Andra Maria Negulei

DPO Role:

• Defined and implemented organisational policies, rules and regulations.
• Planned and directed general operations to meet organisational goals.
• DPIAs drafting and identifying risks according to processing of records
• Policy management : Data Breach Policy and Process, Data Retention according to different jurisdictions as per location, Data Privacy Notice, Cookie Policy
• Data Privacy awareness throughout the company
• Leveraged training and expertise to enforce laws and regulations
• Increased customer satisfaction by resolving Data Privacy issues also through Client Assessments.

Security Officer Role and Internal auditor:

- Certified Internal auditor -

- Certified ISO 27001 auditor-

• Drew up annual Internal Audit Plan based on key risks and strategies.
• Installed internal controls and set up standard procedures with regards to the ISO 27001:2022 certification
• Shaped internal audit strategy and methodology to meet company goals and to satisfy the ISO 27001:2022 management system and controls
• Managing external audits for all locations at a global level
• Conducted regular reviews and official internal audits travelling to all company locations and conducting internal audits in person.
• Undertook continuous monitoring to drive improvements throughout the year in order to be audit ready.
• Preventive actions and action plan management
• Client security assessments and periodical re-assessments
• External calls with clients in case of assessment doubts
• Information security training for new joiners, HR, finance and ICT
• Phising exercises reports and results in collaboration with ICT team
• Vendor management procedure
• Periodical Business continuity exercises
• Information security policies owner and responsabile in

collaboration with HR, Finance and ICT for ISO 27001 modifications

- Managing activities for GDPR Compliance for all Italian Accounts (internal audits through active contracts, locations and services)
- Reporting activities with the scope of presenting to the Leadership the progress of the Italian Compliance
- Coordinating the Delivery and Legal Teams in order to achieve the compliance with internal policies, Italian and European Laws.
- Management of the active resources that work on the various projects
- Supervising the correctness of the drafting of the Appointment letters and
System Administrator letters for the resources working on the accounts
- Managing the Subcontractor administration (verifying compliance, active contracts, risk assessment)

- Managing the Information Security controls implementation on different contracts in collaboration with Delivery Teams

- Managing Team activities and ticketing system in order to achieve SLA’s according to Contract
- Improvement of HR processes in order to maximize the timeframe and effort within the team
- Skills Matrix of team members for a better organization of activities according to each one’s skills and abilities
- Constant collaboration with the Client’s Managing Director or HR Director for weekly reporting, process improvement, change of HR Italian Laws, process transfer.

- Managing the administration of the company (Profile of the company: Engineering and Design of Roads and Bridges)
- Monthly accounting and collaboration with the Accounting firm
- Promoting an IT Software designed to memorize and manage the roads and bridges in a certain county
- Collaborate with the City halls and Municipalities to promote and
further support the software