Business profile

An experienced manager and expert in the field of banking, audit, security, internal control and information and communication technologies (ICT). 

Currently, I specialize in IT security topics, especially in solutions based on the cloud computing, artificial intelligence (AI) and the Internet of Things (IoT). 

Work Experience

mBank S.A. 
IT Security Expert
October 2020 - Present 
I am responsible for:
– architecting (developing and updating) IT security standards, taking into account legal regulations, as well as specialist standards and best practices, including: CObIT, ISF, NIST, CSA, ISO, ISACA, IIA;
– managing the process of granting deviations from security standards;
– supervising security/compliance audits (i.e. cloud computing providers);
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation within the capital group;
– administering of the GRC system (standard and deviation management module). 

IT Audit Manager
May 2019 - September 2020 (1 year 5 months)
I was responsible for:
– planning and performing the annual IT audit plan;
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control;
– the team management.

IT Audit Expert
March 2019 - May 2019 (3 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control.

Academy of IT Management in Public Administration
Director of the Academy
June 2020 – Present
Member of the Program Commitee
January 2015 – Present
Senior Lecturer
January 2015 – Present

Bank Pocztowy SA
Head of Internal Audit (Director)
June 2016 - March 2019 (2 years 10 months)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting to the board and to the audit committee;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– coordinating relationships between the bank and the Financial Supervisory Authority (KNF) regarding the implementation of recommendations;
– ensuring the effectiveness of the system of risk;
– ensuring the effectiveness of the system of internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016 (4 years)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– ensuring the effectiveness of the system of IT risk;
– ensuring the effectiveness of the system of IT internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Senior IT Auditor
February 2012 - June 2012 (5 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards.

GreenPost Sp. z o.o.
Audit Director

July 2011 - March 2012 (9 months)
I was responsible for:
– testing compliance services with the applicable regulations and the company standards;
– evaluating of the effectiveness and streamlining business processes;
– ensuring the effectiveness of the system of risk and the system of internal control;
– planning and conducting audits inside the organization and affiliated enterprises;
– developing recommendations and overseeing their implementation;
– establishing organizational standards;
– monitoring and reporting.

IT Solution Architect (B2B Contract)
July 2009 - March 2012 (2 years 9 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues).

Development Director
February 2011 - June 2011 (5 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues);
– ensuring that projects are delivered according to the their scopes and on time;
– testing compliance services with the applicable regulations and the company standards;
– establishing organizational standards;
– monitoring and reporting.

Controlling and Investment Director
December 2010 - January 2011 (2 months)
I was responsible for:
– establishing organizational standards;
– monitoring and reporting;
– financial planning & controlling.

Capital Market Institute - WSE Research S.A. (Warsaw Stock Exchange Group)
Development Director

November 2010 - February 2011 (4 months)
I was responsible for:
– building and realization business strategy and business perspective process management;
– preparing of the operational, investment and financial plan;
– developing fixed and security training program; being one of the trainer;
– the internal management consulting;
– the sales and vendor process management (including negotiations);
– IT services and application process management;
– the trends analysis;
– the implementation of solutions for increasing services quality.

Bogusław Bujak
Independent Consultant and Auditor
October 2006 - December 2011 (5 years 3 months)

Business Excellence Institute (Poland)
Senior Auditor / Senior Manger / Trainer (B2B Contract)
October 2006 - July 2009 (2 years 10 months)
I was responsible for:
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops.

Vice President
July 2007 - June 2008 (1 year)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Member of the Board
October 2005 - February 2007 (1 year 5 months)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director 

February 2004 - September 2005 (1 year 8 months)
I was responsible for:
– IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– examining consistency of IT processes;
– planning and managing the revenue assurance process;
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– building and implementing strategies and processes to communication and PR for TP (R&D, IT, Telco);
– building and participating in the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients;
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

IT Division Manager (Service Level Management) 
July 2003 - January 2004 (7 months)
I was responsible for:
– developing and implementing IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager

March 2003 - June 2003 (4 months)
I was responsible for:
– ensuring efficiency, effectiveness and credibility of risk management and hedging revenues (Revenue Assurance);
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– IT security management, personal data protection;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

Support Manager
January 2002 - February 2003 (1 year 2 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– implementing the service level management process (SLM);
– auditing and recommending changes to the organization to increase the profitability of the IT activities;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

IT Section Manager (Distributed Computing)
June 1999 - January 2002 (2 years 8 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– defining IT standards;
– applications and systems management (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems);
– analyzing and implementing solutions to guarantee optimal use of ICT tools;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations;
– IT purchasing and logistics (annual budget over $6 million).

IT Help Desk Coordinator
December 1997 - May 1999 (1 year 6 months)
I was responsible for:
– building IT Service Desk and providing support to users of the IT systems;
– conducting internal business audits of the quality and processes (as an ISO
Internal Auditor and a member of the team "Promoters of Quality").

IT Help Desk Consultant
July 1997 - December 1997 (6 months)
I was responsible for:
– building new IT Service Desk and providing support to users of the IT systems.

S.bit
Implementation Specialist

November 1996 - February 1997 (4 months)
I was responsible for:
- planning and implementing company applications;
- end user consulting and training.

Languages knowledge

 English, professional proficiency 

  • Cambridge Business English Certificate (BEC) Vantage
  • TOEIC – 845 points

Certifications and other credentials

  • DP-900 - Microsoft Certified: Azure Data Fundamentals, Credential ID H746-9893
  • AI-900 Microsoft Certified: Azure AI Fundamentals, Credential ID H741-2344
  • AZ-900 - Microsoft Certified: Azure Fundamentals, Credential ID H732-4525
  • CCSK - Certificate of Cloud Security Knowledge, Cloud Security Alliance, Credential ID DHF4kq1P4jRQWuNSugtuLSs2
  • CISA - Certified Information Systems Auditor, ISACA, Credential ID 18145433
  • QA - Accreditation in Quality Assessment / Validation, The Institute of Internal Auditors Inc., Credential ID 533/16/283
  • CPTE - Certified Penetration Testing Engineer, Mile2, Credential ID 423400
  • CRMA - Certification in Risk Management Assurance, The Institute of Internal Auditors Inc., Credential ID 7914
  • CIA - Certified Internal Auditor, The Institute of Internal Auditors Inc., Credential ID 114850
  • ITIL® Expert Certificate in IT Service Management, APM Group, Credential ID c.851698
  • ITIL® Manager - Manager's Certificate in IT Service Management, EXIN, Credential ID c.539504
  • MCSD - Microsoft Certified Solution Developer, Credential ID B796-4104
  • MCAD - Microsoft Certified Application Developer, Credential ID B796-4100
  • MCDBA - Microsoft Certified Database Administrator, Credential ID B796-4093
  • MCSA - Microsoft Certified Systems Administrator, Credential ID B796-4105
  • MCSE - Microsoft Certified Systems Engineer, Credential ID B796-4106
  • MCP - Microsoft Certified Professional, Credential ID B796-4089
  • OneTrust Certified GRC Professional, Credential ID C13652
  • OneTrust Targeted Data Discovery Expert, Credential ID
  • 5th Trainer - the 5th Element Game Trainer, BEI International
  • ITVM - Manager in IT Value Management, BEI International
  • ITVM - Professional in IT Value Management, BEI International 
  • cte™ - Certified TCO Expert, Gartner
  • IA - Internal Auditor, Polish Ministry of Economy, Credential ID 2695/ORG
  • IA - Internal Auditor, British Standards Institution (BSI), Credential ID PL020799 - 54372
  • Build Your Knowledge of Cloud Administration, LinkedIn, Credential ID ARotbG4dQGVRhmeSya3Ey3B5bFJM
  • Cloud Engineering with Google Cloud, Coursera, Credential ID Y6THHL3QKV5T

Academic and Post-Graduate Educations

  • Doctor of Philosophy in management sciences, PhD (PL: dr)
    Warsaw University of Technology (Politechnika Warszawska)
    Faculty of Management
    Distinction in the 6th edition of the Competition for the Award of the President of the National Bank of Poland for the best doctoral dissertation in the field of economic sciences.
  • Executive MBA & Diplôme International du Management
    The French Institute of Management associé à l'Institut Français de Gestion
  • Master in management and marketing (PL: mgr)
    University of Management and Law in Warsaw (Wyższa Szkoła Zarządzania i Marketingu w Warszawie)
    Marketing and Management Faculty
  • Engineer of mechatronics (PL: inż)
    Warsaw University of Technology (Politechnika Warszawska)
    Faculty of Mechatronics
  • Essential of AI
    University of Helsinki
  • Writing in the Sciences Seminar (Statement of Accomplishment)
    Stanford University  
  • Fixed and Security Analysis based on CFA (PL: doradca inwestycyjny)
    Koźmiński University (Akademia Leona Koźmińskiego)

Organizations

  • Academy of  IT Management in Public Administrationmember of the Program Committee
  • Foundation IT Leader Club Polska vice president of the Supervisory Board
  • Foundation IT Leader Club Polskamember of the Program Committee
  • IT Service Management Forum Polska (itSMF)ex-member and ex-vice president of the Management Board (2004-2008)
  • League for Nature Conservation (LOP)ex-member of the Main Management Board (1990-1995)
  • The Institute of Internal Auditors (The IIA) – member
  • ISACA  silver member 
  • Association of Martial Artists World Wide  member (Black Belt Council)
  • Polish Martial Arts Federation – member 
  • International Combat Martial Arts Unions Association – member
  • International Combat Martial Arts Union – member
  • International Combat Martial Arts Masters Union – member
  • International Combat Chinese Martial Arts Union – member
  • International Combat Martial Arts Founders Union – member
  • International Combat Tai Chi Union – member
  • International Combat Stick Fighting Union – member
  • International Combat Sword Fighting Union – member
  • Global Martial Arts Assocation – member
  • Vienna Wushu Academy – fellow
  • European Wushu Academy – fellow
  • Neijia Academy – fellow  

Honors & Awards

Professional Honors & Awards:

  • Prize of the Board (2014, 2013, 2002, 2000)
  • Prize of the President of the Board (2004)
  • Prize of the CIO (2002, 2001)

Science Honors & Awards:
Non Profit Honors:
  • The Gold Badge of the Alliance for Environment Protection (1990)
  • The Silver Badge of the Alliance for Environment Protection (1989)
Hobbies Honors:
  • Polish half marathon crown (2016)
  • Half marathon arms (2016, 2017)
  • Mountain tourist badge - popular (2016)
  • Mountain tourist badge - small brown (2017)
  • Mountain tourist badge - small silver (2019)