Poland
Cybersecurity professional with expertise in information security governance, risk management, and regulatory compliance (GRC) across highly regulated industries. Experienced in policy development, security controls implementation, and compliance with ISO 27001, NIST, GDPR, DORA, and NIS2 frameworks. Skilled in incident response and audit collaboration, business continuity planning, and leading security awareness initiatives; advancing toward CISSP certification and actively engaged with ISSA Polska to stay ahead of emerging cybersecurity challenges.
As an Information Systems Security Officer, I operate with a high degree of autonomy, driving initiatives that strengthen the organization’s cybersecurity posture. My role covers developing and implementing security policies aligned with ISO 27001, NIST, GDPR, NIS2, and DORA while working directly with executives, technical teams, and external partners. I lead incident investigations, oversee risk assessments, and regularly brief senior leadership on emerging threats and KPIs. With the trust to make independent security decisions, I guide the organization in adopting best practices for threat detection, vulnerability management, and proactive risk mitigation—ensuring secure delivery of financial services. Key Highlights: • Partnered with IT, business units, and third-party vendors to strengthen security reviews for new initiatives • Led complex cybersecurity incident investigations, coordinating technical teams and ensuring timely recovery. • Introduced practical security policies that became part of daily operations and improving overall security risk awareness. • Worked directly with senior leadership and external auditors to close critical security gaps. • Launched phishing simulations and interactive workshops that made security awareness more engaging across the organization • Provided hands-on guidance and mentorship to junior staff, helping them grow into stronger cybersecurity professionals.
Worked on large-scale European Commission government projects under the TAXUD program, ensuring the security of infrastructure and applications across multiple environments. Operated with high autonomy, taking responsibility for hardening systems, managing vulnerabilities, and supporting risk mitigation efforts. Oversaw the full patch management lifecycle, maintained Active Directory environments, and managed access reviews and onboarding processes to ensure secure account handling. Partnered with senior stakeholders to align cybersecurity priorities with project needs, making sure security was embedded into planning and execution. Key Highlights: •Led system hardening and vulnerability management initiatives to strengthen project security. •Managed patching and update processes, ensuring timely deployment of security fixes. • Administered Active Directory, including user provisioning, access reviews, and privileged account controls. •Worked directly with senior stakeholders to ensure cybersecurity requirements were fully integrated into project delivery. ————— Note: IBM’s infrastructure services division transitioned to Kyndryl in November 2021. My role, responsibilities, and project scope remained unchanged during and after the spin-off.