Information security & IT audits
Structured assessments focused on understanding controls, collecting evidence and identifying gaps across key technology and security areas.
Auditor & advisor | Cyber & IT GRC
Cyber, compliance and IT risk guidance for growing organisations.
I help organisations assess technology risk, improve governance, and prepare for regulatory and third-party scrutiny with a practical audit mindset.
Services
What is the issue?
Audit, advisory and compliance support — scoped to what the organisation actually needs, delivered with the rigour of a regulated environment.
NIS2 & UKSC compliance audits
Readiness and gap-review work designed to help organisations understand where policy, governance and operational controls need strengthening.
Vendor & third-party risk audits
Support for evaluating external providers, contract-related risk and the evidence needed to assess technology dependencies with confidence.
DORA & GRC advisory
Practical advisory support connecting regulation, governance and operational evidence so compliance efforts are understandable and actionable.
vCISO services
Fractional strategic support for organisations that need governance structure, oversight and security direction without a full-time executive hire.
IoT security & implementation advisory
Support for organisations designing, deploying or reviewing IoT environments — covering architecture decisions, device and network security, and alignment with relevant regulatory expectations.
Contact me:
Profile
About
With experience across Big Four advisory and financial sector environments, I work at the intersection of IT audit, cyber risk and governance — helping organisations understand their control landscape, meet regulatory expectations and manage third-party exposure with confidence.
Background
My career spans audit engagements at EY and KPMG, followed by in-house roles at ING Hubs Poland, where I moved from third-party cyber risk assessments to contract gap analysis and IT risk governance. That progression gives me both the auditor’s eye for evidence and the practitioner’s understanding of how organisations actually operate.
Approach
I work with a structured, evidence-first methodology — understanding the control environment before drawing conclusions, and communicating findings in language that makes sense to both technical teams and senior stakeholders. Engagements are scoped to the actual risk exposure, not a standard template.
Experience
Career path
From Big Four audit engagements to in-house risk and governance roles — each position added a distinct layer of practical experience.
IT Risk Security Officer
Focused on new and extended contract gap assessments and review of supporting documentation across core IT and governance control domains.
Information Security Auditor
Worked on third-party cyber risk assessments, DORA-related coordination work and internal quality improvement around assessment evidence and guidance.
Junior Consultant
Delivered IT, information security, ESG audit work and advisory support for major international clients.
Junior IT Auditor
Contributed to information technology and security audit engagements with an emphasis on SOX-related control testing and compliance-related assessment.
Expertise
Knowledge base
A working knowledge of the standards and methodologies that underpin modern IT audit and cyber risk practice.
NIST
COBIT
ITIL
COSO
ISO 27001 family
SOC 1 / SOC 2
PCI DSS
OSPAR
NIS 2
UKSC
DORA
IoT