Branko Džakula

This project showcases my successful orchestration of a healthcare organization's journey to implement the HITRUST framework and achieve the HITRUST certification. I developed and executed a customized strategy, aligning the HITRUST Common Security Framework (CSF) with our unique organizational needs, ensuring efficient resource utilization and minimal operational disruption. This implementation brought in huge deals for the company, increasing revenue and returning investment in security in less than a year.

I fostered a culture of security and compliance by actively involving and securing buy-in from stakeholders across various departments, thereby ensuring a company-wide commitment to the initiative. The project also involved innovative solutions. I employed cutting-edge technologies and methodologies to streamline the compliance process, significantly reducing manual effort and enhancing accuracy. I also successfully bolstered our defenses against cyber threats, significantly reducing the risk of data breaches and enhancing trust among customers and partners.

This project entailed crafting and executing a focused, high-velocity rapid deployment strategy that condensed the typical ISO 27001 implementation timeline without compromising thoroughness and rigor. During this process, I led a dedicated cross-functional team, fostering a high-energy environment that encouraged swift decision-making and problem-solving. I also implemented the Lean and Agile methodologies to accelerate the certification process, ensuring that every action taken was precise and contributed directly to the goal.

The company successfully achieved the ISO 27001 certification in just four weeks, a testament to the team's hard work and my strategic oversight. As a result, the company improved its security infrastructure and protocols significantly, ensuring robust protection of sensitive data and systems. The security expectations of enterprise prospects and clients were met and exceeded, and the company was able to expand its market reach and secure a substantial investment for future growth.

This project involved developing a cohesive strategy that aligned the requirements of ISO 27001 and SOC 2, leveraging synergies between the two standards to streamline the process. I orchestrated a fully remote team, employing advanced collaboration tools and methodologies to maintain high productivity and engagement across different time zones. I also conducted a thorough risk assessment, focusing on the unique vulnerabilities of handling real-time financial data and implementing robust controls to mitigate risks effectively.

As a result of these efforts, the company attained the ISO 27001 certification and the SOC 2 Type 2 attestation, showcasing the company's commitment to the highest security standards. During the process, I established a comprehensive security framework that significantly bolstered the company's defenses against potential breaches and data leaks. In addition, the dual certification opened new avenues for client engagements, particularly with larger enterprises that demand rigorous security standards, thus driving business growth and competitive advantage.

This project highlights the successful development and launch of an offensive security services offering for a cybersecurity services company. I spearheaded the creation of a robust team of 15 specialists and strategically introduced penetration testing services to US and Western Europe markets, achieving an impressive ARR of $3 million within two years solely from this new service line.

I conducted comprehensive market research to identify and understand the specific needs and challenges of the US and Western European markets. Then, I developed a tailored entry strategy highlighting our unique value proposition and competitive advantages. After that, I collaboratively worked with the team to design a suite of penetration testing services that met industry standards and incorporated innovative techniques and methodologies to provide superior value to clients.

This project demonstrates my leadership in designing and launching a revolutionary security compliance automation solution. Recognizing the need for more efficient compliance processes, I assembled a team to develop a tool that drastically cuts the time required to implement frameworks like ISO 27001 from months to weeks by automating the majority of ISMS controls. During the process, I employed the Agile development approach, incorporating continuous feedback from potential users to ensure the solution met and exceeded market needs and expectations.

This project encapsulates my comprehensive approach to implementing a state-of-the-art security operations center (SOC) for a client. It involved a series of complex and interrelated activities, including the coordination of security information and event management (SIEM) systems, installation of agent and network sensors, and the establishment of integration activities, service level agreements (SLAs), and protocols essential for running an effective SOC-managed service, including staffing level 1 and 2 security analyst roles.

This project was a testament to my ability to understand and implement complex security solutions in a dynamic environment. The successful implementation of the SOC fortified the client's defense against cyber threats and provided a scalable and flexible system that adapts to evolving security landscapes. My leadership in planning, executing, and managing this project demonstrates my comprehensive understanding of advanced cybersecurity measures and my commitment to delivering solutions that provide real, tangible value to clients. This initiative significantly contributed to the client's operational resilience and positioned them to protect their critical assets and data better.

I've executed GDPR gap analysis, implementation project execution, and continuous maintenance of compliance with GDPR across the following industries:

• Digital healthcare
• Airlines
• Hospitality
• Fintech
• Telecommunications
• Software and cybersecurity services

The projects involved complex PII and PHI data mapping, data transfer impact assessments, data processing agreements, responding to user data requests, consulting management on risks influencing design decisions for products and services, and ensuring continuous privacy by design.

I successfully maintained compliance with no regulatory penalties, and no customer churns due to privacy concerns, and I successfully executed continuous privacy awareness training within the organizations.

• Regulatory Knowledge
• Data Mapping and Classification
• Privacy Impact Assessments (PIAs)
• Data Protection Policies and Procedures
• Security Measures and Controls
• Data Subject Rights Management
• Cross-Border Data Transfer Expertise
• Regulatory Liaison and Reporting
• Audit and Monitoring
• Record of Processing Activities (ROPA)
• Incident Response and Breach Management
• Vendor Management

Through my company, UN1QUELY, I founded UN1QUELY Academy, the 1st cybersecurity academy in Montenegro that has helped over 200 individuals break into a cybersecurity career.

This program focused on teaching students about security management practices following the implementation of ISO 27001, learning the basics of defensive security in a security operations center (SOC) environment, and the basics of offensive security practices in penetration testing web applications.

In a recent project engagement, a company focused on improving its security and compliance measures. They reviewed and optimized their Microsoft cloud configuration, developed a comprehensive due diligence package, aligned their security compliance program with ISO 27001 and SOC 2 frameworks, and implemented contractual security requirements. These measures helped the company better protect its clients' data and maintain their trust and confidence in its services.