Aneta Waberska

Director of Information Security and Compliance Products at AuditBoard

San Francisco, CA, United States

Details

Education: Master of Science (MSc)

Faculty : Management, Major : Managerial Decisions Support Systems

University of Economics, Poznan, Poland

2003 : 2009

Bachelor of Science (BSc)

Faculty : Marketing and Management, Major : e-Business

University of Banking and Management in Poznan

2001 : 2004

Experience: 2021 : Present

AuditBoard

Director of Information Security and Compliance Products

• Successfully led the company through SOC 2 readiness assessment and implementation efforts, achieving SOC 2 Type 1 and Type 2 Attestations for Ocrolus global operations and SaaS products (US and India)

• Built out a global compliance team

• Implemented a Governance, Risk and Compliance solution to centrally manage company risks and controls, compliance issues

• Developed a compliance testing and monitoring program, with regular testing of key controls

• Implemented policy governance process, key policies related to technology, security and data protection, and a training program to promote awareness of the new policies

• Implemented and continue to mature employee security awareness program for all locations (including training aligned with employee responsibilities, phishing campaigns)

• Implemented a process to more efficiently and consistently manage customer due diligence process (including response to DDQs, implemented a dedicated solution to streamline the process, reviewing all custom agreements with regard to security and data protection requirements), building relationships with clients and internal sales and business development teams

2019 : 2021

Ocrolus

Head of Compliance

• Successfully led the company through PCI DSS Attestation and SOC 2 Type 2 audit, optimizing existing control environment

• Standardized access management processes, working with various stakeholders across the organization

• Implemented a third party risk management program and conducted vendor security reviews based on vendor risk and significance

2018 : 2019

ASAPP

Director, Information Security Governance, Risk and Compliance

• Led multiple Technology Governance initiatives, serving as trusted adviser on compliance and control related matters throughout the organization

• Drove implementation of Technology Policies and Standards along with a Unified Controls Framework, to address requirements defined in various industry and regulatory frameworks (e.g. NIST, FFIEC, CSA, NY DFS) and to drive readiness for new third party attestations (e.g. SOC 2)

• Built a foundation for a Third Party Trust center to standardize the response process to various requests and questionnaires (including the Standard Information Gathering - SIG questionnaire), and drive towards attestations and certifications to increase third party trust

• Implemented improvements to the Access Management controls framework to provide efficiencies and increased compliance, and mitigate associated risks

2018 : 2018

LendingClub

Director, Technology Compliance & Assurance

• Supervised execution of the annual internal audit plan for business and technology risk-based audits, and other audit projects, managing teams in a co-sourced environment

• Developed annual internal audit plan based on a company-wide risk assessment; developed Internal Audit Universe, in line with the COBIT5 framework, and performed a detailed risk assessment for the technology organization to prioritize audit areas

• Led third party assurance efforts, coordinating with internal stakeholders and external auditors (SOC1, SOC2)

• Provided oversight for the IT SOX Program and assisted stakeholders in control rationalization

• Participated in a GRC (Governance, Risk and Compliance) integrated solution implementation as lead for Internal Audit

• Assisted various stakeholders in advisory capacity in technology and business process related initiatives, providing risk and controls guidance, and building strong relationships with management at all levels

2017 : 2018

LendingClub

Director Internal Audit

Company: AuditBoard

Years of Experience: 17

Spoken Language: English, French, German, Polish

Skills

Access Control, Assurance, Auditing, Business Process Improvement, CISA, COBIT, cobit5, Communication, Compliance, Compliance Assurance, COSO, Cybersecurity, Data Privacy, Defining Requirements, Enterprise Risk Management, External Audit, Financial Services, grc, Identity & Access Management (IAM), Information Security, Information Security Governance, Information Technology, Internal Audit, Internal Controls, ISO 27001, IT Audit, IT Controls, ITGC, IT Security Policies, Leadership, Management, NIST, Policy Compliance, Privacy, Product Quality, Program Management, Project Management, Risk Assessment, Risk Management, Sanction, Sarbanes-Oxley Act, SAS70, Security, SOC 1, SOC 2, Solution-oriented, SSAE16, Startups, Third Party Vendor Management, Segregation of Duties, SOC1, SOC2, Financial Audits, Accounting, IFRS, Big 4, Enterprise Risk, Banking, Consulting, Due Diligence, PMO

About

Audit, compliance and risk management executive with experience working for regulated, fast-paced, technology-focused organizations. Led enterprise-wide governance, risk and compliance programs, process and quality improvement efforts, as well as regulatory and best practice gap assessments. Extremely detail-oriented, leveraged strong analytical, critical thinking and problem solving skills to effectively manage complex, cross-departmental initiatives while effectively collaborating with multiple stakeholders, including executive management.