Business profile

Leader | Council & Board Member | IT & Security Manager | GRC & Audit Manager | Coach & Trainer 
MBA Program Director IT Management Academy Director | AZIT Professor & Lecturer


My other profiles:

ORCID                 Nauka Polska                 ResearchGate                 LinkedIn                 


Work Experience

Allianz Group 
Head of IT GRC  (Manager of IT Process Management) / AZPL
October 2023 - Present
Lead Auditor IT / AAM
June 2023 - August 2023

mBank S.A. 
Senior Security Manager
June 2022 - June 2023 
– cyber risk process management and threat modeling (managing cyberrisk methodology and model and execution of ICT risk assessments, definition of mitigation measures and preparation / implementation security plans);
– vulnerability management (scans and patching process management);
– IT security standards management: preparation, verification and compliance checks of security procedures, processes and guidelines based on PL/EU regulations for security of ICT systems including those processing bank's classified information, taking into account international frameworks and best practices, including: ISF, NIST, CSA, ISO, ISACA, IIA, CObIT;
– Information Security process management (ISMS based on ISO27001);
– supervising security / compliance audits;
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation with IT departments in IT solutions implementation;
– cooperation within the international capital group (Commerzbank risk and security departments) in the areas of risk management, security standards and IT solutions;
– planning and managing budget for security standards, risk management, vulnerability management and outsourcing contract;
– contract management (security areas).

Security Program Manager
August 2021 - May 2022
I was responsible for:
– IT security standards management: preparation, verification and compliance checks of security procedures, processes and guidelines based on PL/EU regulations for security of ICT systems including those processing bank's classified information, taking into account international frameworks and best practices, including: ISF, NIST, CSA, ISO, ISACA, IIA, CObIT;
– managing cyber security programs / projects / audits;
– managing the process of granting exemption from security standards;
– supervising security / compliance audits (2021-cloud computing solutions);
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation with IT departments in IT solutions implementation;
– cooperation within the international capital group (Commerzbank risk and security departments);
– administering of the GRC system (standard and exemption management, risk and audit management modules);
– architecting and implementing AI (Ms Azure) solution into IT security processes (QnA and BOT app).

IT Security Expert
October 2020 - July 2021
I was responsible for:
– architecting (developing and updating) IT security standards, taking into account legal regulations, as well as specialist standards and best practices, including: CObIT, ISF, NIST, CSA, ISO, ISACA, IIA;
– managing the process of granting exceptions from security standards;
– supervising security/compliance audits (i.e. cloud computing providers);
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation within the capital group;
– administering of the GRC system (standard and exception management module). 

Head of IT Audit (Audit Manager)
May 2019 - September 2020 (1 year 5 months)
I was responsible for:
– planning and performing the annual IT audit plan;
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control;
– the team management.

IT Audit Expert
March 2019 - May 2019 (3 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control.

Academy of IT Management in Public Administration
Director of the Academy
June 2020 – Present
Member of the Program Committee
January 2015 – Present
AZIT Professor
May 2020 – Present
Senior Lecturer
January 2015 – May 2020

Bank Pocztowy SA
Head of Internal Audit (Managing Director)
June 2016 - March 2019 (2 years 10 months)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting to the board and to the audit committee;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– coordinating relationships between the bank and the Financial Supervisory Authority (KNF) regarding the implementation of recommendations;
– ensuring the effectiveness of the system of risk;
– ensuring the effectiveness of the system of internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016 (4 years)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– ensuring the effectiveness of the system of IT risk;
– ensuring the effectiveness of the system of IT internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Senior IT Auditor
February 2012 - June 2012 (5 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards.

GreenPost Sp. z o.o.
Audit Director

July 2011 - March 2012 (9 months)
I was responsible for:
– testing compliance services with the applicable regulations and the company standards;
– evaluating of the effectiveness and streamlining business processes;
– ensuring the effectiveness of the system of risk and the system of internal control;
– planning and conducting audits inside the organization and affiliated enterprises;
– developing recommendations and overseeing their implementation;
– establishing organizational standards;
– monitoring and reporting.

IT Solution Architect (B2B Contract)
July 2009 - March 2012 (2 years 9 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues).

Development Director
February 2011 - June 2011 (5 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues);
– ensuring that projects are delivered according to the their scopes and on time;
– testing compliance services with the applicable regulations and the company standards;
– establishing organizational standards;
– monitoring and reporting.

Controlling and Investment Director
December 2010 - January 2011 (2 months)
I was responsible for:
– establishing organizational standards;
– monitoring and reporting;
– financial planning & controlling.

Capital Market Institute - WSE Research S.A. (Warsaw Stock Exchange Group)
Development Director

November 2010 - February 2011 (4 months)
I was responsible for:
– building and realization business strategy and business perspective process management;
– preparing of the operational, investment and financial plan;
– developing fixed and security training program; being one of the trainer;
– the internal management consulting;
– the sales and vendor process management (including negotiations);
– IT services and application process management;
– the trends analysis;
– the implementation of solutions for increasing services quality.

Bogusław Bujak
Independent Consultant and Auditor
October 2006 - December 2011 (5 years 3 months)

Business Excellence Institute (Poland)
Senior Auditor / Senior Manger / Trainer (B2B Contract)
October 2006 - July 2009 (2 years 10 months)
I was responsible for:
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading audits, trainings and workshops.

Vice President
July 2007 - June 2008 (1 year)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Member of the Board
October 2005 - February 2007 (1 year 5 months)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director 

February 2004 - September 2005 (1 year 8 months)
I was responsible for:
– IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– examining consistency of IT processes;
– planning and managing the revenue assurance process;
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– building and implementing strategies and processes to communication and PR for TP (R&D, IT, Telco);
– building and participating in the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients;
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

IT Division Manager (Service Level Management) 
July 2003 - January 2004 (7 months)
I was responsible for:
– developing and implementing IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager

March 2003 - June 2003 (4 months)
I was responsible for:
– ensuring efficiency, effectiveness and credibility of risk management and hedging revenues (Revenue Assurance);
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– IT security management, personal data protection;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

Support Manager
January 2002 - February 2003 (1 year 2 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– implementing the service level management process (SLM);
– auditing and recommending changes to the organization to increase the profitability of the IT activities;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

IT Section Manager (Distributed Computing)
June 1999 - January 2002 (2 years 8 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– defining IT standards;
– applications and systems management (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems);
– analyzing and implementing solutions to guarantee optimal use of ICT tools;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations;
– IT purchasing and logistics (annual budget over $6 million).

IT Help Desk Coordinator
December 1997 - May 1999 (1 year 6 months)
I was responsible for:
– building IT Service Desk and providing support to users of the IT systems;
– conducting internal business audits of the quality and processes (as an ISO
Internal Auditor and a member of the team "Promoters of Quality").

IT Help Desk Consultant
July 1997 - December 1997 (6 months)
I was responsible for:
– building new IT Service Desk and providing support to users of the IT systems.

S.bit
Implementation Specialist

November 1996 - February 1997 (4 months)
I was responsible for:
- planning and implementing company applications;
- end user consulting and training.

Languages knowledge

 English, professional proficiency 

  • Cambridge Business English Certificate (BEC) Vantage
  • TOEIC – 845 points

 Polish, native language

Academic and Post-Graduate Educations

  • Doctor of Philosophy in management sciences, PhD (PL: dr n. ekon.)
    Warsaw University of Technology (Politechnika Warszawska)
    Faculty of Management
    Distinction in the 6th edition of the Competition for the Award of the President of the National Bank of Poland for the best doctoral dissertation in the field of economic sciences.
  • Doctor of Laws, LL.D. 
    Wyższa Szkoła Menadżerska / Business School (London)
    Law in business 
  • Executive MBA & Diplôme International du Management
    The French Institute of Management associé à l'Institut Français de Gestion
  • Master in management and marketing (PL: mgr)
    University of Management and Law in Warsaw (Wyższa Szkoła Zarządzania i Marketingu w Warszawie)
    Marketing and Management Faculty
  • Engineer of mechatronics (PL: inż)
    Warsaw University of Technology (Politechnika Warszawska)
    Faculty of Mechatronics
  • Cybersecurity: Managing risk in the information age
    Harvard University
  • Ethics of AI
    University of Helsinki
  • Artificial Intelligence
    University of Helsinki
  • Writing in the Sciences Seminar (Statement of Accomplishment)
    Stanford University  
  • Fixed and Security Analysis based on CFA (PL: doradca inwestycyjny)
    Koźmiński University (Akademia Leona Koźmińskiego)

Certifications and other credentials

  • CCSK - Certificate of Cloud Security Knowledge
  • CISA - Certified Information Systems Auditor
  • QA - Accreditation in Quality Assessment / Validation
  • CPTE - Certified Penetration Testing Engineer
  • CRMA - Certification in Risk Management Assurance
  • CIA - Certified Internal Auditor
  • ISO/IEC 27001 Lead Auditor
  • Proofpoint Certified Identity Threat Specialist
  • Proofpoint Certified Security Awareness Specialist 
  • Proofpoint Certified Insider Threat Specialist
  • Proofpoint Certified AI/ML Specialist
  • Algosec ASMS Foundation (Certified User)
  • SC-400 - Microsoft Certified: Information Protection and Compliance Administrator Associate
  • SC-400 Microsoft Certified: Information Protection Administrator Associate
  • GPMPC - Google Project Management Professional (PMP) Certificate
  • DP-900 - Microsoft Certified: Azure Data Fundamentals
  • AI-900 Microsoft Certified: Azure AI Fundamentals
  • AZ-900 - Microsoft Certified: Azure Fundamentals
  • CSSBB - Certified Six Sigma Black Belt
  • CSSGB - Certified Six Sigma Green Belt
  • White Belt of Lean Six Sigma
  • ITIL® Expert Certificate in IT Service Management
  • ITIL® Manager - Manager's Certificate in IT Service Management
  • MCSD - Microsoft Certified Solution Developer
  • MCAD - Microsoft Certified Application Developer
  • MCDBA - Microsoft Certified Database Administrator
  • MCSA - Microsoft Certified Systems Administrator
  • MCSE - Microsoft Certified Systems Engineer
  • MCP - Microsoft Certified Professional
  • OneTrust Certified GRC Professional
  • OneTrust Targeted Data Discovery Expert
  • 5th Trainer - the 5th Element Game Trainer
  • ITVM - Manager in IT Value Management
  • ITVM - Professional in IT Value Management
  • cte™ - Certified TCO Expert
  • IA - Internal Auditor, Polish Ministry of Economy
  • IA - Internal Auditor, British Standards Institution (BSI)
  • Build Your Knowledge of Cloud Administration
  • Cloud Engineering with Google Cloud

Organizations

  • Academy of  IT Management in Public Administrationmember of the Program Committee
  • Foundation IT Leader Club Polska – member of the Council (vice chairman)
  • Foundation IT Leader Club Polskamember of the Program Committee
  • IT Service Management Forum Polska (itSMF)ex-member and ex-vice president of the Management Board (2004-2008)
  • League for Nature Conservation (LOP)ex-member of the Main Management Board (1990-1995)
  • The Institute of Internal Auditors (The IIA) – member
  • ISACA  silver member 
  • Association of Martial Artists World Wide – member (Black Belt Council)
  • Polish Martial Arts Federation – member 
  • International Combat Martial Arts Unions Association – member
  • International Combat Martial Arts Union – member
  • International Combat Martial Arts Masters Union – member
  • International Combat Chinese Martial Arts Union – member
  • International Combat Martial Arts Founders Union – member
  • International Combat Tai Chi Union – member
  • International Combat Stick Fighting Union – member
  • International Combat Sword Fighting Union – member
  • Global Martial Arts Assocation – member
  • Vienna Wushu Academy – fellow
  • European Wushu Academy – fellow
  • Neijia Academy – fellow  

Honors & Awards

Professional Honors & Awards:

  • Prize of the Board (2014, 2013, 2002, 2000)
  • Prize of the President of the Board (2004)
  • Prize of the CIO (2002, 2001)

Science Honors & Awards:
Non Profit Honors:
  • The Gold Badge of the Alliance for Environment Protection (1990)
  • The Silver Badge of the Alliance for Environment Protection (1989)
Hobbies Honors:
  • The crown of Polish Half Marathons (2016)
  • The arm of Half Marathons (2016, 2017)
  • Mountain tourist badge - popular (2016)
  • Mountain tourist badge - small brown (2017)
  • Mountain tourist badge - small silver (2019)
  • The crown of Warsaw (2021)
  • The crown of Polish Mountains (2021)