# Leonid Baiakhchev

**CISO | Head of GRC | AI Infrastructure Builder**

LinkedIn: [linkedin.com/in/baialeo](https://www.linkedin.com/in/baialeo/)  
Website: [awesome-leonid.com](https://awesome-leonid.com)  
Email: contact@awesome-leonid.com  
Availability: Open to remote or global roles. Available immediately.

---

## Executive Summary

Senior Information Security and GRC executive who personally builds and operates autonomous AI agent systems. Former CISO for Lab49 and Global Head of Information Security GRC at ION Group (13,000+ employees). 13+ years in information security, 20+ years in regulated financial technology. One of very few senior security executives globally who can credibly claim both executive security leadership and hands-on AI infrastructure experience.

---

## Target Roles

- CISO
- Fractional / Virtual CISO
- Head of GRC
- Director of Information Security Governance
- Head of Third-Party Risk Management
- Head of Risk Management
- Head of Operational Resilience

---

## Career History

### AI Infrastructure Builder (2025–Present)
Designs, deploys, and operates autonomous multi-agent AI systems. Builds AI tools for GRC workflows — policy generation, risk monitoring, audit preparation, compliance tracking. Runs a production AI agent fleet handling research, orchestration, code generation, knowledge management, and task coordination.

### CISO at Lab49 / Global Head of Information Security GRC at ION Group (2021–2025)
Dual executive role: CISO for Lab49 (~200 employees) + global GRC ownership for ION Group (~13,000 employees).
- Achieved ISO 27001 with zero major findings
- Overhauled enterprise Third-Party Risk Management
- Maintained audit readiness for 13,000+ employees with a team of one
- Designed security for greenfield international expansion (New Delhi)

### Director of Security and Compliance at Luxoft (2019–2021)
Owned global security, compliance, and resilience across 13,000+ employees in 20+ countries. ~20 direct reports.
- Built BCM programme from scratch (ISO 22301)
- 100% audit pass rate across 20+ audits, zero major findings

### Head of Security and IT Infrastructure — Financial Services at Luxoft (2016–2019)
Led security, compliance, and IT infrastructure for all financial services clients globally. ~10 direct reports, ~5,000 employees, 20+ countries.
- 20+ client audits, zero major findings
- Authored internal security standards

### Head of Security and IT Infrastructure — Top-Tier Banking Account at Luxoft (2014–2016)
Led security for ~2,000-person banking account.
- Crisis leadership during Russia–Ukraine conflict: relocated hundreds of employees across borders
- Managed bank-mandated VDI migration

### Senior Project Manager at Luxoft (2012–2014)
Led banking software project. 30+ specialists across multiple countries. Budget >EUR 1M. Delivered on time.

### Earlier Career (2005–2011)
Internal Auditor at Guta Group. Business management and operations roles in regulated industries. Risk assessment and compliance experience in financial services.

---

## Core Competencies

### Security and GRC (13+ years)
- Information Security Governance, Risk and Compliance
- CISO-level strategy for regulated financial services
- Enterprise risk management across multi-company groups
- Third-Party Risk Management programme design and overhaul
- Business continuity management design and global rollout
- Security architecture for global expansion
- Regulatory compliance: FCA, SEC, GDPR, DORA, SOX
- Audit management (internal, external, client-driven)
- Incident response, cloud security, IAM, SOC/SIEM, Secure SDLC

### AI Infrastructure (hands-on, current)
- Autonomous multi-agent system design, deployment, and orchestration
- AI agent fleet management (task routing, coordination, quality control)
- AI-driven GRC automation — compliance workflows, risk monitoring, audit prep
- AI risk and governance — practical experience from building, not theory
- Prompt injection defence, agent trust boundaries, autonomous decision-making

### Leadership
- Executive team leadership across 13,000+ employees
- Matrix authority and cross-functional coordination
- Crisis leadership and programme building from scratch
- Board reporting and vendor management

---

## Standards and Frameworks (hands-on)

- ISO 27001 — programme ownership, certification, re-certification
- ISO 22301 — business continuity management design and global rollout
- SOC 1 / SOC 2 — audit support and remediation
- SOX IT controls
- TISAX
- NIST CSF, SP 800-53, SP 800-37
- Secure Controls Framework
- FCA, SEC, GDPR, DORA regulatory compliance

---

## Certifications

- CISM (2020–2023)
- CISSP (planned)

---

## Tools and Platforms

Drata, Archer, ServiceNow, SIEM, JIRA, KnowBe4, AWS, Azure, GCP

---

## Languages

English (advanced), Russian (native), Ukrainian (intermediate), German (basic), Polish (basic)

---

## Projects

### Aletheia Context Engine
Personal knowledge system integrated with AI agents. Turns generic AI assistants into agents that understand user context, goals, and decision patterns. Open source publication planned.

### Personal AI Infrastructure
Production multi-agent AI infrastructure. Agent fleet using Hermes as harness, Mnemosyne as memory layer, custom tools and integrations. Autonomous task routing, coordination, quality control.

### LBX Forge
Consulting company for Virtual CISO engagements, GRC programme design, and AI automation for compliance and business workflows.
