Download PDF


PROFILE: • Consultant possessing expertise in the IT security field based on the experience gained during Risk Management and IT Governance engagements • With 2 years' experience in management consulting which involved exposure to mid and senior level management moved to Corporate Information Security Office in the major international bank with operations in more than 60 countries • Curently responsible for the delivery of IT Risk Assessments of critical Information Systems and IS projects which involves cooperating with penetration testers, security officers, IS departments and audit departments LANGUAGES: • Polish (native) • English (professional) TOEIC:985/990 (2008) • German (intermediate) CERTIFICATIONS: • CEH - Certified Ethical Hacker issued by EC Council • ISO 27001 Lead Auditor • IT Infrastructure Library (ITIL) Foundation issued by EXIN EXAMINATIONS PASSED: • CISA - Certified Information Systems Auditor issued by Information Systems Audit and Control Association (ISACA) – passed CISA exam, waiting for certification • Associate of ISC(2) – passed CISSP exam, waiting for certification CLEARANCES: • Security Clearance issued by Internal Security Agency in Poland allowing access to information classified as ’confidential’ TRAININGS: • Auditing and Securing Oracle Databases • IRCA approved Information Security Management System Auditor / Lead Auditor Training Course for ISO 27001 • CEH - Certified Ethical Hacker (Chicago, IL, USA) • Audit & Internal Review (ACCA Paper 2.6) • Cost Management Accounting (ACCA Paper 1.2) • Bookkeeping & Accounting (ACCA Paper 1.1) • Team Working by PriceWaterhouseCoopers • Risk management in IT projects (case study) by Ernst & Young • Negotiations with internal clients • Communication with internal clients ASSOCIATIONS: • ISACA Information Systems Audit and Control Association SHORT TERM GOALS: • Currently pursuing CIA certification


FUNCTIONAL: • Project Risk Management • IT Security Audit • IT Risk Assessment • Sarbanes-Oxley Act Compliance INDUSTRIAL: • Financial Services • Information Technology

Work experience

Security / Network Administrator

Research & Development Institute

Position involved activities ranging from management and administration of Local Area Network and servers to software development. In this period of time I had a chance to stay current with new technologies, platforms and architectures as well as to gain experience in various areas of business and IT research. The duties included:• Management and administration of Local Area Network • Software development in LAMP environment• Shell scripting• Microsoft Windows NT/2000 servers administration (DNS, DHCP, file servers) • Linux servers administration (WWW, Mail, DNS, FTP, firewall) • User support (installation and administration Windows 2000 workstations)• Translation of technical articles

Information Systems Auditor

Ernst & Young Audit

Participated in various projects of Technology and Security Risk Services division of Ernst & Young Audit. The most important projects in which I took part include:• Audit of the project “Development and Implementation of IT system for the Social Insurance Institution” – the largest IT project in Poland – responsible for documentation of business process including identification and assessment of IT controls• SOX 404 compliance advisory engagements in FMCG company (World’s second largest brewer) – responsible for IT general controls and application controls testing and reporting• Numerous Financial Audit Support and Assurance engagements for the Telco and FMCG sectors – responsible for documentation of business processes including identification and assessment of IT controls• Enterprise architecture assessment and analysis (Central Europe’s largest downstream oil company) – responsible for IT systems categorization process and analysis


Ernst & Young Business Advisory

Provided IT consultancy in numerous projects of Technology division of Ernst & Young Business Advisory. The most important projects in which I took part include: • Enterprise architecture assessment (Largest bank in Poland) – responsible for IT systems categorization process and analysis• Change Management Project in area of Finance and Accounting (Poland’s largest FMCG company) covering adjustments of the organizational structure and processes as well as development of IT tools for transition period related to IT system implementation and reengineering of Finance and Accounting Departments – responsible for analysis of IT systems functionalities and interfaces as well as development and implementation of new solutions for the transition period• Legal compliance engagements (World's largest FMCG company) – responsible for the whole engagements• Business risk assessment (Central Europe’s largest insurance institution) – responsible for IT risk assessment and reporting

Independent Professional

Independent Professional

• Providing consultancy in the area of IT security

Technology Risk Analyst


• Participating in ABN AMRO/ RBS separation and integration activities related to information security• Acting as a virtual project team member within internal IT projects to ensure that the security controls of new applications being developed/acquired and deployed within the Bank are adequate to meet the business needs and in compliance with Bank policy and other regulatory requirements• Delivering security advice and guidance to projects using the Risk Assessment Process or other security consultancy method as directed by the Risk Assessment team management• Working with IT project teams to raise awareness of security risks arising from the project designs, and recommending mitigating actions (at both a technical and procedural level)• Liaising with the Business/IT to ensure that all projects complete required security documentation• Formally documenting residual risks and areas of policy non-compliance for project for risk mitigation/acceptance



Politechnika Wroclawska

• Specialization: Information and Network Systems• Thesis title: Implementation of business to customer system in hardened LAMP environment• Subject matter: Platform specific secure development standards