Rafal Jaworski

Head of Cybersecurity and vCISO specialising in NIS2, DORA, ISMS, GRC and AI Governance.

I support organisations in building mature, compliant and resilient security programmes - from technical oversight to regulatory alignment and executive-level risk leadership.

With more than 15 years of business experience, I have led cybersecurity, GRC and risk management functions across fintech, financial services and international organisations. I have worked as Head of Cybersecurity in a global fintech (valued at $1B), served as vCISO for multiple companies, and acted as COO in one of the cybersecurity companies within a publicly listed capital group.

- NIS2 / DORA readiness, audits and implementation

- vCISO services and cybersecurity leadership

- GRC (governance, risk and compliance)

- ISMS design and ISO 27001 preparation and implementation

- AI governance, EU AI Act readiness and responsible AI controls

- IT security oversight

- Board-level cybersecurity advisory and executive reporting

- Due diligence under ICT and third-party risk management (TPRM)

I combine strategic security leadership with hands-on understanding of compliance, risk and technology. I work with organisations that need clear structure, fast improvement and strong alignment with European regulatory requirements - from planning to execution.

✔ Cybersecurity advisory

✔ Fractional/vCISO engagements

✔ Compliance and risk projects

✔ NIS2 / DORA / AI Act preparation

✔ Audits, assessments, gap analysis and security strategy development

Senior cybersecurity leader delivering measurable results in governance, risk and compliance.

📊Impact in numbers:

- Secured information assets valued at ~$1.5B

- Ran a zero-audit programme across 10 critical domains in under 3 months

- Delivered SAT training to 1 000+ employees across multiple regions

- Built a proprietary DDQ with 50+ security controls for TPRM