Pawel Wilczynski CISA,CISM,CCSK
Education:
BS, Cum Laude
Bachelor of Science - Computer Science, Networking and Cloud Computing
Salem State University
2010 : 2021
AS
Network Technology & Administration
Bunker Hill CC
2007 : 2009
Forestry
Forestry
Forestry Technical High School in Białowieża, Poland
1997 : 2002
Experience:
Pawel is a manager in BNN’s information systems and risk assurance practice, specializing in cyber security, risk, and IT systems assurance services. Clients turn to Pawel for help conducting cyber assessments, readiness assessments for major frameworks, standards and regulations : e.g : 23 NYDSS 500, PCI DSS, ISO 27001, GLBA, NIST CSF, FedRAMP, third-party risk assessments, CSA STAR and all things cyber.
WE CAN HELP YOU WITH :
• as a virtual Chief Information Security Officer (vCISO)
• Cybersecurity Assessment
• Compliance Readiness Assessments (NIST CSF, PCI DSS, ISO 27001, FedRAMP, CMMC, MS DPR, CSA STAR, HIPAA, Maine Insurance Data Security Act, 23 NYCRR 500)
• CSA STAR Attestation Level 2 : For SOC 2
• Merger and Acquisitions (M&A) Cyber Due Diligence
• Third Party Risk Assessment
• Insurance Agents’ Risk Assessment
• Internal Audit (as related to ISO 27001, 23 NYCRR 500 and HIPAA/HITECH)
• Risk Assessment
• Penetration Testing
• Vulnerability Assessment
He works with a variety of clients – both public and private – with a particular focus on financial and insurance institutions and the technology industry. His clients include financial institution services bureaus, regional banks, and software-as-a-service providers.
2022 : Present
Baker Newman Noyes
Cybersecurity Manager
- Risk Management
- IT Governance
- IT Compliance
- Business Continuity and Disaster Recovery
- Cybersecurity Training for employees
- Model Audit
- PCI DSS compliance
- NYDFS Compliance
2019 : 2022
The Andover Companies
Information Security Analyst III
Lead company-wide adoption of SharePoint online to streamline some paper-based business processes. Modernized Disaster Recovery and Business Continuity initiatives through tabletop exercises and continuous improvement. Closely monitored developing New York DFS regulation to be able to meet its requirements. Assisted with audit requests and responses.
ACHIEVEMENTS
- Risk Management Program
Co-developed and helped implement a new Risk Management Program, based on NIST CSF and NIST 800-53.
- Risk and Vulnerability Assessments, Penetration Testing
Coordinated periodic risk and vulnerability assessments combined with network and application penetration tests. Served as an input for continuous improvement needed to keep up with the changing threat landscape, new regulatory developments, and technology changes driven by business needs.
- Provided guidance on cyber regulatory compliance to ensure our program aligned with new and existing regulatory requirements. Guided business and technology groups to full 23 NYDFS 500 compliance.
- Compliance and Audit
Responded to several periodic compliance and audit requests.
- Model Audit Rule
Developed application with built-in approval allowing for secure evidence collection
2015 : 2019
The Andover Companies
Systems Engineer II
Supported companies from various industry verticals (Tech Ed, Biotech, CPA firm, law firm, Museum, and others) with a wide range of technology needs. Became a subject matter expert consultant among our client firms.
2013 : 2015
FlexManage (Acquired by New Era Technology 2021)
IT Consultant
Built on desktop support experience to become lead System Support Engineer, responsible for all systems’ availability, deployment and maintenance.
2011 : 2012
PetEdge
IT Systems Support Engineer
Company: Baker Newman Noyes
Years of Experience: 18
Spoken Language: English, Polish
I help clients conduct cyber assessments, readiness assessments, penetration testing, vulnerability assessment, and third-party risk assessments for major frameworks, standards and regulations, such as 23 NYCRR 500, PCI DSS, ISO 27001, GLBA, NIST CSF, FedRAMP, CSA STAR, and HIPAA. I also serve as a virtual Chief Information Security Officer (vCISO), providing guidance and support on cyber security strategy, governance, compliance, and risk management. My mission is to enable clients to achieve their business objectives while protecting their information assets and complying with relevant requirements.
WE CAN HELP YOU WITH:
• Cybersecurity Assessment
• Compliance Readiness Assessments (NIST CSF, PCI DSS, ISO 27001, FedRAMP, CMMC, MS DPR, CSA STAR, HIPAA, Maine Insurance Data Security Act, 23 NYCRR 500)
• CSA STAR Attestation Level 2: For SOC 2
• Merger and Acquisitions (M&A) Cyber Due Diligence
• Third Party Risk Assessment
• Insurance Agents’ Risk Assessment
• Internal Audit (as related to ISO 27001, 23 NYCRR 500 and HIPAA/HITECH)
• Risk Assessment
• Penetration Testing
• Vulnerability Assessment
Certifications:
- Certified Information Security Manager (CISM),
- Certified Information Systems Auditor (CISA),
- Certificate of Cloud Security Knowledge (CCSK)
- AWS Certified Cloud Practitioner,
Specialties: NIST SP 800-53, 23 NYCRR 500, PCI-DSS, Model Audit Rule 205, IAM, GLBA Safeguards Rule Amendments (2021), ISO 27001:2022, Risk Assessments, Third-Party Vendor Risk Assessments, Ransomware Readiness Assessments, etc.
I work with a variety of clients – both public and private – with a particular focus on financial and insurance institutions and the technology industry. His clients include financial institution services bureaus, regional banks, and software-as-a-service providers.