You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Mateusz BielawskiMB

Mateusz Bielawski

Security & Privacy by Design Architect

€800/day
Białystok, PL
8-15 years

Average response time: 1 hour

About Mateusz

I bridge the gap between strict EU regulations and production-ready IT architecture. As a Security & Privacy by Design Architect with a 9+ year software engineering background, I translate complex mandates into precise technical frameworks and blueprints that your development teams can easily execute.
Running my own consultancy, I break down regulations into actionable architecture for modern businesses, ensuring robust data security without killing engineering velocity.
If your organization is navigating the EU AI Act, GDPR/RGPD, CRA, NIS2, or DORA compliance, I am here to inject clarity into your high-level tech stack.
What I bring to the table:
  • Regulatory Authority: CIPP/E — the gold standard in EU data protection and Privacy by Design (Art. 25). Actively expanding into AI Governance.
  • Technical Security: CSSLP (ISC²) — Certified Secure Software Lifecycle Professional, validating end-to-end secure development expertise.
  • Technical Verification: CompTIA Security+ certified (Zero Trust, Cloud Infrastructure, IAM). Driven by a strong background as an M.Sc. Eng. in Computer Science.
  • Pragmatic Approach: 9+ years of core software engineering. I speak the language of your developers and legal department simultaneously.
How I help your business (Services):
  • Security & Privacy by Design: Structuring application frameworks, APIs, embedded software, and data stores to naturally comply with GDPR, CRA, NIS2, and DORA.
  • AI Hardening & LLM Security: Designing secure data flows and guardrails for GenAI/RAG architectures. I protect models against Prompt Injection, Data Poisoning, and Data Exfiltration.
  • Supply Chain & SBOM Governance: Implementing Secure SDLC (SSDLC) and Threat Modeling frameworks for automated SBOM generation under CRA mandates.
  • vCISO & Strategic Audits: Detecting architecture-level data gaps and representing your security posture directly to board members.
Available for remote contracts across the EU (specializing in DACH and Nordic markets).
  • Polish

    Native or bilingual

  • English

    Fluent

  • French

    Fluent

  • German

    Fluent

  • Danish

    Fluent

  • Esperanto

    Conversational

Remote only
Primarily works remotely

Experience

  • WinterIT
    Founder
    DIGITAL AND IT
    November 2025 - Today (9 months)
    Founded an independent security and privacy engineering consultancy focused on dismantling the friction between strict EU regulations (DORA, NIS2, GDPR) and modern corporate IT landscapes.

    I deliver precision architecture reviews, data lifecycle security, and fractional vCISO services for high-stakes industries, including Fintech, iGaming, and Cloud Enterprise SaaS.

    Key Areas of Execution & Services Delivered:

    • Regulatory-to-Technical Translation: Converting complex compliance mandates (GDPR/RODO, DORA, NIS2) into production-ready software architectures, secure API lifecycles, and hardened SQL database schemas.
    • Privacy by Design Implementation: Leading structural audits of active development pipelines to ensure data minimization, pseudonymization, and secure access controls are baked into the core code, rather than patched on top.
    • Data Loss Prevention (DLP) & Governance: Designing robust information protection strategies using Microsoft Purview to safeguard proprietary enterprise data, regulate cloud communication, and mitigate exposure risks related to corporate AI/LLM integrations.
    • Industry Thought Leadership & Research: Actively producing deep-dive technical articles and architectural blueprints focused on emerging European cybersecurity frameworks and practical Data Governance for modern tech stacks.

    Operating as a high-end, agile B2B partner for European organizations requiring immediate, executive-level technical authority without the bureaucratic overhead of traditional big-four consulting firms.
    SSDLC Information Security Governance IT-Security Compliance GDPR
  • Software Mind
    SENIOR SOFTWARE ENGINEER
    December 2022 - Today (3 years and 8 months)
    Security Outreach (Frontend Guild): Promoting "security first" culture and sharing frontend knowledge byconducting Threat Modelling workshops and expertsessions on SBOM and Software Supply Chain Security (npm). Engineering & Privacy:Architecting secure React/Next.js systems for US/DACH markets; implementing Privacy by Design (GDPR) in frontend data flows and caching strategies. Technical Stack: Leveraging Vite-based monorepos, Storyblok (headless CMS), and React Queryfor high performance, scalableweb applications.
    Software Engineering Privacy by design SSDLC
  • Shiji Poland
    FRONTEND DEVELOPER
    November 2021 - November 2022 (1 year)
    Quality & Code Review: Conducted rigorous Code Reviewswithin the React ecosystem to identify logical flaws and vulnerabilities; mastered debugging to achieve a 50% reduction in production defects. Standards Alignment: Successfullyelevated team engineering standards, aligning software qualitywith organizational benchmarks.

Recommendations

Be the first to recommend Mateusz

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • IAPP CIPP/E (Certified Information Privacy Professional/Europe)
    IAPP CIPP/E (Certified Information Privacy Professional/Europe)
  • CompTIA Security+
    CompTIA Security+

Certifications

Skill set

Categories