Poznań, Wielkopolskie, Poland
Experienced InfoSec/IT Governance, Risk and Compliance (GRC) manager with tech background. Constantly trying to find the best way to provide robust information security governance, oversight and support for products and operations, taking into account business agreements, staying fully secure and compliant with regulatory requirements. IT Security ninja - a bridge between business, stakeholders and tech experts, with a proven track record. Skills & Experience: ● IT GRC - Comprehensive InfoSec technology risk assessment, management and overall treatment, covering policy and regulatory compliance aspects, ● stakeholder management, ability to translate technical issues and challenges into business risks, ● strong communication, analytical, presentation, reporting and problem-solving skills, ● experience on penetration testing & security audits (design, preparation, execution, oversight and finding management), ● deep understanding of technology topics like hybrid/cloud security/Azure, UNIX/Linux, middleware, DBs, encryption, virtualization, networking and many more (born on Linux), ● solid IT background allows me to quickly assimilate new solutions and skills, ● team management. I will consider any interesting opportunities.
National Information Security Officer Delegate, mainly responsible for: • InfoSec oversight to technology solutions risk assessment and treatment; • deep business support and advisory; • oversight, governance and verification of technology vulnerabilities and risks related; • translation of discovered risks to stakeholders; • cooperation with ISO, RISO and CISO, working on clustering and implementation of regional security solutions widely; • participating in external ISO27001 and internal audits.
Second line of defense senior member within EMEA Technology, Third Party, Resiliency and Data Risk Management team, covering duties, but not limited to: • overseeing, governing and verifying risks associated relevant areas/aspects, with strong focus on associated Legal Entities; • supporting and conducting risk reviews and it's methodology; • taking part in regulatory engagements from 2LOD perspective; • conducting thorough reviews of audit/regulatory action points closure; • acting as a Bank security officer assigned to European Bank and designated to Luxembourg; • collaborating on international alignment and streamlining; • member of legal entity-wide steering committees and working groups.
Overseeing IT GRC area for 29 CEE countries across PwC, including • technology and vendor assessments; CEE CISO support; • stakeholder management (including board members and country managers); • deep business support and technology information security advisory; • policies, standards and compliance (member of global policy committee); • junior team members coaching
Member of Global Network Information Security and Regional CEE Information Security Risk and Compliance Team, major duties: • Information security risk assessment, management and global alignment, • GRC, ISMS, • Policies & procedures refreshment&implementation, • Pentest management, • PwC business support, • Information Security Officer & security advisor duties.
• penetration testing (black, white, gray box), • security audits, • risk assessments/analysis, • ITSEC advisory, • application/services security analysis, • pre/sales of ITSEC services
• Linux/UNIX, • DNS, • HA websites, • LAN, WLAN, WAN, • AD, internal tech support