Business profile

Expert interested in the security, audit, risk, internal control and ICT management.

Work Experience

mBank S.A. 
IT Security Expert
October 2020 - Present 

IT Audit Manager
May 2019 - September 2020 (1 year 5 months)
I was responsible for:
– planning and performing the annual IT audit plan;
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control;
– the team management.

IT Audit Expert
March 2019 - May 2019 (3 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT operational risk management, IT systems & processes, IT compliance function, IT security management processes (IT and cyber), cloud computing;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting;
– ensuring the effectiveness of the system of IT and security risk;
– ensuring the effectiveness of the system of IT and security internal control.

Academy of IT Management in Public Administration
Member of the Program Commitee
January 2015 – Present
Senior Lecturer
January 2015 – Present

Bank Pocztowy SA
Head of Internal Audit (Director)
June 2016 - March 2019 (2 years 10 months)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation and reporting to the board and to the audit committee;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– coordinating relationships between the bank and the Financial Supervisory Authority (KNF) regarding the implementation of recommendations;
– ensuring the effectiveness of the system of risk;
– ensuring the effectiveness of the system of internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Head of IT Internal Audit (Deputy Director)
July 2012 - June 2016 (4 years)
I was responsible for:
– planning and performing the annual audit plan (maintenance the audit risk map as well);
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards;
– ensuring the effectiveness of the system of IT risk;
– ensuring the effectiveness of the system of IT internal control;
– designing, implementation and administration of the audit workflow system;
– the team management.

Senior IT Auditor
February 2012 - June 2012 (5 months)
I was responsible for:
– planning and conducting internal audits of the organization and affiliated enterprises i.e. in the areas of: IT & operational risk management, IT systems & processes, a compliance function, security management processes (IT security, data protection and cybersecurity), business continuity processes, liquidity & capital management processes;
– developing lists of recommendations and guidelines, monitoring their implementation;
– reviewing of the bank's compliance with regulatory and the company compliance standards.

GreenPost Sp. z o.o.
Audit Director
July 2011 - March 2012 (9 months)
I was responsible for:
– testing compliance services with the applicable regulations and the company standards;
– evaluating of the effectiveness and streamlining business processes;
– ensuring the effectiveness of the system of risk and the system of internal control;
– planning and conducting audits inside the organization and affiliated enterprises;
– developing recommendations and overseeing their implementation;
– establishing organizational standards;
– monitoring and reporting.

IT Solution Architect (B2B Contract)
July 2009 - March 2012 (2 years 9 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues).

Development Director
February 2011 - June 2011 (5 months)
I was responsible for:
– defining, implementing and testing the technical requirements of products in accordance with the regulations in Poland and the European Union (such as electronic transactions, electronic shipping documents, electronic payments, confirmation, accounting, tax issues);
– ensuring that projects are delivered according to the their scopes and on time;
– testing compliance services with the applicable regulations and the company standards;
– establishing organizational standards;
– monitoring and reporting.

Controlling and Investment Director
December 2010 - January 2011 (2 months)
I was responsible for:
– establishing organizational standards;
– monitoring and reporting;
– financial planning & controlling.

Capital Market Institute - WSE Research S.A. (Warsaw Stock Exchange Group)
Development Director
November 2010 - February 2011 (4 months)
I was responsible for:
– building and realization business strategy and business perspective process management;
– preparing of the operational, investment and financial plan;
– developing fixed and security training program; being one of the trainer;
– the internal management consulting;
– the sales and vendor process management (including negotiations);
– IT services and application process management;
– the trends analysis;
– the implementation of solutions for increasing services quality.

Business Excellence Institute (Poland)
Senior Auditor / Senior Manger / Trainer (B2B Contract)
October 2006 - July 2009 (2 years 10 months)
I was responsible for:
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops.

Vice President
July 2007 - June 2008 (1 year)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Member of the Board
October 2005 - February 2007 (1 year 5 months)
I was responsible for:
– business strategy definition and business operation management;
– ensuring that all projects are delivered according to the their scopes and on time;
– auditing and controlling processes, including: planning, budgeting and implementing of audit and advisory projects for selected customers (TOP 100);
– evaluating the efficiency and effectiveness of the implemented methodologies, processes and procedures;
– the verification of compliance with the requirements of regulations and standards;
– implementing solutions to monitor and reporting;
– making recommendations and supporting the processes of their implementation;
– coordinating accreditation procedures;
– evaluating business risk management processes and implementing preventive procedures;
– analyzing and implementing the revenue assurance process;
– leading trainings and workshops;
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (Telekomunikacja Polska S.A.)
IT Services Director 
February 2004 - September 2005 (1 year 8 months)
I was responsible for:
– IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– examining consistency of IT processes;
– planning and managing the revenue assurance process;
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– building and implementing strategies and processes to communication and PR for TP (R&D, IT, Telco);
– building and participating in the strategy of the company for the sale and delivery integrated ICT services and supervising over the correctness of the implementation projects for corporate Clients;
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

IT Division Manager (Service Level Management) 
July 2003 - January 2004 (7 months)
I was responsible for:
– developing and implementing IT service level management proces (SLM);
– auditing and assessing the level of quality IT services (cost and KPI’s analysis);
– designing of customer satisfaction questionnaire, analyzing their results and monitoring the implementation process of the post-survey recommendations (as a Director of Tech Customer Satisfaction Program);
– reporting according to corporate standards (IAS, IFRS, internal TPSA, FT);
– the team management (recruitment, training, motivation, evaluation).

Orange Polska (PTK Centertel sp. z o.o.)
IT Security and Efficiency Division Manager
March 2003 - June 2003 (4 months)
I was responsible for:
– ensuring efficiency, effectiveness and credibility of risk management and hedging revenues (Revenue Assurance);
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– IT security management, personal data protection;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

Support Manager
January 2002 - February 2003 (1 year 2 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– providing cost optimization (TCO reduction over 10% of the annual IT budget);
– implementing the service level management process (SLM);
– auditing and recommending changes to the organization to increase the profitability of the IT activities;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations.

IT Section Manager (Distributed Computing)
June 1999 - January 2002 (2 years 8 months)
I was responsible for:
– planning, implementing and ensuring the proper functioning of the IT services and processes;
– defining IT standards;
– applications and systems management (i.e. Terminal Servers, Business Applications, ITSM systems, ERP and Data Warehouse systems);
– analyzing and implementing solutions to guarantee optimal use of ICT tools;
– conducting internal business audits of the quality and processes (as an ISO Internal Auditor and a member of the team "Promoters of Quality");
– making and supervising implementation of recommendations;
– IT purchasing and logistics (annual budget over $6 million).

IT Help Desk Coordinator
December 1997 - May 1999 (1 year 6 months)
I was responsible for:
– building IT Service Desk and providing support to users of the IT systems;
– conducting internal business audits of the quality and processes (as an ISO
Internal Auditor and a member of the team "Promoters of Quality").

IT Help Desk Consultant
July 1997 - December 1997 (6 months)
I was responsible for:
– building new IT Service Desk and providing support to users of the IT systems.

S.bit
Implementation Specialist
November 1996 - February 1997 (4 months)
I was responsible for:
- planning and implementing company applications;
- end user consulting and training.

Languages knowledge

English, professional proficiency, 
- Cambridge Business English Certificate (BEC) Vantage
- TOEIC – 845 points

Certifications and other credentials

Certified GRC Professional, OneTrust
Credential ID C13652

Certificate of Cloud Security Knowledge Training, Cloud Security Alliance
Credential ID ka5ew7jzga5i

Build Your Knowledge of Cloud Administration, LinkedIn
Credential ID ARotbG4dQGVRhmeSya3Ey3B5bFJM

Cloud Engineering with Google Cloud, Coursera
Credential ID Y6THHL3QKV5T

Prepare for the Azure Fundamentals Certification (AZ-900), LinkedIn
Credential ID AThkjyZSca0Z_WYSNjo7M7ASycRR

Certified Information Systems Auditor (CISA), ISACA
Credential ID 18145433

Accreditation in Quality Assessment / Validation (QA), The Institute of Internal Auditors Inc.
Credential ID 533/16/283

Certified Penetration Testing Engineer (CPTE), Mile2
Credential ID 423400

Certification in Risk Management Assurance (CRMA), The Institute of Internal Auditors Inc.
Credential ID 7914

Certified Internal Auditor (CIA), The Institute of Internal Auditors Inc.
Credential ID 114850

ITIL® Expert Certificate in IT Service Management, APM Group
Credential ID c.851698

Manager's Certificate in IT Service Management ( ITIL®), EXIN
Credential ID c.539504

Microsoft Certified Solution Developer (MCSD), Microsoft
Credential ID B796-4104

Microsoft Certified Application Developer (MCAD), Microsoft
Credential ID B796-4100

Microsoft Certified Database Administrator (MCDBA), Microsoft
Credential ID B796-4093

Microsoft Certified Systems Administrator (MCSA), Microsoft
Credential ID B796-4105

Microsoft Certified Systems Engineer (MCSE), Microsoft
Credential ID B796-4106

Microsoft Certified Professional (MCP), Microsoft
Credential ID B796-4089

cte™ Certified TCO Expert, Gartner

Internal Auditor, Polish Ministry of Economy
Credential ID 2695/ORG

Internal Auditor, British Standards Institution (BSI)
Credential ID PL020799 - 54372

Academic and Post-Graduate Educations

Doctor of Philosophy in management sciences, PhD (PL: dr)
Warsaw University of Technology (Politechnika Warszawska)
Faculty of Management
Wyróżnienie w VI edycji Konkursu o Nagrodę Prezesa Narodowego Banku Polskiego za najlepszą pracę doktorską z zakresu nauk ekonomicznych.

Executive MBA & Diplôme International du Management
The French Institute of Management associé à l'Institut Français de Gestion

Master in management and marketing (PL: mgr)
University of Management and Law in Warsaw (Wyższa Szkoła Zarządzania i Marketingu w Warszawie)
Marketing and Management Faculty

Engineer of mechatronics (PL: inż)
Warsaw University of Technology (Politechnika Warszawska)
Faculty of Mechatronics

Essential of AI
University of Helsinki

Writing in the Sciences Seminar (Statement of Accomplishment)
Stanford University  

Fixed and Security Analysis based on CFA (doradca inwestycyjny)
Koźmiński University (Akademia Leona Koźmińskiego)

Organizations

Academy of  IT Management in Public Administration – Member of the Program Committee
Foundation IT Leader Club Polska – Vice President of the Supervisory Board
Foundation IT Leader Club Polska – Member of the Program Committee
IT Service Management Forum Polska (itSMF) – ex-Vice President of the Management Board (2004 - 2008)
League for Nature Conservation (LOP) – ex-member of the Management Board (1990 - 1995)
The Institute of Internal Auditors (The IIA) – member
ISACA  member 
Association of Martial Artists World Wide  member (Black Belt Council)

Selected List of Published Papers

Banking supervision in Poland, Discussion of possible solutions, edu-Libri, 2017
The organization of the banking supervision models – transformation in selected European countries, JoMS, WSGE, 2016.
Process management in a local bank – a practical process model, JoMS, WSGE, 2015.
The banking product in supervisory regulations - formal and legal aspects of creating a banking product, JoMS, WSGE, 2014.
Internal audit functions in local government units on the background of experience in the banking sector - selected legal aspects, Bezpieczeństwo Informacji Państwa i Biznesu, WSGE, 2014, as co-author. 
Service Level Management (SLM®), series of publications, slm.pl.
Total Cost of Ownershipseries of publications, tco.pl.
The acquisition cost of the IT system, wiedzaifinanse.pl, 2010.
IT cost management, wiedzaifinanse.pl, 2010.
Practical aspects of TCO, Business Excellence Institute, 2008.
Systematic abc-book, author's review of the models used in IT ManagementIDG, 2007.
Management of the quality of IT Services, Business Excellence Institute, 2007.
Basic structure of the SLA, Business Excellence Institute, 2006.