Tomasz Pawlak

Phone: +48 616 660 245
Email: kontakt@igrc.pl

Professional Summary

Senior IT Security and Risk Management professional with over 20 years of experience in enterprise‑class environments. Specialized in Identity & Access Management (IAM) Governance, Security Governance, Risk Management, and CISM‑level security leadership. Strong background in SOX audit support, privileged access governance, cybersecurity advisory, operational risk, firewall operations, and global network engineering. Recognized for analytical thinking, diligence, collaboration, and pragmatic problem‑solving.

Core Competencies

Identity & Access Management (IAM) Governance
Security Governance & Compliance
SOX Audit Support & Privileged Access Management
Risk Management & Operational Risk Reporting
Business Continuity & Disaster Recovery
Cybersecurity Advisory & Vulnerability Management
Firewall Operations & Network Security
Stakeholder Communication & Leadership Support
CISM‑level Security Knowledge

Work Experience

Senior Identity & Access Management Analyst – Governance & Monitoring

01.2023 – Present

Privileged Access Management support for SOX‑regulated assets. Point of contact for internal and external SOX audits. Process and data analysis for access certifications.

Achievements: No major audit findings, Ahead Together Award 2025, Silver Global Recognition 2024.

Security Consultant

07.2022 – 12.2022

Presenter on Information Security Officer training for an automotive customer.

Cybersecurity Audit & Risk Advisor

06.2021 – 06.2022

Security compliance, Business Continuity/Disaster Recovery governance, IAM process owner support.

Achievements: Delivered multi‑area security project support for a pharmaceutical enterprise.

TSR Senior Engineer, Security Solutions

03.2020 – 05.2021

Supported application owners in protecting sensitive data (GxP/SOX). Improved vulnerability management, server hardening, cloud security, and risk reporting.

Risk and Compliance Specialist

10.2019 – 03.2020

Compliance operations support for internal applications and services.

Governance, Risk & Compliance Consultant

04.2017 – 09.2019

IAM risk consultancy, operational risk approvals, reporting, vulnerability dashboards, QRC support, and change approvals for validated IAM applications.

IT Risk & Continuity Planning Consultant

07.2014 – 03.2017

ITCP Test Manager, infrastructure risk assessments, monthly risk dashboards, global security assessment participation.

Perimeter Delivery Specialist

08.2013 – 01.2014

Firewall changes, S2S VPN implementations, and network security deployments.

Perimeter Operations Specialist

06.2010 – 06.2014

Firewall monitoring, incident resolution, SIEM log integration, SNMPv3 setup, on‑call support, training delivery.

Junior / Network Analyst

06.2008 – 06.2010

Global network operations support, WAN/LAN/RAS/VPN/DNS incidents, vendor coordination.

Computer Scientist / Network Administrator – Customs Service

05.2007 – 06.2008

Electronic signature implementation, Sybase monitoring, network design, NTP testing, ThinStation Linux terminal deployment.

Certifications & Training

Certified Identity Governance Expert (CIGE) – in progress (2026)
CISM – Certified Information Security Manager (2022)
Check Point Certified Security Expert (CCSE, 2013)
Azure Fundamentals AZ‑900, SC‑900; Google Cloud Digital Leader; AWS Cloud Quest
Technology Risk Management Conferences (2016–2018)
Advanced Threat Summit (2015)
Security governance, data breach response, and micro‑entrepreneur security training (2025)

Soft Skills

Clear communication with technical and leadership stakeholders
Strong attention to detail in documentation and analytics
Cross‑organizational perspective and influence
Team collaboration and support
Structured meeting facilitation
Languages: Polish (native), English (independent user)

Back to HomePage