Ivan Kalinić, Developer in Zagreb, Croatia
Ivan is available for hire
Hire Ivan

Ivan Kalinić

Verified Expert  in Engineering

Cybersecurity Developer

Location
Zagreb, Croatia
Toptal Member Since
December 29, 2023

Ivan is a seasoned professional with cybersecurity, quality assurance, and software development expertise. He's proficient in securing systems, ensuring compliance, enhancing software quality, managing risks, developing robust security protocols, and driving software projects to success. Ivan is also adept in leading security initiatives, implementing strong security measures, and optimizing software quality in diverse environments.

GRCQuality Assurance (QA)SecurityInformation SecurityLeading Quality Assurance (LQA)NISTGDPRWindowsCybersecurityData AnalysisApplication SecurityIT Service Management (ITSM)Software DevelopmentPKICloud SecurityDigital Forensics

Portfolio

Diverto
CISO, Strategy, Leadership, SOC 2, ISO 27001...
Vukovar and Zagreb County Courts
Digital Forensics, Linux, Windows, Computer Architecture, Networking...
IN2
Information Security, Information Security Management Systems (ISMS)...

Experience

GRC - 15 yearsIT Audits - 15 yearsQuality Assurance (QA) - 15 yearsEnterprise Risk Management (ERM) - 15 yearsQuality Management - 15 yearsInformation Security - 15 yearsBusiness Analysis - 15 yearsCloud Security - 10 years

Availability

Part-time

Preferred Environment

Linux, Windows

The most amazing...

...project I've led involved running a full-scale security & privacy program, a security operation center, & security solutions for a multinational company.

Work Experience

Head of GRC and Senior Information Security Consultant

2019 - PRESENT
Diverto
  • Built a team of senior advisors specializing in information security and cybersecurity.
  • Advised numerous companies in information security and cybersecurity.
  • Performed the role of CISO for a prominent automotive plastic part company, managing security at six organizations in five countries.
Technologies: CISO, Strategy, Leadership, SOC 2, ISO 27001, Information Security Management Systems (ISMS), PKI, Data Loss Prevention (DLP), DevOps, Governance, Corporate Governance, Risk Management, Enterprise Risk Management (ERM), Data Privacy, International Data Privacy Regulations, GDPR, NIST, Linux, Windows, Computer Architecture, Networking, Computational Finance, Programming, Economics, Controlling, Organization, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Biometrics, Security Controls, GRC, IT Audits, Regulatory Reporting, Regulatory Compliance, App Development, Data Analysis, ITIL, ISO/IEC 9126, Security Clearance, Quality Assurance (QA), Security, IT Security, Third-party Risk, Global Project Management, SOX Compliance, Commercialization, Finance, Application Security, Quality Management, Information Security, Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Total Quality Management (TQM), Safety, Digital Forensics, Court Records, Cloud Security, IT Service Management (ITSM), Security Management, Business Continuity, Software Development Lifecycle (SDLC), IT Project Management, Syslog, Elastic, Azure, Business Analysis, Assets, Information Systems, ISO 9001-2015, ISO 20000, SOX, ITSM, SaaS, DevSecOps, SIEM, BIA, Risk Assessment, Integration, Analysis, Classification, Web Proxy, Databases, Web Application Firewall (WAF), Incident Response, Penetration Testing, Playbook, Social Engineering, IaaS, Web Hosting, IT Infrastructure, Security Review, Cloud, DPIA, RoPA, Digital Transmission, System Integration

Expert Court Witness for ICT, IP, and QMS

2018 - PRESENT
Vukovar and Zagreb County Courts
  • Gathered and examined digital forensics evidence under relevant court orders.
  • Analyzed digital evidence and created reports for court judges, explaining IT facts in layperson's terms.
  • Partook in court proceedings and provided the court with accurate and independent opinions.
Technologies: Digital Forensics, Linux, Windows, Computer Architecture, Networking, Cryptography, Database Security, Compliance, Biometrics, Security Controls, GRC, IT Audits, Regulatory Compliance, Data Analysis, Quality Assurance (QA), Security, IT Security, Application Security, Quality Management, Information Security, Cybersecurity, Court Records, Information Systems, Analysis

Head of Quality Management and Consultant for Quality and Security

2016 - 2019
IN2
  • Performed multiple privacy and security consulting projects in the corporate, health, and public sectors.
  • Built and managed an integrated management system, including quality management, information security, data privacy, environment protection, and health and safety.
  • Managed several company reorganization proceedings.
Technologies: Information Security, Information Security Management Systems (ISMS), Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Total Quality Management (TQM), Environment, Safety, GDPR, International Data Privacy Regulations, Data Privacy, Linux, Windows, Computer Architecture, Networking, Computational Finance, Programming, Economics, Controlling, Organization, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Biometrics, Security Controls, GRC, IT Audits, Regulatory Reporting, Regulatory Compliance, App Development, Data Analysis, Java, ITIL, ISO/IEC 9126, Security Clearance, Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, Finance, Application Security, Quality Management, CISO, Strategy, Leadership, ISO 27001, PKI, Data Loss Prevention (DLP), DevOps, Corporate Governance, Risk Management, NIST, Oracle Database, Cloud Security, IT Service Management (ITSM), Security Management, Business Continuity, Software Development Lifecycle (SDLC), IT Project Management, Azure, Business Analysis, Assets, Information Systems, ISO 9001-2015, ISO 20000, SOX, Serena Business Mashups, ITSM, SaaS, DevSecOps, SIEM, BIA, Risk Assessment, Integration, Analysis, Classification, Databases, Incident Response, Software Development, IaaS, Web Hosting, IT Infrastructure, Security Review, Cloud, DPIA, RoPA, Digital Transmission

Managing Director

2016 - 2017
LVP Consulting
  • Provided consultancy services in information security, quality, compliance, governance, and auditing.
  • Assisted in information system development, implementation, and maintenance.
  • Delivered project coordination and management services.
Technologies: Quality Assurance (QA), Quality Management, Information Security, Information Security Management Systems (ISMS), Application Security, Windows, Computational Finance, Programming, Economics, Controlling, Organization, Database Security, IT Governance, Compliance, Biometrics, Security Controls, GRC, IT Audits, Regulatory Reporting, Regulatory Compliance, App Development, Data Analysis, ITIL, ISO/IEC 9126, Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, Commercialization, Finance, Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Total Quality Management (TQM), Safety, GDPR, Data Privacy, CISO, Strategy, Leadership, ISO 27001, Corporate Governance, Risk Management, Cloud Security, IT Service Management (ITSM), Security Management, Business Continuity, IT Project Management, Business Analysis, Assets, Information Systems, ISO 9001-2015, ISO 20000, ITSM, SaaS, BIA, Risk Assessment, Analysis, Databases

Project Quality Manager

2014 - 2015
Novartis
  • Acted as a GRC manager delegate and managed offshore project quality pools.
  • Drove simplification and efficiency initiatives for compliance processes and supported creating and revising relevant IT and business function standard operating procedures to ensure they meet requirements.
  • Supported commercial IT and financial services projects, handled global and local implementations of digital and mobile projects, and assisted in SOX-relevant projects.
Technologies: Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, SOX Compliance, Commercialization, Finance, Application Security, SOX, Windows, Computer Architecture, Networking, Computational Finance, Organization, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Biometrics, Security Controls, GRC, IT Audits, Regulatory Compliance, App Development, Data Analysis, ITIL, ISO/IEC 9126, Quality Management, Information Security, Information Security Management Systems (ISMS), Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Total Quality Management (TQM), Safety, GDPR, International Data Privacy Regulations, Data Privacy, CISO, Strategy, Leadership, SOC 2, ISO 27001, PKI, Data Loss Prevention (DLP), Corporate Governance, Risk Management, NIST, Cloud Security, IT Service Management (ITSM), Security Management, Business Continuity, Software Development Lifecycle (SDLC), IT Project Management, Business Analysis, Assets, Information Systems, ISO 9001-2015, ISO 20000, ITSM, SaaS, DevSecOps, BIA, Risk Assessment, Analysis, Classification, Databases, IaaS, IT Infrastructure, Security Review, Cloud, RoPA, Digital Transmission

Project Manager

2011 - 2014
IGEA
  • Managed large projects of over five million euros funded by the European Union and the World Bank.
  • Participated in several projects in various managerial roles, including documentation manager, service manager, and software quality auditor.
  • Obtained security clearance and managed security for confidential projects.
Technologies: ITIL, Security Clearance, Windows, Computer Architecture, Computational Finance, Economics, Controlling, Organization, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Security Controls, GRC, Regulatory Compliance, App Development, Data Analysis, Spring, ANTs, Jira, Subversion (SVN), ISO/IEC 9126, Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, Commercialization, Finance, Application Security, Quality Management, Information Security, Information Security Management Systems (ISMS), Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Total Quality Management (TQM), Safety, Data Privacy, Strategy, Leadership, ISO 27001, PKI, Corporate Governance, Risk Management, Oracle Database, IT Service Management (ITSM), Security Management, Business Continuity, Software Development Lifecycle (SDLC), IT Project Management, Business Analysis, Assets, Information Systems, ISO 9001-2015, ISO 20000, Centura, Serena Business Mashups, ITSM, SaaS, DevSecOps, BIA, Risk Assessment, Integration, Analysis, Classification, Databases, Software Development, IT Infrastructure, Security Review

Software Project Leader and Software Developer

2007 - 2011
IGEA
  • Developed numerous Java, Centura, and Gupta applications.
  • Built ITSM support processes and administered Serena Business Mashups applications supporting ITSM processes.
  • Established processes and a new service desk business department using ITIL principles.
Technologies: Java, Spring, ANTs, Team Development, Jira, Subversion (SVN), Centura, Serena Business Mashups, ITSM, ITIL, Linux, Windows, Computer Architecture, Networking, Computational Finance, Programming, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Biometrics, Security Controls, GRC, Regulatory Compliance, App Development, Data Analysis, ISO/IEC 9126, Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, Application Security, Quality Management, Information Security, Cybersecurity, Leading Quality Assurance (LQA), Data Privacy, Leadership, ISO 27001, PKI, DevOps, Risk Management, Oracle Database, IT Service Management (ITSM), Business Continuity, Software Development Lifecycle (SDLC), IT Project Management, Business Analysis, Assets, Information Systems, ISO 20000, DevSecOps, BIA, Risk Assessment, Integration, Analysis, Databases, Software Development, IT Infrastructure, Digital Transmission, System Integration

IT Internal Auditor

2007 - 2007
Kvarner Vienna Insurance Group
  • Participated in planning yearly and quarterly audit activities, executed audit plans, made several additional audits required by the supervisory board and regulators, and participated in joint audits for the whole corporate group.
  • Developed interfaces for collecting raw audit data and built in-house software for audit process support and reporting.
  • Consulted business departments on audit recommendations implementation and laws and best practices alignment.
Technologies: Regulatory Reporting, Regulatory Compliance, App Development, Data Analysis, Windows, Computer Architecture, Networking, Computational Finance, Programming, Organization, Cryptography, Database Security, IT Governance, Compliance, Defense Information System Network (DISN), Security Controls, GRC, IT Audits, ITIL, Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, IT Security, Third-party Risk, Global Project Management, Finance, Application Security, Quality Management, Information Security, Information Security Management Systems (ISMS), Cybersecurity, Leading Quality Assurance (LQA), Quality Management Systems (QMS), Safety, Data Privacy, Digital Forensics, Strategy, ISO 27001, PKI, Corporate Governance, Risk Management, NIST, IT Service Management (ITSM), Security Management, Business Continuity, IT Project Management, Business Analysis, Assets, Information Systems, ISO 20000, ITSM, BIA, Risk Assessment, Analysis, Databases, IT Infrastructure, Security Review

Security Operations Center Implementation

This project involved implementing a security operations center (SOC), coordinating security information and event management, and installing agent and network sensors. It also entailed integration activities, setting up service level agreements, and various protocols for running a SOC-managed service.

Security Operations Center Readiness Assessment and Advisory Services

This project entailed determining applicable trusted service criteria, identifying existing security practices, and assessing organizational readiness and maturity. I also identified and evaluated security risks, designed internal controls and processes, consulted on SaaS service architecture, and developed DevSecOps practices. The project required me to be a trusted advisor in implementation efforts, preparing the organization for a successful attestation process.

Externalized CISO Services

The complete information security function that I handled within five countries and eight factories, designing, driving, and owning the whole information security program and acting as a trusted advisor to the group. This project involved ensuring constant compliance with GDPR and numerous security standards. I also managed security technologies, coordinated SOC efforts, and reported to the management board.

SOC 2 Type II Implementation

I identified and assessed security risks, designed internal controls and processes, consulted on SaaS service architecture and developing DevSecOps practices, acted as a trusted advisor in implementation efforts, and prepared the organization for a successful certification process.

SOC 2 Type II Readiness Assessment

I determined applicable trust services criteria, identified existing security practices, assessed organizational readiness and maturity, defined a gap implementation plan, reported to the management board, and secured further implementation projects.

GRC System, Information Asset Repository, Risk Assessment, and Business Impact Analysis

I implemented an asset identification solution (Lansweeper), established an IT inventory, and implemented a GRC risk management tool (AlterRisk). I also conducted business impact analysis for 30+ power plants and performed risk identification and risk assessment for distribution systems.

Information Security Advisory Services

I improved the existing business process management system based on ISO/IEC 27001:2013. I also enhanced organizational and technical security controls, performed internal information security audits, identified and assessed security risks, and acted as a trusted advisor in improvement efforts.

Network Data Loss Prevention (DLP) Consultancy Services

Reviewed the company's governance capabilities, analyzed existing rules and policies, and developed classification guidelines. I assessed existing network DLP, identified gaps, defined DLP treatment rules, and integrated them with incident management. I also modeled common data loss scenarios, defined test scenarios, and validated proposed strategies.

Implement Management System Based on ISO/IEC 27001:2013 and ISO 9001:2015 Standards

Implemented a business process management system based on ISO/IEC 27001:2013 and ISO 9001:2015 standards. I assessed organizational readiness and maturity and inventory information assets. My work also included identifying and evaluating security and quality risks, designing internal controls and processes, acting as a trusted advisor in implementation efforts, and preparing the organization for a successful certification process.

Application Security Review

Defined the assessment methodology, performed a high-level analysis of 180 applications against the company's minimum security requirements, and conducted a detailed analysis of 60 business-critical applications. Based on the process and data quality scores, I defined a remediation plan and designed a derogation process for any exceptions.

Data Access and Web Application Management System

I managed and ran implementation projects for an information classification tool (Symantec ICT), a data loss prevention tool (Symantec DLP), a web proxy (Symantec Blue Coat), a database activity monitor (IBM Guardium), and a web application firewall (F5).

Information Security Advisory Services

Managed a multi-team project and coordinated penetration test efforts and various security technology assessments and improvements. I consulted on and improved existing cybersecurity incident response practices and secured SW development practices and defense playbooks.

Implement Information Security Practices into Existing Corporate Security Function

Aside from implementing information security practices into existing corporate security functions, my work involved assessing organizational readiness at the HQ level and at 14 subsidiaries, defining a corporate and information security strategy, inventorying information assets, identifying and evaluating security risks, and designing internal controls and processes. I was a trusted advisor in the implementation efforts and performed numerous security awareness sessions. I also designed and executed phishing campaigns and coordinated various vulnerability and penetration tests, as well as red team engagements.

Review IaaS and Web Hosting IT Infrastructure

Performed a security review of the company's IT infrastructure supporting its complete Infrastructure as a Service (IaaS) and web hosting offering. I identified potential improvements and advised on the implementation efforts.

Cloud Governance Strategy

Defined the cloud governance strategy and standardized the company's approach to the selection, deployment, ongoing management, and decommissioning of cloud-based IT services. My work also included developing SOPs for cloud services scoping, general platform qualifications, and complete cloud services lifecycle. I also created tools for easier security control selection applicable to each cloud service.

Information Security Advisory Services

Assessed the current state of information security practices and determined security maturity. I improved the existing security practices, updated the internal control design, and performed security awareness sessions. I also designed and executed phishing campaigns and coordinated penetration test efforts.

SaaS Solution and Cloud Service Provider Assessment

Assessed procurement SaaS solutions and the cloud service provider's security practices. I identified security gaps present in the SaaS solution and with the CSP's security organization, performed risk assessments, and gave advice on implementation.

Achieving GDPR Compliance

Contributed to the timely positioning and securing of management support for GDPR compliance initiatives, performed business readiness and GDPR assessments, developed and established a new corporate framework, created new tools for information classification and (D)PIA. My work also included updating business processes, aligning with existing management systems, ensuring privacy is ingrained in everyday tasks, and implementing and maintaining compliance efforts.

As an interim DPO and security manager, I performed 100+ classifications, 30+ DPIAs, and security assessments. I also organized 20+ GDPR workshops, developed necessary tools and policies, and established a compliance framework.

Digital Transformation Oktal Pharma Ltd | B2B Webshop, ERP Virtual warehouse, Integration Platform

My role as a project manager involved establishing new digital sales channels for the Hungarian market and automating all business processes in existing information systems utilizing integration platforms.

Technical Assistance for Improving MIS of HRD OS in Turkish Ministry of Labor and Social Security

Updated and maintained two main management information systems (EuropeAid/13670/IH/SER/TR), namely HRD-MIS and MISTIK, where all the duties of the EU Coordination Department of MoLSS were carried out electronically. I also developed and integrated additional modules to the existing systems.

As a quality and security consultant, I analyzed security requirements and performed gap analysis against ISO 27001:2013 standards, consulted and trained the project team on security control design and implementation, as well as assessed the system against applicable security controls, etc.

Integrated Management System (Quality, ITSM, Environment, Health, and Safety)

Established an Integrated Management System (IMS) to increase leadership effectiveness and simplify and reduce costs through efficient use of resources. The IMS has been created based on the HLS structure, and it integrates management systems based on ISO 9001:2015 – quality, ISO 20000-1:2011 – IT service management, ISO 14001:2015 environment, and BS OHSAS 18001:2007 occupational health and safety. The project's scope included the upgrade and transition of the quality management system based on ISO 9001:2008 standards, while the integration with ISMS based on ISO 27001:2013 is planned for phase II (Q3 2017).
2008 - 2011

Specialist Degree in Information Systems Security and Auditing Management

Faculty of Organization and Informatics, University of Zagreb - Varaždin, Croatia

2001 - 2006

Master's Degree in Information Systems

Faculty of Organization and Informatics, University of Zagreb - Varaždin, Croatia

OCTOBER 2023 - OCTOBER 2026

Certified Secure Software Lifecycle Professional

ISC2

MAY 2022 - MAY 2025

Certificate of the Business Continuity Institute (CBCI)

Business Continuity Institute

MAY 2022 - MAY 2025

Certified Data Privacy Solutions Engineer

ISACA

NOVEMBER 2019 - NOVEMBER 2025

Certified Cloud Security Professional

ISC2

NOVEMBER 2017 - PRESENT

ISO 9001 Lead Auditor

Bureau Veritas

JANUARY 2017 - PRESENT

ISO/IEC 27001 and ISO/IEC 20000 Lead Auditor

Bureau Veritas

MAY 2015 - SEPTEMBER 2026

Information Systems Security Management Professional

ISC2

DECEMBER 2014 - PRESENT

ICE Silver Training

Novartis

NOVEMBER 2014 - PRESENT

ITIL Foundation

Axelos

SEPTEMBER 2014 - SEPTEMBER 2026

Certified Information Systems Security Professional

ISC2

NOVEMBER 2013 - PRESENT

Oracle Public Sector Specialist

Oracle

SEPTEMBER 2012 - SEPTEMBER 2024

Project Management Professional (PMP)

Project Management Institute (PMI)

Tools

ANTs, Jira, Subversion (SVN), Syslog, Elastic

Industry Expertise

Cybersecurity

Platforms

Windows, Linux, Oracle Database, Azure, Playbook

Paradigms

Team Development, ITIL, DevOps, App Development, DevSecOps, Penetration Testing

Storage

Database Security, Databases

Languages

Java

Frameworks

Spring

Other

IT Governance, Security Controls, GRC, IT Audits, Quality Assurance (QA), Enterprise Risk Management (ERM), Governance, Security, IT Security, Third-party Risk, Global Project Management, Quality Management, Information Security, Information Security Management Systems (ISMS), Leading Quality Assurance (LQA), Quality Management Systems (QMS), GDPR, CISO, SOC 2, ISO 27001, Corporate Governance, Risk Management, NIST, Security Management, IT Project Management, Business Analysis, Information Systems, ISO 9001-2015, ISO 20000, ITSM, BIA, Risk Assessment, Classification, Incident Response, Security Review, RoPA, Computer Architecture, Networking, Economics, Organization, Compliance, Defense Information System Network (DISN), Regulatory Reporting, Regulatory Compliance, Data Analysis, ISO/IEC 9126, Security Clearance, SOX Compliance, Application Security, Total Quality Management (TQM), Safety, International Data Privacy Regulations, Data Privacy, Court Records, Strategy, Leadership, PKI, Data Loss Prevention (DLP), Cloud Security, IT Service Management (ITSM), Business Continuity, Software Development Lifecycle (SDLC), Assets, Centura, Serena Business Mashups, SaaS, Software Development, Social Engineering, IaaS, IT Infrastructure, Cloud, Computational Finance, Programming, Controlling, Cryptography, Biometrics, Commercialization, Finance, Environment, Digital Forensics, SOX, SIEM, Integration, Analysis, Web Proxy, Web Application Firewall (WAF), Web Hosting, DPIA, Digital Transmission, System Integration

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring