Erin Andrei Valeryevich

Erin Andrei Valeryevich

Biography

Andrey Erin was born in 1964.

Education

In 1986, he graduated from the Military School (SVAKU), and in 1997 - Ural State University (USU). In 1998, he underwent retraining at UGTU (UPI) in management, and in 2003 - retraining at USU with a degree in information security.

Career

Since his dismissal from the Armed Forces of the Russian Federation, Erin has been working in the FTS system, and then in Банке24.ру, while taking various advanced training and training courses on various topics of information security and information security, risk management, business intelligence, analysis of network security, etc.

Andrey Erin has received international BSI ISO 27001 certificates and is a recognized specialist in the field of building information security management systems based on this standard. "Банк24.ру" was the first in Russia, from banks, to successfully pass international certification for compliance with the SUIB standard ISO 27001.

Andrey headed the information security service of KB "Банк24.ру." At the previous place of work, Erin organized the information security department from scratch, which later grew into the bank's information security service.

Having joined Leta in December 2010, Yerin mastered in detail the methodology for conducting consulting projects, passed at the Academy of Information Systems a full line of authorized ABISS courses on the then new version of the standard STO BR IBBS, and took part in real projects. The priority task of Andrey Erin as the head of the new division was the accelerated formation of a highly professional team of consultants specializing in the implementation of the STO BR IBBS standard, as well as the quick launch of relevant projects. The core of this team was Leta employees with extensive experience in this area. In addition, the arrival of Erin strengthened the Leta team specializing in the implementation of the international standard ISO 27001.

Andrey led Leta's consulting division specializing in audit services and bank systems compliance INFORMATION SECURITY the Russian with the Bank standard. Russia STO BR IBBS Participated in implementation projects ISMS in accordance with. ISO 27001

With the arrival of Andrei at Technoserv, the company began to build system information security (IS) processes. Andrey began his activities with a thorough audit of information security. In total, more than 100 criteria were evaluated in various areas of information security. The next stage was to identify current threats and the most critical information security risks, according to which priority measures were identified to protect information. In order for these events to be implemented, and not remain only projects, Andrei took the following organizational measures: the Information Security Committee, consisting of leading top managers of the company, was formed and began to actually work, was developed and approved by the shareholder of the Information Security Policy and a number of other regulatory documents of information security. At the same time, Andrei pursued a policy of raising awareness of personnel (and management) in the field of information security: he regularly wrote articles in internal and external periodicals, made reports and presentations. The above measures allowed to start the implementation of technical means of information protection without great resistance from the personnel.

He worked as the head of the department of internal information security, a division implementing and operating the information security system of Technoserv.

Director of Information Security at Carcade Leasing. Andrei builds the information security system (information security) in Carcade from scratch. Along with the introduction of technical means of information protection (TSPI), it pays great attention to the development of a culture of information security. The largest information security project in Carcade is the introduction of DLP (protection against leaks of confidential information). DLP allows you to record information leaks, and the developed information security regulations allow you to apply disciplinary practice to violators, up to dismissal under the TC article for disclosing confidential information. Parallel work with personnel, including the development of a training course on information security, allows Andrei to remain interested in information security not only among the company's leaders, but also among ordinary employees. Expert assessment of the effectiveness of the information security system made it possible to calculate the retained profit of the company due to information security measures. This profit is measured in millions of rubles and exceeds 10 times the costs of personnel of the information security unit and the costs of TSZI. Andrey regularly shares experience with colleagues at thematic conferences. report at the BIS Summit

Since 2017, he served as director of the department of his own security at Carcade Leasing. The functions of Andrei Valerievich additionally included: an internal fraud investigation system, personnel and physical security, verification of counterparties. Information security is still the main area of ​ ​ interest of Andrei.

Since 2021 - Director of the Information Security Department of Carcade Leasing.