Leonid Baiakhchev
CISO · Head of GRC · AI Infrastructure Builder
Executive Summary
CISO and Head of GRC with 13+ years in information security, built on 20+ years in regulated financial technology. Former dual executive as CISO for Lab49 and Global Head of Information Security GRC for ION Group (13,000+ employees). Built enterprise security and compliance programmes from scratch across global organisations. Now building autonomous AI agent systems — one of very few senior security executives in the world who can credibly claim both.
Current
Designs, deploys, and operates autonomous multi-agent AI systems. Builds AI tools for GRC workflows — the same workflows previously run manually as a CISO. Runs a production AI agent fleet handling research, orchestration, code generation, knowledge management, and task coordination.
The next generation of security, governance, and compliance will be shaped by people who build with AI, not just manage it.
Security & GRC Career
Lab49 — Fintech capital markets software (~200 employees)
ION Group — Financial technology group (~13,000 employees)
- Full CISO responsibility: security strategy, operations, incident response, cloud security, Secure SDLC
- Owned mandatory GRC services across all group companies: governance, audits, risk, TPRM, metrics, awareness, compliance
- Overhauled enterprise Third-Party Risk Management (TPRM) programme
- Maintained continuous audit readiness across 13,000+ employees with a team of one
- Designed security for greenfield international expansion (New Delhi office, ~50 employees)
Delivered enterprise-grade security and compliance across a global group under extreme resource constraints — no team, no budget, just process rigour and tooling.
Luxoft — IT Services / Global Technology Services (13,000+ employees, 20+ countries)
- Owned global security, compliance, and resilience functions
- Led ~20 direct reports across cybersecurity, business continuity, compliance, and background screening
- Built global Business Continuity Management (BCM) programme from scratch based on ISO 22301
- Achieved 100% audit pass rate with zero major findings across 20+ audits
Built a company-wide BCM programme from nothing — policy, BIA, RTO/RPO definitions, crisis simulations — covering all global offices and risk scenarios including pandemics and geopolitical events.
Luxoft — All financial services clients globally (~5,000 employees, 20+ countries)
- Led security, compliance, and IT infrastructure for banks, hedge funds, and wealth management firms
- Managed centralised teams (~10 direct reports)
- Authored internal Luxoft security and compliance standards
- Passed 20+ client audits with zero major findings; all minor findings closed within one month
Luxoft — Top-tier international bank (~2,000 employees)
- Led security, compliance, and IT infrastructure
- Managed two teams: compliance and IT infrastructure
- Led crisis response during Russia–Ukraine conflict: coordinated emergency relocation of hundreds of employees across borders
- Managed bank-mandated VDI migration across the entire account
Luxoft
Primary point of contact for client compliance and security teams. Managed client audits, assessments, and compliance questionnaires.
Luxoft — Top-tier international bank
- Led large-scale banking software project. 30+ specialists across multiple countries
- Project budget exceeded EUR 1 million
- Delivered first production release on time and within contractual constraints
Earlier Career
Guta Group — Conglomerate / Finance / Banking
Hired directly by the group shareholder to independently audit internal processes. Audited vendor bidding systems for fraud resistance and bank payment processes for compliance. Reported directly to the shareholder — high trust, high discretion role.
BetZet — VIP Sports Betting
Built a private, high-stakes VIP sports betting company from the ground up. ~$20 million annual turnover. ~50 active VIP clients with $5,000 minimum bet threshold. Full executive responsibility: strategy, operations, finance, product, compliance, vendor management. 99% uptime. ~20% profit margin.
Mage's Tower — Board Games Club
Built and operated a board games club (Magic: The Gathering focus) across three locations. ~200 active members. Hosted competitive events with 50+ players. Managed everything: leases, operations, bar, community, finances.
Fair Play Club — Online Gaming / Poker
Built a full poker module from scratch for a major online gaming platform. Led 17-person cross-functional team. Grew active user base from 50 to 300.
Top-Tier Casino — Moscow
Built and operated a sportsbook function inside a major casino. Increased monthly betting turnover from $20,000 to $400,000. Zero operational incidents.
BetCruise — Sports Betting Exchange
Managed 50+ active sports betting markets daily. Fewer than two late line changes per month. Used firsthand knowledge of scalping strategies to protect exchange market quality.
Bermuda Triangle — Online Poker Services
Managed online poker access service. ~100 monthly customers. ~$500,000 monthly cash turnover. Resolved account issues directly with PartyPoker support.
Skills & Competencies
Security & GRC
- Information Security Governance, Risk & Compliance
- CISO-level strategy and operations
- Enterprise risk management
- Third-Party Risk Management (TPRM)
- Business Continuity Management (BCM)
- Regulatory compliance: FCA, SEC, GDPR, DORA, SOX
- Audit management (internal, external, client)
- Incident response and crisis management
AI Infrastructure
- Autonomous multi-agent system design
- AI agent fleet management
- AI-driven GRC automation
- AI risk and governance
- Prompt injection defence
- Agent trust boundaries
Standards & Frameworks
- ISO 27001 — programme ownership, certification, re-certification
- ISO 22301 — BCM design and global rollout
- SOC 1 / SOC 2 — audit support and remediation
- SOX IT controls · TISAX
- NIST CSF, SP 800-53, SP 800-37
- Secure Controls Framework
Languages
- English — preferred, advanced, work proficiency
- Russian — native
- German, Polish — basic · Ukrainian — intermediate
Consulting Services
- Virtual CISO — Fractional or interim CISO. Strategy, governance, audit readiness, incident response, board reporting.
- GRC Services — Compliance programme design, audit preparation, risk assessments, policy development, TPRM, regulatory readiness.
- AI Automation — AI-driven automation of GRC workflows and business processes.
Open to remote or global roles