offline

Maciej Przesławski Itil Manager Cisa Cissp

Podsumowanie zawodowe:: • Consultant possessing expertise in the IT security field based on the experience gained during Risk Management and IT Governance engagements

• With 2 years' experience in management consulting which involved exposure to mid and senior level management moved to Corporate Information Security Office in the major international bank with operations in more than 60 countries

• Curently responsible for the delivery of IT Risk Assessments of critical Information Systems and IS projects which involves cooperating with penetration testers, security officers, IS departments and audit departments

Zobacz pełny profil

Doświadczenie i referencje

Obowiązki:: • Participating in ABN AMRO/ RBS separation and integration activities related to information security

• Acting as a virtual project team member within internal IT projects to ensure that the security controls of new applications being developed/acquired and deployed within the Bank are adequate to meet the business needs and in compliance with Bank policy and other regulatory requirements

• Delivering security advice and guidance to projects using the Risk Assessment Process or other security consultancy method as directed by the Risk Assessment team management

• Working with IT project teams to raise awareness of security risks arising from the project designs, and recommending mitigating actions (at both a technical and procedural level)

• Liaising with the Business/IT to ensure that all projects complete required security documentation

• Formally documenting residual risks and areas of policy non-compliance for project for risk mitigation/acceptance

Firma:: Ernst & Young Business Advisory (od 2005-09 do 2007-07)

Zobacz profil firmy »

Obowiązki:: Participated in various projects of Technology and Security Risk Services division of Ernst & Young Audit. The most important projects in which I took part include:

• Audit of the project “Development and Implementation of IT system for the Social Insurance Institution” – the largest IT project in Poland – responsible for documentation of business process including identification and assessment of IT controls

• SOX 404 compliance advisory engagements in FMCG company (World’s second largest brewer) – responsible for IT general controls and application controls testing and reporting

• Numerous Financial Audit Support and Assurance engagements for the Telco and FMCG sectors – responsible for documentation of business processes including identification and assessment of IT controls

• Enterprise architecture assessment and analysis (Central Europe’s largest downstream oil company) – responsible for IT systems categorization process and analysis

Obowiązki:: Position involved activities ranging from management and administration of Local Area Network and servers to software development. In this period of time I had a chance to stay current with new technologies, platforms and architectures as well as to gain experience in various areas of business and IT research. The duties included:

• Management and administration of Local Area Network

• Software development in LAMP environment

• Shell scripting

• Microsoft Windows NT/2000 servers administration (DNS, DHCP, file servers)

• Linux servers administration (WWW, Mail, DNS, FTP, firewall)

• User support (installation and administration Windows 2000 workstations)

• Translation of technical articles

Uczelnia:: Politechnika Wrocławska (1999-09 - 2004-06)

Zobacz stronę uczelni »

Przebyte kursy:: CERTIFICATIONS:

• ITIL Service Manager Certificate (V2 - Red Badge)
• ITIL Foundation Certificate (V2 - Green Badge)
• CISA - Certified Information Systems Auditor issued by ISACA
• CISSP - Certified Information Systems Security Professional issued by ISC(2)
• CEH - Certified Ethical Hacker issued by EC Council
• ISO 27001 Lead Auditor

CLEARANCES:

• Security Clearance issued by Internal Security Agency in Poland allowing access to information classified as ’confidential’

TRAININGS:

• ITIL Service Manager - Service Support
• IRCA approved Information Security Management System Auditor / Lead Auditor Training Course for ISO 27001
• Audit & Internal Review (ACCA Paper 2.6)
• Cost Management Accounting (ACCA Paper 1.2)
• Bookkeeping & Accounting (ACCA Paper 1.1)

• Team Working by PriceWaterhouseCoopers
• Risk management in IT projects by Ernst & Young
• Negotiations with internal clients
• Communication with internal clients

• CEH - Certified Ethical Hacker (Chicago, USA)
• Auditing and Securing Oracle Databases (Atlanta, USA)

Organizacje:: ASSOCIATIONS:

• ISACA Information Systems Audit and Control Association

Inne:: • Laureate of Polish nationwide „Grasz o Staz” ("Play for an Internship") academic competition, organized by PriceWaterhouseCoopers and Gazeta Wyborcza

• Competition involved solving 2 case studies related to Information Technology