Freelancer: Projekt- und Pr�fungsleiter Financial Services und Cross-Industry

Freiberufler / Selbstst�ndiger

Remote-Arbeit

Verf�gbar ab: 01.01.2024

Verf�gbar zu: 100%

davon vor Ort: 30%

Top-Skills

IT Governance, Risk & Security (IT GRC)

Sprachen

English

French

German

Spanish

Einsatzorte

L�nder

Deutschland, Schweiz, �sterreich

Remote-Arbeit

m�glich

Projekte

4 Jahre 2 Monate

2017-07 - 2021-08

IT Risk Management and IT Key Control Testing

Management Consultant and (Multi-)Projectmanager Kanban agile

Rolle

Management Consultant and (Multi-)Projectmanager

Projektinhalte

Various roles in various projects (Consulting) covering IT Risk Management topics and evaluations of the bank-wide Internal Control System including Interim Management and Consultation in projects and departments.

Kenntnisse

Kanban agile

Einsatzort

Frankfurt am Main

6 Monate

2017-01 - 2017-06

Interim Internal Audit Function

Interim Audit Manager & Consultant

Rolle

Interim Audit Manager & Consultant

Projektinhalte

Interim Audit Function over all areas. Audit Management, Consultation and Audit Conduction.

Kunde

Sparkasse Finanzinformatik Solutions Plus

Einsatzort

Frankfurt am Main

3 Jahre 11 Monate

2012-12 - 2016-10

Lead Auditor IT in a major global investmant bank, managing global interdisciplinary audit projects with up to 10 auditors and up to 250 man days of budget.

Lead IT Auditor

Rolle

Lead IT Auditor

Projektinhalte

NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.

Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:

Audit planning (plan, resources, scope) and stakeholder management (auditees, senior management, external vendors like IBM, GFT, HCL, CGI, SMC and many others). Fieldwork performance and management. Audit reporting and findings agreement. Audit and vendor coverage management.

I managed audits and performed fieldwork by myself for the following areas:

Regulatory compliance, e.g. for FATCA, SOX and respective compliance implementation projects and operations. Analysis of requirements, test coverage and sufficient operational controls.
Auditing of large scale change and digitalization initiatives, programs and sub-projects with following topics:
- Analysis of adequate program setup and respective governance structures incl. senior management steering committees and their setup (incl. PMO, risk & issue tracking/management) over all phases of programs (planning, implementation, testing incl. UAT, go-live and post go-live). Analysis of quality management measures, adequate security concepts and sufficient non-functional requirements consideration.
- Roll-out of a lending core banking system (SAP CML) and migration of data from legacy systems.
- SEPA compliance and respective implementation projects.
- Implementation of a consolidated risk rating engine after a merger & acquisition (M&A) with another major bank.

Analysis of corporate outsourcing and intra-group service governance and processes in an environment with 10.000+ vendors incl. strategic, large scale outsourcing deals including full datacenters and major parts of IT infrastructure and application landscape. Analysis of service level agreements, statements of work, contracts respective KPI setup for tracking/monitoring of service delivery and adequate governance structures and processes.
Analysis of global program governance frameworks aimed for usage in a worldwide scale in all countries and subsidiaries.
Analysis of online and mobile banking and brokerage propositions in various countries (i.a. Germany, Belgium, India) incl. adequate data leakage prevention, IT and cyber security measures, availability/DR/BCM, scalability, identity & access management for clients (tokens, authentication and authorization apps), processes and governance incl. payments transactions and processing. Validation of compliance to regulations like SecuRePay, MASI, MaRisk.
Analysis of direct electronic banking channels for corporate clients (e.g. EBICS, SWIFT) and respective software and appplications.
Cash management for corporates incl. governance, processes, daily reconciliations etc.
Securities processing, custody, trading and brokerage with direct connections to global stock exchanges (e.g. Deutsche Börse, Euronext). Validation of compliance to local securities trading acts (e.g. WpHG).
Setup of a global SAP governance framework with 30+ SAP instances incl. governance processes for patching, system security and code management using VirtualForge CodeProfiler and SystemProfiler. Found issue remediation in system configuration and ABAP and Java code. Validation of underlying infrastructure security regarding vulnerability and (cyber-)threats on OS and database level.
Auditing of self-service banking (SB) governance, processes and infrastructure (SB-terminals). Intrusion protection of SB-terminals, terminal software development, testing and deployment management incl. payments transactions and processing.
Analysis of anti-money laundering (AML) and know-your-client (KYC) processes during onboarding of clients. Validation of compliance, adequate governance and process setup incl. status senior management reporting.
Validation of mobile application management of the bank, incl. processes around development, testing, and app-store upload/deployment (Windows Mobile, iOS, Android).

Kunde

Financial Industry

Einsatzort

Frankfurt, Germany

1 Jahr 8 Monate

2011-05 - 2012-12

Carve-out SEB Retail Branch

Project Manager

Rolle

Project Manager

Projektinhalte

Project Description:

(Co-)Workstream Lead in the carve-out project of the SEB Retail Banking branch and the following migration of data and systems (Group IT Germany). Interface between the teams of Banco Santander and SEB.

Tasks:

Data Quality Management
Data Analysis
Coordination of multipleProject Activities in international projects
Business Analysis
Defectmanagement in the ETL-Environment
Moderation ofworkshops, performance ofinterviews for analysis and information gaining purposes.
Process Development
Several Activities in the area of customer master data as well as in the area of private and merchant bank accounts, loans and avales.

Produkte

Oracle DB2 Informatica ETL Engine HP Quality Center Core Banking Systems MS Office MS Project Enterprise Architect

Kunde

SEB Bank / Banco Santander

Einsatzort

Frankfurt, Germany

Rolle

Project Manager

Projektinhalte

Project Description:

Validation of the risk and compliance environment of IT processes. Coaching and expert consulting regarding IT governance, risk and compliance. Analysis and optimisation of processes.Reorganisation and optimisation of IT controls and IT control functions.

Tasks:

Planning and coordination of the Risk Management System Audit and its implementation in the organization
Identification and mitigation of undetected risks
Restructuring of processes and process controls
Moderation of workshops, performance of interviews for analysis and information retrieval
Coaching and expert consulting

Produkte

? Auditing of IT processes and the IT organisation compliant with standards like IDW PS 330; PCAOB und ISA COSO ERM ITIL v3 COBIT 4.1

Kunde

EnBW SystemeInfrastruktur Support GmbH

Einsatzort

Karlsruhe, Germany

11 Monate

2010-01 - 2010-11

SOX Implementation Heidelberger Leben / Clerical Medical Europe

Sub-project Manager

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Operationalisation of the Enterprise Risk Management (ERM) and development of an Internal Control System, based on the requirements of Sarbanes Oxley Act’s Section 404 (SOX).Analysis of the baseline situation, including a Gap-Analysis.documentation of the relevantprocess and process controls.

Tasks:

Establishment of a baseline and analysis of the quality and quantity of available risk management system documentation
Analysis of the existing processes and process controls
Gap-Analysis based on the requirements of theSarbanes Oxley Act
Optimisation of processes and process controls
Coordination oft he implementation and documentation of new and adapted processes and process controls

Produkte

Methodic use of automation potentials for achieving the posed control goals Constant orientation on a risk based approach (COSO) Implementation of anInternal Control Systemin the IT department compliant with SOX Section 404

Kunde

Lloyds Banking Group plc, London

Einsatzort

Heidelberg, Germany; Maastricht,Netherlands; Luxemburg

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Audit of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the annual audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Produkte

SAP FI/CO Different infrastructuretechnologies PwC Standard audit method for ITGC and Internal Control Systems

Kunde

Bernstein AG, Porta Westfalica

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Audit of the Internal Control System within the context of the annual audit for 2009.

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009

Produkte

PwC Standard audit method for Internal Control Systems

Kunde

Stahlwerk Bous GmbH, Bous

Einsatzort

Bous, Germany

Sector / Client:�� Duni GmbH, Bramsche

Project Title:�� Annual Audit 2009

Duty Station:�� Bramsche, Germany

Date:�� 11/2009

Project Description:

Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.

�

Role:

Sub-project Manager

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Methods:

PwC Standard audit method for ITGCs and Internal Control Systems
Diverse IT Infrastructure Technologies
SAP R/3

Sector / Client:�� KCA Deutag GmbH, Bad Bentheim

Project Title:�� Annual Audit 2009

Duty Station:�� Bad Bentheim, Germany

Date:�� 11/2009

Project Description:

Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual final audit of 2009.

�

Role:

Sub-project Manager

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Methods:

PwC Standard audit method for ITGCs and Internal Control Systems
Diverse IT Infrastructure Technologies
SAP ASAP�

Sector / Client:�� Tyco Group, Schaffhausen (Schweiz)

Project Title:�� 3rd Party Risk Assessment 2009/2010

Duty Station:�� Munich, Germany

Date:�� 10?11/2009

Project Description:

Coordination of the Risk Assessment of a total of 30,000 suppliers and clients (third parties) of the Tyco Group and its subsidiary companies.

�

Role:

Senior Business Analyst

Tasks:

Preparation and mailing of the Risk Assessment Surveys to the third parties, as well as documentation and analysis of answers
Optimisation of the processes and procedures within the Project Management Office
Development of an automized tool for the processing of the received third party data
Quality assurance of the daily, weekly and monthly status reporting

Methods:

Intensive use of MS Excel and MS Powerpoint
Development of automatized tools based on MS Visual Basic for Applications (VBA)
Compliance with predefined quality standards forproject status reporting

Sector / Client:�� Hitachi Metals Europe GmbH

Project Title:�� SOX@Hitachi Metals 2009

Duty Station:�� D�sseldorf, Germany

Date:�� 10/2009 ? 04/2010

Project Description:

Projectfor the continuation of the implementation and optimisation of an Internal Control System compliant with SOX section 404 in the context of Enterprise Risk Management (ERM) based on COSO. Documentation and coordination of the testing process and process controls in the sales department.

�

Role:

Sub-project Manager

Tasks:

Planning, coordination and implementation of the design effectiveness and operating effectiveness testings
Documentation of processes and process controls
Optimisation of processes and process controls

Methods:

Implementation aligned with the COSO risk based approach
MS Office
iScala ERP
MS Visual Basic for Applications (VBA)

Sector / Client:�� Hitachi Power Europe GmbH

Project Title:�� SOX@Hitachi Power 2009

Duty Station:�� Duisburg, Germany

Date:�� 07-09/2009

Project Description:

Optimisation of the cost-benefit-relationship within the Internal Control System in the framework of the Enterprise Risk Management (ERM) based on COSO.Analysis of the optimisation potential of the Internal Control System after the 3rd year of implementation.Re-enginereering and documentation of process steps and process controls, according to the identified optimisation potential.

�

Role:

Sub-Project Manager

Tasks:

Advisory to the project manager with regards to the implementation of theInternal Control System
Analysis of the SOX relevant intermal control system documentation.
Identification of optimisation potential of the Internal Control System.
Optimisation of processes and process controls.
Coordination of the implementation of new and changed process and process controls.

Methods:

Implementation of a SOX conform Internal Control System, based on the SOX Cycle.
COSO based risk approach oriented implementation of the identified optimisation potential
Development of Internal Control System reporting tools to support Management during the annual SOX Cycle.

Sector/Client:�� International Commercial Vehicle Producer (anonymous)

Project Title:�� Fraud Investigation

Duty Station:�� Munich, Germany

Date:�� 07?08/2009

Project Description:

Investigation and clarification of allegedfraud and bribery incidents within a global commercial vehicle producer.Data collection and data analysis of external cash-flow.

�

Role:

Sub-project Manager

Tasks:

Scoping of the data requirements of the SAP and Legacy-Systems for the forensic data analysis of the company und diverse subsidiary companies
Evaluation of the local data requirements with the IT responsibles in the company und diverse subsidiary companies
Data preparation/data mappingwith MS Access, according to the set data analysis requirements
Support during the programming of a Case-Management-Tool with Visual Basic for Applications (VBA)

Methods:

MS Office (Access, Excel, Word)
SAP FI/CO
Legacy-Systems

Sector/Client:�� PricewaterhouseCoopers AG WPG

Project Title:�� Unit Sustainable Business Solutions (internal secondment)

Duty Station:�� Frankfurta.M., Germany

Date:�� 05?10/2009

Project Description:

Market research and product development for sustainable business practices and solutions in the business unit ?Sustainable Business Solutions?, in the context of an internal secondment.Focus on the Chemical &Pharma and the Financial Services Sectors.

Support during the elaboration and translation (English to French)of a process handbook in the framework of the ?Cotton made in Africa? (CmiA) project.

�

Role:

Sub-project Manager

Tasks:

Market research for the evaluation of the market potential of sustainable business solutions.
Product development through the transfer of the risk-oriented Enterprise Risk Management approachbased on COSOto issues related to Corporate Responsibility.
Translation and conception of a process handbook (French language)

Methods:

ERM based on COSO
MS Office
MS Visual Basic for Applications (VBA)

Sector/Client:�� Hitachi Metals Europe GmbH

Project Title:�� SOX@Hitachi Metals 2008

Duty Station:�� D�sseldorf, Germany

Date:�� 09/2008 ? 05/2009

Project Description:

Compliance with the Sarbanes Oxley Act (SOX) requirements through the implementation of an Internal Control Systembased on the COSO framework.Documentation and testing oft he processes and process controls.

�

Role:

Sub-project Manager

Tasks:

Documentation of the process landscape and of the integrated process controls
Implementation of the Testing-Phase of the Internal Control System implementation project
Documentation of results, discussion of results with the client and presentation of improvement recommendations
Development of IT toolsto support testing and status reporting

Methods:

ERM and Internal Control System based on COSO
MS Office
iScala ERP
MS Visual Basic for Applications (VBA)

Sector/Client:�� Bundeswehr

Project Title:�� Activity- und Workflow Mapping in federal SOA-Systems

Duty Station:�� Mainz, Germany

Date:�� 01?06/2008

Project Description:

Project staff in the Global Business Services Unit of IBM Deutschland GmbH within the framework of a study for the Bundeswehr(national military) for the identification of the potential to use service-oriented architectures (SOA) in the field.

�

Role:

Researcher& Developer

Tasks:

Analysis of diversefederation scenarios of support teams in case of disasters or emergencies
Analysis and documentation of the optimal, service-oriented IT-support of the focused federation scenarios
Analysis of the use of artificial intelligence (AI algorythms) for the automatic mapping of activities and workflows

Methods:

Java
IBM WebsphereApplciation Server
IBM WebsphereMessage Broker
IBM Websphere Enterprise Service Bus
IBM Websphere Service Registry and Repository

Sector/Client:�� SAP Research

Project Title:�� Business Process Execution Language Extension for People (BPEL4People)

Duty Station:�� Sophia-Antipolis, France

Date:�� 10/2006 ? 04/2007

Project Description:

Project staff within an international team in the business unit Security & Trust of the SAP Labs France.Support during the standardization process of the Business Process Execution Language Extension for People (BPEL4People) of SAP AG in cooperation with IBM.

�

Role:

Researcher&Developer

Tasks:

Analysis of the security aspects of the design of both BPEL4People und Web Services Human Tasks (WS-HumanTask) components
Documentationoftheresults
Discussion of the results with the standardization committee of the SAP AG in Walldorf
Implementation of prototypes for the evaluation of the results

Methods:

Java
SAP Netweaver
BPEL4People and WS-HumanTask
Further WS* Standards

older projects on request

Aus- und Weiterbildung

Certifications

ITIL V3 Foundation Certificate,� APM Group Ltd, Buckinghamshire

COBIT Practitioner, ISACA Germany Chapter, Frankfurt

Auditing of SAP Systems on all layers (network, OS, database, application), IBS Schreiber, Hamburg

Education

2008

Diploma / M.Sc. Thesis at IBM Global Business Services in Mainz, Germany (department Security & Defense)

2001- 2008

Studies in Business Computer Science at University of Technology Darmstadt, Germany (final grade 1.9)

Position

My main fields of work are:�

Program- and Project Management, Expert Consulting and Coaching
IT Audit (infrastructure, database, mobile, SB, applications, programs, projects)
Governance, Risk and Regulatory Compliance
Interface between IT and Business

Kompetenzen

Top-Skills

IT Governance, Risk & Security (IT GRC)

Aufgabenbereiche

MS Project

Produkte / Standards / Erfahrungen / Methoden

COBIT 4.1

Core Banking Systems

COSO ERM

Different infrastructuretechnologies

Enterprise Architect

HP Quality Center

Informatica ETL Engine

ITIL v3

MS Office

PwC Standard audit method for ITGC and Internal Control Systems

SAP FI/CO

SAP-FI

SAP/R3

Typo 3 CMS

Applications:��

HP ALM, HP QC, Dell One Identity Manager, QuickView, VMWare, IKV, KVS, Lotus Notes, Outlook, Agiliance/RiskVision, MS Sharepoint, IBM Tivoli Netcool, Tivoli Storage Manager, Control-M,

Microsoft Office, Microsoft Visio, Microsoft Project, VASCO Identity Solutions, VacMan Controller, GINI, VirtualForge CodeProfiler and SystemProfiler

Core Banking Systems:��

SAP DM, SAP CML, SAP BP, Partenon, diverse mainframe (z/OS) based individual solutions

Content Management:��

RedDot, Typo 3

ETL:��

Informatica, Elixir

Development Tools:��

Toad for Oracle, SQL Developer, Eclipse, Tortoise SVN

Web- & Applicationserver:��

Weblogic, JBoss, Apache Tomcat, Window Server, MS Internet Information Server, SAP Netweaver Application Server, WebSphere

Further IT Skills:��

SOA and Web Services, Workflow Modelling (IBM Websphere, ActiveBPEL Designer, ActiveBPEL Engine and others

Expertise & Focus Areas

Program & Project Management:
Program- and Project Management (agile, SCRUM, waterfall) in international environments in the area of financial services and other industries. Interim management, securities processing, cash management, securities custody, lending and credit processing, regulatory compliance (e.g. SOX, FATCA, CRS, WpHG, MaRisk, Solvency 2 etc.), KYC & client onboarding, AML, trade surveillance, outsourcing management, identity & access management (ID&M/IAM), online banking, online brokerage, mobile banking, mobile trading, electronic banking (i.a. EBICS, SWIFT), disaster recovery, business continuity management, business analysis, process analysis, process management, requirements analysis, requirements engineering, requirements management, test management, resource planning, PMO, SB-terminals, service level agreements,

Governance, Risk & Compliance

IT audit (processes, infrastructure, database, mobile, self-service banking (SB), applications, programs, projects), IT risk management and IT governance according to COSO and COBIT, internal control systems (conception, implementation and testing), IT-SOX, IT J-SOX, fraud investigation, KWG, anti-terrorism and sanction adherence. Strong expertise with main global regulators (e.g. MAS, FED, FSA, ECB, BaFin), application security monitoring, SIEM, segregation of duties (SoD), 4-eye-principles and respective control implementation.

Further Expertise

IT strategy, market research, data analysis, data quality management, quality assurance, IT and cyber security, threat & vulnerability management, data leakage prevention, digitalization programs/projects and inititatives, SOA, web service standards, coaching and workshops.

Experience

2016 - today

Management Consultant as Freelancer

2012 ? 2016

Principal Auditor IT at a major global Investment Bank

2011 - 2012

Senior Consultant at Cassini Consulting, Germany

2008 - 2010

Consultant at PWC for Governance, Risk & Compliance, Germany

2006 - 2007�

6 months internship at SAP AG, Department for Security & Trust located in France

Betriebssysteme

DOS

HP-NonStop

Linux

OpenVMS

SECOM

TACL

Tandem OS

Unix

Windows

Programmiersprachen

ABAP

C++

Cobol

CSS

HTML

Java

JavaScript

OPL

PHP

SQL

TACL

VBA

WS-* Standards

XML

XSLT

Datenbanken

DB2

MS Access

MSSQL

MySQL

Oracle

Hardware

Alcatel

Bladelogic

Cisco

Mainframce z/OS

Novell

Branchen

Financial Service Providers

Conglomerate � � � � � � � � �

Transport &Logistics

Industrial Metals

Plant Engineering

ConsumptionGoods

Security Technology

Consultancy & �Auditing � � � � � � � � � � � � � � ��

Energy Providers

IT, Elektronik & Hightech

Einsatzorte

L�nder

Deutschland, Schweiz, �sterreich

Remote-Arbeit

m�glich

Projekte

4 Jahre 2 Monate

2017-07 - 2021-08

IT Risk Management and IT Key Control Testing

Management Consultant and (Multi-)Projectmanager Kanban agile

Rolle

Management Consultant and (Multi-)Projectmanager

Projektinhalte

Kenntnisse

Kanban agile

Einsatzort

Frankfurt am Main

6 Monate

2017-01 - 2017-06

Interim Internal Audit Function

Interim Audit Manager & Consultant

Rolle

Interim Audit Manager & Consultant

Projektinhalte

Interim Audit Function over all areas. Audit Management, Consultation and Audit Conduction.

Kunde

Sparkasse Finanzinformatik Solutions Plus

Einsatzort

Frankfurt am Main

3 Jahre 11 Monate

2012-12 - 2016-10

Lead Auditor IT in a major global investmant bank, managing global interdisciplinary audit projects with up to 10 auditors and up to 250 man days of budget.

Lead IT Auditor

Rolle

Lead IT Auditor

Projektinhalte

NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.

Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:

Audit planning (plan, resources, scope) and stakeholder management (auditees, senior management, external vendors like IBM, GFT, HCL, CGI, SMC and many others). Fieldwork performance and management. Audit reporting and findings agreement. Audit and vendor coverage management.

I managed audits and performed fieldwork by myself for the following areas:

Regulatory compliance, e.g. for FATCA, SOX and respective compliance implementation projects and operations. Analysis of requirements, test coverage and sufficient operational controls.
Auditing of large scale change and digitalization initiatives, programs and sub-projects with following topics:
- Analysis of adequate program setup and respective governance structures incl. senior management steering committees and their setup (incl. PMO, risk & issue tracking/management) over all phases of programs (planning, implementation, testing incl. UAT, go-live and post go-live). Analysis of quality management measures, adequate security concepts and sufficient non-functional requirements consideration.
- Roll-out of a lending core banking system (SAP CML) and migration of data from legacy systems.
- SEPA compliance and respective implementation projects.
- Implementation of a consolidated risk rating engine after a merger & acquisition (M&A) with another major bank.

Analysis of corporate outsourcing and intra-group service governance and processes in an environment with 10.000+ vendors incl. strategic, large scale outsourcing deals including full datacenters and major parts of IT infrastructure and application landscape. Analysis of service level agreements, statements of work, contracts respective KPI setup for tracking/monitoring of service delivery and adequate governance structures and processes.
Analysis of global program governance frameworks aimed for usage in a worldwide scale in all countries and subsidiaries.
Analysis of online and mobile banking and brokerage propositions in various countries (i.a. Germany, Belgium, India) incl. adequate data leakage prevention, IT and cyber security measures, availability/DR/BCM, scalability, identity & access management for clients (tokens, authentication and authorization apps), processes and governance incl. payments transactions and processing. Validation of compliance to regulations like SecuRePay, MASI, MaRisk.
Analysis of direct electronic banking channels for corporate clients (e.g. EBICS, SWIFT) and respective software and appplications.
Cash management for corporates incl. governance, processes, daily reconciliations etc.
Securities processing, custody, trading and brokerage with direct connections to global stock exchanges (e.g. Deutsche Börse, Euronext). Validation of compliance to local securities trading acts (e.g. WpHG).
Setup of a global SAP governance framework with 30+ SAP instances incl. governance processes for patching, system security and code management using VirtualForge CodeProfiler and SystemProfiler. Found issue remediation in system configuration and ABAP and Java code. Validation of underlying infrastructure security regarding vulnerability and (cyber-)threats on OS and database level.
Auditing of self-service banking (SB) governance, processes and infrastructure (SB-terminals). Intrusion protection of SB-terminals, terminal software development, testing and deployment management incl. payments transactions and processing.
Analysis of anti-money laundering (AML) and know-your-client (KYC) processes during onboarding of clients. Validation of compliance, adequate governance and process setup incl. status senior management reporting.
Validation of mobile application management of the bank, incl. processes around development, testing, and app-store upload/deployment (Windows Mobile, iOS, Android).

Kunde

Financial Industry

Einsatzort

Frankfurt, Germany

1 Jahr 8 Monate

2011-05 - 2012-12

Carve-out SEB Retail Branch

Project Manager

Rolle

Project Manager

Projektinhalte

Project Description:

Tasks:

Data Quality Management
Data Analysis
Coordination of multipleProject Activities in international projects
Business Analysis
Defectmanagement in the ETL-Environment
Moderation ofworkshops, performance ofinterviews for analysis and information gaining purposes.
Process Development
Several Activities in the area of customer master data as well as in the area of private and merchant bank accounts, loans and avales.

Produkte

Oracle DB2 Informatica ETL Engine HP Quality Center Core Banking Systems MS Office MS Project Enterprise Architect

Kunde

SEB Bank / Banco Santander

Einsatzort

Frankfurt, Germany

Rolle

Project Manager

Projektinhalte

Project Description:

Tasks:

Planning and coordination of the Risk Management System Audit and its implementation in the organization
Identification and mitigation of undetected risks
Restructuring of processes and process controls
Moderation of workshops, performance of interviews for analysis and information retrieval
Coaching and expert consulting

Produkte

? Auditing of IT processes and the IT organisation compliant with standards like IDW PS 330; PCAOB und ISA COSO ERM ITIL v3 COBIT 4.1

Kunde

EnBW SystemeInfrastruktur Support GmbH

Einsatzort

Karlsruhe, Germany

11 Monate

2010-01 - 2010-11

SOX Implementation Heidelberger Leben / Clerical Medical Europe

Sub-project Manager

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Tasks:

Establishment of a baseline and analysis of the quality and quantity of available risk management system documentation
Analysis of the existing processes and process controls
Gap-Analysis based on the requirements of theSarbanes Oxley Act
Optimisation of processes and process controls
Coordination oft he implementation and documentation of new and adapted processes and process controls

Produkte

Kunde

Lloyds Banking Group plc, London

Einsatzort

Heidelberg, Germany; Maastricht,Netherlands; Luxemburg

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Audit of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the annual audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Produkte

SAP FI/CO Different infrastructuretechnologies PwC Standard audit method for ITGC and Internal Control Systems

Kunde

Bernstein AG, Porta Westfalica

Rolle

Sub-project Manager

Projektinhalte

Project Description:

Audit of the Internal Control System within the context of the annual audit for 2009.

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009

Produkte

PwC Standard audit method for Internal Control Systems

Kunde

Stahlwerk Bous GmbH, Bous

Einsatzort

Bous, Germany

Sector / Client:�� Duni GmbH, Bramsche

Project Title:�� Annual Audit 2009

Duty Station:�� Bramsche, Germany

Date:�� 11/2009

Project Description:

Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.

�

Role:

Sub-project Manager

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Methods:

PwC Standard audit method for ITGCs and Internal Control Systems
Diverse IT Infrastructure Technologies
SAP R/3

Sector / Client:�� KCA Deutag GmbH, Bad Bentheim

Project Title:�� Annual Audit 2009

Duty Station:�� Bad Bentheim, Germany

Date:�� 11/2009

Project Description:

Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual final audit of 2009.

�

Role:

Sub-project Manager

Tasks:

Documentation and analysis of the status of the ITGC and the Internal Control System
Documentation of the results for the elaboration of the audit report for 2009
Presentation, analysis and discussion of the results with the client
Presentationofimprovementrecommendations

Methods:

PwC Standard audit method for ITGCs and Internal Control Systems
Diverse IT Infrastructure Technologies
SAP ASAP�

Sector / Client:�� Tyco Group, Schaffhausen (Schweiz)

Project Title:�� 3rd Party Risk Assessment 2009/2010

Duty Station:�� Munich, Germany

Date:�� 10?11/2009

Project Description:

Coordination of the Risk Assessment of a total of 30,000 suppliers and clients (third parties) of the Tyco Group and its subsidiary companies.

�

Role:

Senior Business Analyst

Tasks:

Preparation and mailing of the Risk Assessment Surveys to the third parties, as well as documentation and analysis of answers
Optimisation of the processes and procedures within the Project Management Office
Development of an automized tool for the processing of the received third party data
Quality assurance of the daily, weekly and monthly status reporting

Methods:

Intensive use of MS Excel and MS Powerpoint
Development of automatized tools based on MS Visual Basic for Applications (VBA)
Compliance with predefined quality standards forproject status reporting

Sector / Client:�� Hitachi Metals Europe GmbH

Project Title:�� SOX@Hitachi Metals 2009

Duty Station:�� D�sseldorf, Germany

Date:�� 10/2009 ? 04/2010

Project Description:

�

Role:

Sub-project Manager

Tasks:

Planning, coordination and implementation of the design effectiveness and operating effectiveness testings
Documentation of processes and process controls
Optimisation of processes and process controls

Methods:

Implementation aligned with the COSO risk based approach
MS Office
iScala ERP
MS Visual Basic for Applications (VBA)

Sector / Client:�� Hitachi Power Europe GmbH

Project Title:�� SOX@Hitachi Power 2009

Duty Station:�� Duisburg, Germany

Date:�� 07-09/2009

Project Description:

�

Role:

Sub-Project Manager

Tasks:

Advisory to the project manager with regards to the implementation of theInternal Control System
Analysis of the SOX relevant intermal control system documentation.
Identification of optimisation potential of the Internal Control System.
Optimisation of processes and process controls.
Coordination of the implementation of new and changed process and process controls.

Methods:

Implementation of a SOX conform Internal Control System, based on the SOX Cycle.
COSO based risk approach oriented implementation of the identified optimisation potential
Development of Internal Control System reporting tools to support Management during the annual SOX Cycle.

Sector/Client:�� International Commercial Vehicle Producer (anonymous)

Project Title:�� Fraud Investigation

Duty Station:�� Munich, Germany

Date:�� 07?08/2009

Project Description:

Investigation and clarification of allegedfraud and bribery incidents within a global commercial vehicle producer.Data collection and data analysis of external cash-flow.

�

Role:

Sub-project Manager

Tasks:

Scoping of the data requirements of the SAP and Legacy-Systems for the forensic data analysis of the company und diverse subsidiary companies
Evaluation of the local data requirements with the IT responsibles in the company und diverse subsidiary companies
Data preparation/data mappingwith MS Access, according to the set data analysis requirements
Support during the programming of a Case-Management-Tool with Visual Basic for Applications (VBA)

Methods:

MS Office (Access, Excel, Word)
SAP FI/CO
Legacy-Systems

Sector/Client:�� PricewaterhouseCoopers AG WPG

Project Title:�� Unit Sustainable Business Solutions (internal secondment)

Duty Station:�� Frankfurta.M., Germany

Date:�� 05?10/2009

Project Description:

Support during the elaboration and translation (English to French)of a process handbook in the framework of the ?Cotton made in Africa? (CmiA) project.

�

Role:

Sub-project Manager

Tasks:

Market research for the evaluation of the market potential of sustainable business solutions.
Product development through the transfer of the risk-oriented Enterprise Risk Management approachbased on COSOto issues related to Corporate Responsibility.
Translation and conception of a process handbook (French language)

Methods:

ERM based on COSO
MS Office
MS Visual Basic for Applications (VBA)

Sector/Client:�� Hitachi Metals Europe GmbH

Project Title:�� SOX@Hitachi Metals 2008

Duty Station:�� D�sseldorf, Germany

Date:�� 09/2008 ? 05/2009

Project Description:

�

Role:

Sub-project Manager

Tasks:

Documentation of the process landscape and of the integrated process controls
Implementation of the Testing-Phase of the Internal Control System implementation project
Documentation of results, discussion of results with the client and presentation of improvement recommendations
Development of IT toolsto support testing and status reporting

Methods:

ERM and Internal Control System based on COSO
MS Office
iScala ERP
MS Visual Basic for Applications (VBA)

Sector/Client:�� Bundeswehr

Project Title:�� Activity- und Workflow Mapping in federal SOA-Systems

Duty Station:�� Mainz, Germany

Date:�� 01?06/2008

Project Description:

�

Role:

Researcher& Developer

Tasks:

Analysis of diversefederation scenarios of support teams in case of disasters or emergencies
Analysis and documentation of the optimal, service-oriented IT-support of the focused federation scenarios
Analysis of the use of artificial intelligence (AI algorythms) for the automatic mapping of activities and workflows

Methods:

Java
IBM WebsphereApplciation Server
IBM WebsphereMessage Broker
IBM Websphere Enterprise Service Bus
IBM Websphere Service Registry and Repository

Sector/Client:�� SAP Research

Project Title:�� Business Process Execution Language Extension for People (BPEL4People)

Duty Station:�� Sophia-Antipolis, France

Date:�� 10/2006 ? 04/2007

Project Description:

�

Role:

Researcher&Developer

Tasks:

Analysis of the security aspects of the design of both BPEL4People und Web Services Human Tasks (WS-HumanTask) components
Documentationoftheresults
Discussion of the results with the standardization committee of the SAP AG in Walldorf
Implementation of prototypes for the evaluation of the results

Methods:

Java
SAP Netweaver
BPEL4People and WS-HumanTask
Further WS* Standards

older projects on request

Aus- und Weiterbildung

Certifications

ITIL V3 Foundation Certificate,� APM Group Ltd, Buckinghamshire

COBIT Practitioner, ISACA Germany Chapter, Frankfurt

Auditing of SAP Systems on all layers (network, OS, database, application), IBS Schreiber, Hamburg

Education

2008

Diploma / M.Sc. Thesis at IBM Global Business Services in Mainz, Germany (department Security & Defense)

2001- 2008

Studies in Business Computer Science at University of Technology Darmstadt, Germany (final grade 1.9)

Position

My main fields of work are:�

Program- and Project Management, Expert Consulting and Coaching
IT Audit (infrastructure, database, mobile, SB, applications, programs, projects)
Governance, Risk and Regulatory Compliance
Interface between IT and Business

Kompetenzen

Top-Skills

IT Governance, Risk & Security (IT GRC)

Aufgabenbereiche

MS Project

Produkte / Standards / Erfahrungen / Methoden

COBIT 4.1

Core Banking Systems

COSO ERM

Different infrastructuretechnologies

Enterprise Architect

HP Quality Center

Informatica ETL Engine

ITIL v3

MS Office

PwC Standard audit method for ITGC and Internal Control Systems

SAP FI/CO

SAP-FI

SAP/R3

Typo 3 CMS

Applications:��

HP ALM, HP QC, Dell One Identity Manager, QuickView, VMWare, IKV, KVS, Lotus Notes, Outlook, Agiliance/RiskVision, MS Sharepoint, IBM Tivoli Netcool, Tivoli Storage Manager, Control-M,

Microsoft Office, Microsoft Visio, Microsoft Project, VASCO Identity Solutions, VacMan Controller, GINI, VirtualForge CodeProfiler and SystemProfiler

Core Banking Systems:��

SAP DM, SAP CML, SAP BP, Partenon, diverse mainframe (z/OS) based individual solutions

Content Management:��

RedDot, Typo 3

ETL:��

Informatica, Elixir

Development Tools:��

Toad for Oracle, SQL Developer, Eclipse, Tortoise SVN

Web- & Applicationserver:��

Weblogic, JBoss, Apache Tomcat, Window Server, MS Internet Information Server, SAP Netweaver Application Server, WebSphere

Further IT Skills:��

SOA and Web Services, Workflow Modelling (IBM Websphere, ActiveBPEL Designer, ActiveBPEL Engine and others

Expertise & Focus Areas

Governance, Risk & Compliance

Further Expertise

Experience

2016 - today

Management Consultant as Freelancer

2012 ? 2016

Principal Auditor IT at a major global Investment Bank

2011 - 2012

Senior Consultant at Cassini Consulting, Germany

2008 - 2010

Consultant at PWC for Governance, Risk & Compliance, Germany

2006 - 2007�

6 months internship at SAP AG, Department for Security & Trust located in France

Betriebssysteme

DOS

HP-NonStop

Linux

OpenVMS

SECOM

TACL

Tandem OS

Unix

Windows

Programmiersprachen

ABAP

C++

Cobol

CSS

HTML

Java

JavaScript

OPL

PHP

SQL

TACL

VBA

WS-* Standards

XML

XSLT

Datenbanken

DB2

MS Access

MSSQL

MySQL

Oracle

Hardware

Alcatel

Bladelogic

Cisco

Mainframce z/OS

Novell

Branchen

Financial Service Providers

Conglomerate � � � � � � � � �

Transport &Logistics

Industrial Metals

Plant Engineering

ConsumptionGoods

Security Technology

Consultancy & �Auditing � � � � � � � � � � � � � � ��

Energy Providers

IT, Elektronik & Hightech

Vertrauen Sie auf GULP

Im Bereich Freelancing

Im Bereich Arbeitnehmer�berlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Name E-Mail-Adresse Ihre Frage

Telefonnummer Unternehmen

Ich habe die Datenschutzbestimmungen gelesen und bin damit einverstanden.

Das GULP Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.