Work Experience

Allianz Group 
Head of IT GRC  (Manager of IT Process Management) / AZPL
October 2023 - Present
Lead Auditor IT / AAM
June 2023 - August 2023

mBank S.A. 
Senior Security Manager
June 2022 - June 2023 
– cyber risk process management and threat modeling (managing cyberrisk methodology and model and execution of ICT risk assessments, definition of mitigation measures and preparation / implementation security plans);
– vulnerability management (scans and patching process management);
– IT security standards management: preparation, verification and compliance checks of security procedures, processes and guidelines based on PL/EU regulations for security of ICT systems including those processing bank's classified information, taking into account international frameworks and best practices, including: ISF, NIST, CSA, ISO, ISACA, IIA, CObIT;
– Information Security process management (ISMS based on ISO27001);
– supervising security / compliance audits;
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation with IT departments in IT solutions implementation;
– cooperation within the international capital group (Commerzbank risk and security departments) in the areas of risk management, security standards and IT solutions;
– planning and managing budget for security standards, risk management, vulnerability management and outsourcing contract;
– contract management (security areas).

Security Program Manager
August 2021 - May 2022
I was responsible for:
– IT security standards management: preparation, verification and compliance checks of security procedures, processes and guidelines based on PL/EU regulations for security of ICT systems including those processing bank's classified information, taking into account international frameworks and best practices, including: ISF, NIST, CSA, ISO, ISACA, IIA, CObIT;
– managing cyber security programs / projects / audits;
– managing the process of granting exemption from security standards;
– supervising security / compliance audits (2021-cloud computing solutions);
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation with IT departments in IT solutions implementation;
– cooperation within the international capital group (Commerzbank risk and security departments);
– administering of the GRC system (standard and exemption management, risk and audit management modules);
– architecting and implementing AI (Ms Azure) solution into IT security processes (QnA and BOT app).

IT Security Expert
October 2020 - July 2021
I was responsible for:
– architecting (developing and updating) IT security standards, taking into account legal regulations, as well as specialist standards and best practices, including: CObIT, ISF, NIST, CSA, ISO, ISACA, IIA;
– managing the process of granting exceptions from security standards;
– supervising security/compliance audits (i.e. cloud computing providers);
– monitoring implementation of security recommendations;
– monitoring changes in law and regulations;
– cooperation within the capital group;
– administering of the GRC system (standard and exception management module). 

Head of IT Audit (Audit Manager)
May 2019 - September 2020 (1 year 5 months)
I was responsible for:
– planning and performing the annual IT audit plan;
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control;
– the team management.

IT Audit Expert
March 2019 - May 2019 (3 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing, ISMS;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control.

Academy of IT Management in Public Administration
Director of the Academy
June 2020 – Present
Member of the Program Committee
January 2015 – Present
AZIT Professor
May 2020 – Present
Senior Lecturer
January 2015 – May 2020

Bank Pocztowy SA
Head of Internal Audit (Managing Director)
June 2016 - March 2019 (2 years 10 months)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting to the board and to the audit committee;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– coordinating relationships between the bank and the Financial Supervisory Authority (KNF) regarding the implementation of recommendations;
– ensuring the effectiveness of the system of risk;
– ensuring the effectiveness of the system of internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016 (4 years)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– ensuring the effectiveness of the system of IT risk;
– ensuring the effectiveness of the system of IT internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Senior IT Auditor
February 2012 - June 2012 (5 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), ISMS, business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards.

GreenPost Sp. z o.o.
Audit Director

July 2011 - March 2012 (9 months)
I was responsible for:
– testing compliance services with the applicable regulations and the company standards;
– evaluating of the effectiveness and streamlining business processes;
– ensuring the effectiveness of the system of risk and the system of internal control;
– planning and conducting audits inside the organization and affiliated enterprises;
– developing recommendations and overseeing their implementation;
– establishing organizational standards;
– monitoring and reporting.

IT Solution Architect (B2B Contract)
July 2009 - March 2012 (2 years 9 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues).

Development Director
February 2011 - June 2011 (5 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues);
– ensuring that projects are delivered according to the their scopes and on time;
– testing compliance services with the applicable regulations and the company standards;
– establishing organizational standards;
– monitoring and reporting.

Controlling and Investment Director
December 2010 - January 2011 (2 months)
I was responsible for:
– establishing organizational standards;
– monitoring and reporting;
– financial planning & controlling.

Capital Market Institute - WSE Research S.A. (Warsaw Stock Exchange Group)
Development Director

November 2010 - February 2011 (4 months)
I was responsible for:
– building and realization business strategy and business perspective process management;
– preparing of the operational, investment and financial plan;
– developing fixed and security training program; being one of the trainer;
– the internal management consulting;
– the sales and vendor process management (including negotiations);
– IT services and application process management;
– the trends analysis;
– the implementation of solutions for increasing services quality.

Bogusław Bujak
Independent Consultant and Auditor
October 2006 - December 2011 (5 years 3 months)

Business Excellence Institute (Poland)
Senior Auditor / Senior Manger / Trainer (B2B Contract)
October 2006 - July 2009 (2 years 10 months)
I was responsible for:
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading audits, trainings and workshops.

Vice President
July 2007 - June 2008 (1 year)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Member of the Board
October 2005 - February 2007 (1 year 5 months)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director 

February 2004 - September 2005 (1 year 8 months)
I was responsible for:
– IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– examining consistency of IT processes;
– planning and managing the revenue assurance process;
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– building and implementing strategies and processes to communication and PR for TP (R&D, IT, Telco);
– building and participating in the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients;
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

IT Division Manager (Service Level Management) 
July 2003 - January 2004 (7 months)
I was responsible for:
– developing and implementing IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager

March 2003 - June 2003 (4 months)
I was responsible for:
– ensuring efficiency, effectiveness and credibility of risk management and hedging revenues (Revenue Assurance);
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– IT security management, personal data protection;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

Support Manager
January 2002 - February 2003 (1 year 2 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– implementing the service level management process (SLM);
– auditing and recommending changes to the organization to increase the profitability of the IT activities;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

IT Section Manager (Distributed Computing)
June 1999 - January 2002 (2 years 8 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– defining IT standards;
– applications and systems management (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems);
– analyzing and implementing solutions to guarantee optimal use of ICT tools;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations;
– IT purchasing and logistics (annual budget over $6 million).

IT Help Desk Coordinator
December 1997 - May 1999 (1 year 6 months)
I was responsible for:
– building IT Service Desk and providing support to users of the IT systems;
– conducting internal business audits of the quality and processes (as an ISO
Internal Auditor and a member of the team "Promoters of Quality").

IT Help Desk Consultant
July 1997 - December 1997 (6 months)
I was responsible for:
– building new IT Service Desk and providing support to users of the IT systems.

S.bit
Implementation Specialist

November 1996 - February 1997 (4 months)
I was responsible for:
- planning and implementing company applications;
- end user consulting and training.