Professional Summary
• IT Consultant possessing expertise in the IT security field based on a experience in the security risk assessments aligned with security management standards
• With 2 years' experience in management consulting which involved exposure to mid-level management moved to Corporate Information Security Office in the major international bank with operations in more than 60 countries
• Curently responsible for the delivery of IT Risk Assessments of critical Information Systems and IS projects which involves cooperating with penetration testers, security officers, IS departments and audit departments
• With 2 years' experience in management consulting which involved exposure to mid-level management moved to Corporate Information Security Office in the major international bank with operations in more than 60 countries
• Curently responsible for the delivery of IT Risk Assessments of critical Information Systems and IS projects which involves cooperating with penetration testers, security officers, IS departments and audit departments
Contact Info
Email
(work)
(home)
Work/Education
Work Experience
ABN AMRO Bank N.V.
/ Technology Risk Analyst
2007 -
Present
• Participating in ABN AMRO/ RBS separation and integration activities related to information security
• Acting as a virtual project team member within internal IT projects to ensure that the security controls of new applications being developed/acquired and deployed within the Bank are adequate to meet the business needs and in compliance with Bank policy and other regulatory requirements
• Delivering security advice and guidance to projects using the Risk Assessment Process or other security consultancy method as directed by the Risk Assessment team management
• Working with IT project teams to raise awareness of security risks arising from the project designs, and recommending mitigating actions (at both a technical and procedural level)
• Liaising with the Business/IT to ensure that all projects complete required security documentation
• Formally documenting residual risks and areas of policy non-compliance for project for risk mitigation/acceptance
• Acting as a virtual project team member within internal IT projects to ensure that the security controls of new applications being developed/acquired and deployed within the Bank are adequate to meet the business needs and in compliance with Bank policy and other regulatory requirements
• Delivering security advice and guidance to projects using the Risk Assessment Process or other security consultancy method as directed by the Risk Assessment team management
• Working with IT project teams to raise awareness of security risks arising from the project designs, and recommending mitigating actions (at both a technical and procedural level)
• Liaising with the Business/IT to ensure that all projects complete required security documentation
• Formally documenting residual risks and areas of policy non-compliance for project for risk mitigation/acceptance
Independent Professional (Self-employed)
/ Independent Professional (Self-employed)
2007 -
2008
• Providing consultancy in the area of IT security
Ernst & Young Business Advisory
/ Consultant
2006 -
2007
Provided IT consultancy in numerous projects of Technology division of Ernst & Young Business Advisory. The most important projects in which I took part include:
• Enterprise architecture assessment (Largest bank in Poland) – responsible for IT systems categorization process and analysis
• Change Management Project in area of Finance and Accounting (Poland’s largest FMCG company) covering adjustments of the organizational structure and processes as well as development of IT tools for transition period related to IT system implementation and reengineering of Finance and Accounting Departments – responsible for analysis of IT systems functionalities and interfaces as well as development and implementation of new solutions for the transition period
• Legal compliance engagements (World's largest FMCG company) – responsible for the whole engagements
• Business risk assessment (Central Europe’s largest insurance institution) – responsible for IT risk assessment and reporting
• Enterprise architecture assessment (Largest bank in Poland) – responsible for IT systems categorization process and analysis
• Change Management Project in area of Finance and Accounting (Poland’s largest FMCG company) covering adjustments of the organizational structure and processes as well as development of IT tools for transition period related to IT system implementation and reengineering of Finance and Accounting Departments – responsible for analysis of IT systems functionalities and interfaces as well as development and implementation of new solutions for the transition period
• Legal compliance engagements (World's largest FMCG company) – responsible for the whole engagements
• Business risk assessment (Central Europe’s largest insurance institution) – responsible for IT risk assessment and reporting
Ernst & Young Audit
/ Information Systems Auditor
2005 -
2006
Participated in various projects of Technology and Security Risk Services division of Ernst & Young Audit. The most important projects in which I took part include:
• Audit of the project “Development and Implementation of IT system for the Social Insurance Institution” – the largest IT project in Poland – responsible for documentation of business process including identification and assessment of IT controls
• SOX 404 compliance advisory engagements in FMCG company (World’s second largest brewer) – responsible for IT general controls and application controls testing and reporting
• Numerous Financial Audit Support and Assurance engagements for the Telco and FMCG sectors – responsible for documentation of business processes including identification and assessment of IT controls
• Enterprise architecture assessment and analysis (Central Europe’s largest downstream oil company) – responsible for IT systems categorization process and analysis
• Audit of the project “Development and Implementation of IT system for the Social Insurance Institution” – the largest IT project in Poland – responsible for documentation of business process including identification and assessment of IT controls
• SOX 404 compliance advisory engagements in FMCG company (World’s second largest brewer) – responsible for IT general controls and application controls testing and reporting
• Numerous Financial Audit Support and Assurance engagements for the Telco and FMCG sectors – responsible for documentation of business processes including identification and assessment of IT controls
• Enterprise architecture assessment and analysis (Central Europe’s largest downstream oil company) – responsible for IT systems categorization process and analysis
Education
View All
Public stream
