IT roadmaps and risk appetite.

🎓My qualifications are underpinned by a suite of certifications:
• Cloud & AI: AZ-900, AI-900, MS-900
• Security: Microsoft SC-900, IIBA-CCA, AVG Anti-Virus SMB
• Internal Audit: General Audit Training (KBC Group NV)
• Project/Service Management: ITIL 4 Foundation, CitiDirect Electronic Banking & BE Mobile

đź’ˇ Passion: Leveraging AI, cloud-native security, and threat intelligence to stay ahead of emerging threats and help organizations build resilient, future-proof security postures.
🌍 EU Blue Card holder - no sponsorship needed and immediate work eligibility across EU/EEA/EFTA
🚀 Open to relocation - Luxembourg
  • Bulgarian

    Native or bilingual

  • English

    Fluent

  • French

    Basic

Can work on-site
Luxembourg (up to 50km)

Experience

  • NTT Data Business Solutions,
    Microsoft Security Consultant
    TECH
    October 2024 - Today (1 year and 10 months)
    Sofia, Bulgaria
    • Led Azure Cloud security maturity and governance initiatives within a Competence Center, providing CISO-level advisory on best practices to internal and external stakeholders.
    • Architected enterprise Microsoft security solutions (Firewall, Defender, Sentinel) improving organizational security posture across multi tenant environments.
    • Enhanced Azure Entra ID architecture through granular RBAC, reducing unauthorized access attempts significantly.
    • Designed AI-Driven Threat Response and integration strategies for Microsoft Copilot for Security, increasing incident response efficiency and threat intelligence accuracy by 25%.
    • Implemented Azure Fabric security controls for Power BI, Data Factory, and Synapse Analytics using Cloud Adoption Framework.
    • Developed and implemented comprehensive compliance frameworks for Azure environments, ensuring adherence to GDPR, HIPAA, and PCI DSS and achieving 100% audit readiness.
    Cloud Platforms and Infrastructure IT-Security Cybersecurity Microsoft Azure
  • Teva Pharmaceuticals,
    Senior Cloud Security Engineer
    PHARMACEUTICALS INDUSTRY
    March 2023 - September 2024 (1 year and 6 months)
    Sofia, Bulgaria
    • Led Infrastructure as Code (IaC) security initiatives, focusing on deployment automation and monitoring for enhanced resilience
    • Implemented Policy as Code automation within Azure DevOps pipelines, strengthening enterprise cloud security posture
    • Automated security testing using Snyk, Sonatype Nexus, and Dependabot, identifying and remediating 50+ critical misconfigurations and vulnerabilities monthly.
    • Established DevSecOps best practices and documentation, improving operational efficiency and team capability through targeted training and knowledge sharing.
    DevSecOps Cloud Platforms and Infrastructure Microsoft Azure IT-Security Cybersecurity
  • Software AG,
    Cloud Technical Security Expert
    TECH
    November 2021 - March 2023 (1 year and 4 months)
    Sofia, Bulgaria
    • Led technical security reviews (NIST CSF, NIST SP 800-53) for 80+ cloud deployments, ensuring continuous compliance and audit readiness within an ISO 27001-certified ISMS.
    • Managed a comprehensive penetration testing program based on OWASP Cloud Top 10, utilizing Burp Suite and ZAP for cloud and application security assessments.
    • Implemented CIS Benchmark compliance for VM/Kubernetes deployments on Azure/AWS using Qualys and CrowdStrike.
    • Directed bi-annual NIST CSF assessments using a 3 Lines of Defense model, evaluating capabilities against cyber maturity goals and the company's risk appetite.
    • Orchestrated enterprise-wide NIST-aligned Phishing campaigns using Microsoft Attack Simulator, improving employee threat detection rates by 35%.
    • Led 100+ third-party security assessments, evaluating vendors against comprehensive security frameworks.
    Microsoft Azure IT-Security Audit Cybersecurity Cybersecurity Incident Management

Recommendations

Be the first to recommend Plamen

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • EU Blue Card
    EU Blue Card
  • Master of Information Systems and Technologies
    University of Library Studies and Information Technologies
    Master of Information Systems and Technologies

Skill set

Categories