mBanks’s Group IT Security Standards Lead
January 2024 - Present
I am responsible for the architecture and all issues related to IT security standards throughout their life cycle (based on EU and PL regulations, best practices, and frameworks, i.e.: ISF, NIST, CSA, ISO, ISACA, IIA, CObIT, CIS, ECB, BaFin, PFSA, SWIFT, PSD2, NIS, DORA, etc.). I also cooperate within a capital group (Commerzbank).
Weissbrot Research Centre
Owner
October 2023 - Present
I am responsible for Science, Research, Audit and Cybersecurity Services.
Allianz Group
Head of IT GRC (Manager of IT Process Management) / AZPL
Head of IT GRC (Manager of IT Process Management) / AZPL
October 2023 - November 2023
I was responsible for the Group IT GRC (IT Governance, Risk Compliance).
Lead Auditor IT / AAM
June 2023 - August 2023
June 2023 - August 2023
I was responsible for IT Risk Assessments and IT Audits within the Allianz Asset Management - an International Group (Allianz Global Investors, PIMCO).
mBank S.A.
Senior Security Manager
June 2022 - June 2023
I was responsible for the cyber risk and threat modeling process, the vulnerability management, IT security standards, ISMS, security / compliance audits, the contract management (security areas), and the cooperation within an international capital group (Commerzbank).
August 2021 - May 2022
I was responsible for: IT security standards, the cyber security programs / projects management, security / compliance audits, the security exemption process, the cooperation within an international capital group (Commerzbank), administering of the GRC system (standard and exemption management, risk and audit management modules), architecting AI solutions into IT security processes.
IT Security Expert
October 2020 - July 2021
I was responsible for: architecting IT security standards, the security exemptions process, third party security audits (cloud solutions), administering of the GRC system's modules.
Head of IT Audit (Audit Manager)
May 2019 - September 2020
I was responsible for the mBank's group internal IT and security audit area.
IT Audit Expert
March 2019 - May 2019
I was responsible for: IT internal audits (IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS), recommendations and guidelines, monitoring and reporting, ensuring the effectiveness of the system of IT and security risk, ensuring the effectiveness of the system of IT and security internal control.
May 2019 - September 2020
I was responsible for the mBank's group internal IT and security audit area.
IT Audit Expert
March 2019 - May 2019
I was responsible for: IT internal audits (IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS), recommendations and guidelines, monitoring and reporting, ensuring the effectiveness of the system of IT and security risk, ensuring the effectiveness of the system of IT and security internal control.
Bank Pocztowy SA
Head of Internal Audit (Managing Director)
June 2016 - March 2019
I was responsible for the Internal Audit area in the Bank.
Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016
I was responsible for the internal IT and security audit area in the Bank.
Senior IT Auditor
February 2012 - June 2012
I was responsible for: internal IT and security audits, recommendations and guidelines, monitoring and reporting, reviewing of the bank's compliance with regulatory and the company compliance standards.
GreenPost Sp. z o.o.
Audit Director
July 2011 - March 2012
I was responsible for the external and internal audit area.
IT Solution Architect (B2B)
July 2009 - March 2012
I was responsible for: defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, the confirmation, the accounting, tax issues).
Development Director
February 2011 - June 2011
I was responsible for: the company products, implementation projects, testing compliance services, establishing organizational standards, monitoring and reporting.
Controlling and Investment Director
December 2010 - January 2011
I was responsible for the financial planning, controlling, monitoring and reporting.
Capital Market Institute - WSE Research S.A. (Warsaw Stock Exchange Group)
Development Director
November 2010 - February 2011
I was responsible for: the business strategy and the business perspective process management, the financial planning, developing fixed and security training program (being one of the trainer), the internal management consulting, the sales and vendor process management (including negotiations), the IT services and application process management, the trends analysis.
Bogusław Bujak
June 2016 - March 2019
I was responsible for the Internal Audit area in the Bank.
Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016
I was responsible for the internal IT and security audit area in the Bank.
Senior IT Auditor
February 2012 - June 2012
I was responsible for: internal IT and security audits, recommendations and guidelines, monitoring and reporting, reviewing of the bank's compliance with regulatory and the company compliance standards.
GreenPost Sp. z o.o.
Audit Director
July 2011 - March 2012
I was responsible for the external and internal audit area.
IT Solution Architect (B2B)
July 2009 - March 2012
I was responsible for: defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, the confirmation, the accounting, tax issues).
Development Director
February 2011 - June 2011
I was responsible for: the company products, implementation projects, testing compliance services, establishing organizational standards, monitoring and reporting.
Controlling and Investment Director
December 2010 - January 2011
I was responsible for the financial planning, controlling, monitoring and reporting.
Development Director
November 2010 - February 2011
I was responsible for: the business strategy and the business perspective process management, the financial planning, developing fixed and security training program (being one of the trainer), the internal management consulting, the sales and vendor process management (including negotiations), the IT services and application process management, the trends analysis.
Bogusław Bujak
Owner -Independent Consultant and Auditor
October 2006 - December 2011
Business Excellence Institute (Poland)
Senior Auditor / Senior Manager / Trainer (B2B)
October 2006 - July 2009
I was responsible for: the project delivery process, auditing and advisory projects for selected customers (TOP 100), Compliance, trainings and workshops.
Vice President
July 2007 - June 2008
I was responsible for: the business strategy definition and the business operation management, the project delivery process, auditing and controlling processes, the international cooperation (including accreditation procedures), the business risk management, the revenue assurance process, trainings and workshops.
Member of the Board
October 2005 - February 2007
I was responsible for: the business strategy definition and the business operation management, the project delivery, auditing and controlling processes, the international cooperation (including accreditation procedures), the business risk management, the revenue assurance process, trainings and workshops.
Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director
February 2004 - September 2005
I was responsible for: the IT service level management proces (SLM), auditing and assessing the level of the quality of the IT services (the cost and KPI’s analysis), consistency of IT processes, the revenue assurance process, the customer satisfaction questionnaire (as a Director of Tech Customer Satisfaction Program), the communication and PR for TP (R&D, IT, Telco) process, the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients, reporting according to corporate standards (IAS, IFRS, internal TPSA, FT).
IT Division Manager (Service Level Management)
July 2003 - January 2004
was responsible for: the IT service level management proces (SLM), auditing and assessing the level of the quality of the IT services (the cost and KPI’s analysis), the customer satisfaction questionnaire (as a Director of Tech Customer Satisfaction Program), reporting according to corporate standards (IAS, IFRS, internal TPSA, FT).
Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager
March 2003 - June 2003
I was responsible for: the Revenue Assurance process, the cost optimization (TCO), the IT security management, the personal data protection (GDPR).
Support Manager
January 2002 - February 2003
I was responsible for: the IT services and processes, the cost optimization (TCO reduction over 10% of the annual IT budget), the service level management process (SLM).
IT Section Manager (Distributed Computing)
June 1999 - January 2002
I was responsible for: the IT services and processes, IT standards, the application and system management process (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems); Internal ISO 900x Audits, IT purchasing and logistics (annual budget over $6 million).
IT Help Desk Coordinator
December 1997 - May 1999
I was responsible for: building IT Service Desk and providing support to users of the IT systems, conducting internal business audits (as an ISO Internal Auditor and a member of the team "Promoters of Quality").
IT Help Desk Consultant
July 1997 - December 1997
I was responsible for the IT Service Desk and the IT system user support process.
S.bit
Implementation Specialist
November 1996 - February 1997
I was responsible for: planning and implementing applications, and the end user support and trainings.
Senior Auditor / Senior Manager / Trainer (B2B)
October 2006 - July 2009
I was responsible for: the project delivery process, auditing and advisory projects for selected customers (TOP 100), Compliance, trainings and workshops.
Vice President
July 2007 - June 2008
I was responsible for: the business strategy definition and the business operation management, the project delivery process, auditing and controlling processes, the international cooperation (including accreditation procedures), the business risk management, the revenue assurance process, trainings and workshops.
Member of the Board
October 2005 - February 2007
I was responsible for: the business strategy definition and the business operation management, the project delivery, auditing and controlling processes, the international cooperation (including accreditation procedures), the business risk management, the revenue assurance process, trainings and workshops.
Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director
February 2004 - September 2005
I was responsible for: the IT service level management proces (SLM), auditing and assessing the level of the quality of the IT services (the cost and KPI’s analysis), consistency of IT processes, the revenue assurance process, the customer satisfaction questionnaire (as a Director of Tech Customer Satisfaction Program), the communication and PR for TP (R&D, IT, Telco) process, the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients, reporting according to corporate standards (IAS, IFRS, internal TPSA, FT).
IT Division Manager (Service Level Management)
July 2003 - January 2004
was responsible for: the IT service level management proces (SLM), auditing and assessing the level of the quality of the IT services (the cost and KPI’s analysis), the customer satisfaction questionnaire (as a Director of Tech Customer Satisfaction Program), reporting according to corporate standards (IAS, IFRS, internal TPSA, FT).
Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager
March 2003 - June 2003
I was responsible for: the Revenue Assurance process, the cost optimization (TCO), the IT security management, the personal data protection (GDPR).
Support Manager
January 2002 - February 2003
I was responsible for: the IT services and processes, the cost optimization (TCO reduction over 10% of the annual IT budget), the service level management process (SLM).
IT Section Manager (Distributed Computing)
June 1999 - January 2002
I was responsible for: the IT services and processes, IT standards, the application and system management process (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems); Internal ISO 900x Audits, IT purchasing and logistics (annual budget over $6 million).
IT Help Desk Coordinator
December 1997 - May 1999
I was responsible for: building IT Service Desk and providing support to users of the IT systems, conducting internal business audits (as an ISO Internal Auditor and a member of the team "Promoters of Quality").
IT Help Desk Consultant
July 1997 - December 1997
I was responsible for the IT Service Desk and the IT system user support process.
S.bit
Implementation Specialist
November 1996 - February 1997
I was responsible for: planning and implementing applications, and the end user support and trainings.