Various roles in various projects (Consulting) covering IT Risk Management topics and evaluations of the bank-wide Internal Control System including Interim Management and Consultation in projects and departments.
Interim Audit Function over all areas. Audit Management, Consultation and Audit Conduction.
NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.
Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:
I managed audits and performed fieldwork by myself for the following areas:
Project Description:
(Co-)Workstream Lead in the carve-out project of the SEB Retail Banking branch and the following migration of data and systems (Group IT Germany). Interface between the teams of Banco Santander and SEB.
Tasks:
Project Description:
Validation of the risk and compliance environment of IT processes. Coaching and expert consulting regarding IT governance, risk and compliance. Analysis and optimisation of processes.Reorganisation and optimisation of IT controls and IT control functions.
Tasks:
Project Description:
Operationalisation of the Enterprise Risk Management (ERM) and development of an Internal Control System, based on the requirements of Sarbanes Oxley Act’s Section 404 (SOX).Analysis of the baseline situation, including a Gap-Analysis.documentation of the relevantprocess and process controls.
Tasks:
Project Description:
Audit of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Tasks:
Project Description:
Audit of the Internal Control System within the context of the annual audit for 2009.
Tasks:
Sector / Client: Duni GmbH, Bramsche
Project Title: Annual Audit 2009
Duty Station: Bramsche, Germany
Date: 11/2009
Project Description:
Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Role:
Tasks:
Methods:
Sector / Client: KCA Deutag GmbH, Bad Bentheim
Project Title: Annual Audit 2009
Duty Station: Bad Bentheim, Germany
Date: 11/2009
Project Description:
Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual final audit of 2009.
Role:
Tasks:
Methods:
Sector / Client: Tyco Group, Schaffhausen (Schweiz)
Project Title: 3rd Party Risk Assessment 2009/2010
Duty Station: Munich, Germany
Date: 10?11/2009
Project Description:
Coordination of the Risk Assessment of a total of 30,000 suppliers and clients (third parties) of the Tyco Group and its subsidiary companies.
Role:
Tasks:
Methods:
Sector / Client: Hitachi Metals Europe GmbH
Project Title: SOX@Hitachi Metals 2009
Duty Station: Düsseldorf, Germany
Date: 10/2009 ? 04/2010
Project Description:
Projectfor the continuation of the implementation and optimisation of an Internal Control System compliant with SOX section 404 in the context of Enterprise Risk Management (ERM) based on COSO. Documentation and coordination of the testing process and process controls in the sales department.
Role:
Tasks:
Methods:
Sector / Client: Hitachi Power Europe GmbH
Project Title: SOX@Hitachi Power 2009
Duty Station: Duisburg, Germany
Date: 07-09/2009
Project Description:
Optimisation of the cost-benefit-relationship within the Internal Control System in the framework of the Enterprise Risk Management (ERM) based on COSO.Analysis of the optimisation potential of the Internal Control System after the 3rd year of implementation.Re-enginereering and documentation of process steps and process controls, according to the identified optimisation potential.
Role:
Tasks:
Methods:
Sector/Client: International Commercial Vehicle Producer (anonymous)
Project Title: Fraud Investigation
Duty Station: Munich, Germany
Date: 07?08/2009
Project Description:
Investigation and clarification of allegedfraud and bribery incidents within a global commercial vehicle producer.Data collection and data analysis of external cash-flow.
Role:
Tasks:
Methods:
Sector/Client: PricewaterhouseCoopers AG WPG
Project Title: Unit Sustainable Business Solutions (internal secondment)
Duty Station: Frankfurta.M., Germany
Date: 05?10/2009
Project Description:
Market research and product development for sustainable business practices and solutions in the business unit ?Sustainable Business Solutions?, in the context of an internal secondment.Focus on the Chemical &Pharma and the Financial Services Sectors.
Support during the elaboration and translation (English to French)of a process handbook in the framework of the ?Cotton made in Africa? (CmiA) project.
Role:
Tasks:
Methods:
Sector/Client: Hitachi Metals Europe GmbH
Project Title: SOX@Hitachi Metals 2008
Duty Station: Düsseldorf, Germany
Date: 09/2008 ? 05/2009
Project Description:
Compliance with the Sarbanes Oxley Act (SOX) requirements through the implementation of an Internal Control Systembased on the COSO framework.Documentation and testing oft he processes and process controls.
Role:
Tasks:
Methods:
Sector/Client: Bundeswehr
Project Title: Activity- und Workflow Mapping in federal SOA-Systems
Duty Station: Mainz, Germany
Date: 01?06/2008
Project Description:
Project staff in the Global Business Services Unit of IBM Deutschland GmbH within the framework of a study for the Bundeswehr(national military) for the identification of the potential to use service-oriented architectures (SOA) in the field.
Role:
Tasks:
Methods:
Sector/Client: SAP Research
Project Title: Business Process Execution Language Extension for People (BPEL4People)
Duty Station: Sophia-Antipolis, France
Date: 10/2006 ? 04/2007
Project Description:
Project staff within an international team in the business unit Security & Trust of the SAP Labs France.Support during the standardization process of the Business Process Execution Language Extension for People (BPEL4People) of SAP AG in cooperation with IBM.
Role:
Tasks:
Methods:
older projects on request
Certifications
ITIL V3 Foundation Certificate, APM Group Ltd, Buckinghamshire
COBIT Practitioner, ISACA Germany Chapter, Frankfurt
Auditing of SAP Systems on all layers (network, OS, database, application), IBS Schreiber, Hamburg
Education
2008
2001- 2008
My main fields of work are:
Applications:
HP ALM, HP QC, Dell One Identity Manager, QuickView, VMWare, IKV, KVS, Lotus Notes, Outlook, Agiliance/RiskVision, MS Sharepoint, IBM Tivoli Netcool, Tivoli Storage Manager, Control-M,
Microsoft Office, Microsoft Visio, Microsoft Project, VASCO Identity Solutions, VacMan Controller, GINI, VirtualForge CodeProfiler and SystemProfiler
Core Banking Systems:
SAP DM, SAP CML, SAP BP, Partenon, diverse mainframe (z/OS) based individual solutions
Content Management:
RedDot, Typo 3
ETL:
Informatica, Elixir
Development Tools:
Toad for Oracle, SQL Developer, Eclipse, Tortoise SVN
Web- & Applicationserver:
Weblogic, JBoss, Apache Tomcat, Window Server, MS Internet Information Server, SAP Netweaver Application Server, WebSphere
Further IT Skills:
SOA and Web Services, Workflow Modelling (IBM Websphere, ActiveBPEL Designer, ActiveBPEL Engine and others
Expertise & Focus Areas
Program & Project Management:
Program- and Project Management (agile, SCRUM, waterfall) in international environments in the area of financial services and other industries. Interim management, securities processing, cash management, securities custody, lending and credit processing, regulatory compliance (e.g. SOX, FATCA, CRS, WpHG, MaRisk, Solvency 2 etc.), KYC & client onboarding, AML, trade surveillance, outsourcing management, identity & access management (ID&M/IAM), online banking, online brokerage, mobile banking, mobile trading, electronic banking (i.a. EBICS, SWIFT), disaster recovery, business continuity management, business analysis, process analysis, process management, requirements analysis, requirements engineering, requirements management, test management, resource planning, PMO, SB-terminals, service level agreements,
Governance, Risk & Compliance
IT audit (processes, infrastructure, database, mobile, self-service banking (SB), applications, programs, projects), IT risk management and IT governance according to COSO and COBIT, internal control systems (conception, implementation and testing), IT-SOX, IT J-SOX, fraud investigation, KWG, anti-terrorism and sanction adherence. Strong expertise with main global regulators (e.g. MAS, FED, FSA, ECB, BaFin), application security monitoring, SIEM, segregation of duties (SoD), 4-eye-principles and respective control implementation.
Further Expertise
IT strategy, market research, data analysis, data quality management, quality assurance, IT and cyber security, threat & vulnerability management, data leakage prevention, digitalization programs/projects and inititatives, SOA, web service standards, coaching and workshops.
Experience
2016 - today
Management Consultant as Freelancer
2012 ? 2016
Principal Auditor IT at a major global Investment Bank
2011 - 2012
Senior Consultant at Cassini Consulting, Germany
2008 - 2010
Consultant at PWC for Governance, Risk & Compliance, Germany
2006 - 2007
6 months internship at SAP AG, Department for Security & Trust located in France
Financial Service Providers
Conglomerate
Transport &Logistics
Industrial Metals
Plant Engineering
ConsumptionGoods
Security Technology
Consultancy & Auditing
Energy Providers
IT, Elektronik & Hightech
Various roles in various projects (Consulting) covering IT Risk Management topics and evaluations of the bank-wide Internal Control System including Interim Management and Consultation in projects and departments.
Interim Audit Function over all areas. Audit Management, Consultation and Audit Conduction.
NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.
Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:
I managed audits and performed fieldwork by myself for the following areas:
Project Description:
(Co-)Workstream Lead in the carve-out project of the SEB Retail Banking branch and the following migration of data and systems (Group IT Germany). Interface between the teams of Banco Santander and SEB.
Tasks:
Project Description:
Validation of the risk and compliance environment of IT processes. Coaching and expert consulting regarding IT governance, risk and compliance. Analysis and optimisation of processes.Reorganisation and optimisation of IT controls and IT control functions.
Tasks:
Project Description:
Operationalisation of the Enterprise Risk Management (ERM) and development of an Internal Control System, based on the requirements of Sarbanes Oxley Act’s Section 404 (SOX).Analysis of the baseline situation, including a Gap-Analysis.documentation of the relevantprocess and process controls.
Tasks:
Project Description:
Audit of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Tasks:
Project Description:
Audit of the Internal Control System within the context of the annual audit for 2009.
Tasks:
Sector / Client: Duni GmbH, Bramsche
Project Title: Annual Audit 2009
Duty Station: Bramsche, Germany
Date: 11/2009
Project Description:
Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Role:
Tasks:
Methods:
Sector / Client: KCA Deutag GmbH, Bad Bentheim
Project Title: Annual Audit 2009
Duty Station: Bad Bentheim, Germany
Date: 11/2009
Project Description:
Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual final audit of 2009.
Role:
Tasks:
Methods:
Sector / Client: Tyco Group, Schaffhausen (Schweiz)
Project Title: 3rd Party Risk Assessment 2009/2010
Duty Station: Munich, Germany
Date: 10?11/2009
Project Description:
Coordination of the Risk Assessment of a total of 30,000 suppliers and clients (third parties) of the Tyco Group and its subsidiary companies.
Role:
Tasks:
Methods:
Sector / Client: Hitachi Metals Europe GmbH
Project Title: SOX@Hitachi Metals 2009
Duty Station: Düsseldorf, Germany
Date: 10/2009 ? 04/2010
Project Description:
Projectfor the continuation of the implementation and optimisation of an Internal Control System compliant with SOX section 404 in the context of Enterprise Risk Management (ERM) based on COSO. Documentation and coordination of the testing process and process controls in the sales department.
Role:
Tasks:
Methods:
Sector / Client: Hitachi Power Europe GmbH
Project Title: SOX@Hitachi Power 2009
Duty Station: Duisburg, Germany
Date: 07-09/2009
Project Description:
Optimisation of the cost-benefit-relationship within the Internal Control System in the framework of the Enterprise Risk Management (ERM) based on COSO.Analysis of the optimisation potential of the Internal Control System after the 3rd year of implementation.Re-enginereering and documentation of process steps and process controls, according to the identified optimisation potential.
Role:
Tasks:
Methods:
Sector/Client: International Commercial Vehicle Producer (anonymous)
Project Title: Fraud Investigation
Duty Station: Munich, Germany
Date: 07?08/2009
Project Description:
Investigation and clarification of allegedfraud and bribery incidents within a global commercial vehicle producer.Data collection and data analysis of external cash-flow.
Role:
Tasks:
Methods:
Sector/Client: PricewaterhouseCoopers AG WPG
Project Title: Unit Sustainable Business Solutions (internal secondment)
Duty Station: Frankfurta.M., Germany
Date: 05?10/2009
Project Description:
Market research and product development for sustainable business practices and solutions in the business unit ?Sustainable Business Solutions?, in the context of an internal secondment.Focus on the Chemical &Pharma and the Financial Services Sectors.
Support during the elaboration and translation (English to French)of a process handbook in the framework of the ?Cotton made in Africa? (CmiA) project.
Role:
Tasks:
Methods:
Sector/Client: Hitachi Metals Europe GmbH
Project Title: SOX@Hitachi Metals 2008
Duty Station: Düsseldorf, Germany
Date: 09/2008 ? 05/2009
Project Description:
Compliance with the Sarbanes Oxley Act (SOX) requirements through the implementation of an Internal Control Systembased on the COSO framework.Documentation and testing oft he processes and process controls.
Role:
Tasks:
Methods:
Sector/Client: Bundeswehr
Project Title: Activity- und Workflow Mapping in federal SOA-Systems
Duty Station: Mainz, Germany
Date: 01?06/2008
Project Description:
Project staff in the Global Business Services Unit of IBM Deutschland GmbH within the framework of a study for the Bundeswehr(national military) for the identification of the potential to use service-oriented architectures (SOA) in the field.
Role:
Tasks:
Methods:
Sector/Client: SAP Research
Project Title: Business Process Execution Language Extension for People (BPEL4People)
Duty Station: Sophia-Antipolis, France
Date: 10/2006 ? 04/2007
Project Description:
Project staff within an international team in the business unit Security & Trust of the SAP Labs France.Support during the standardization process of the Business Process Execution Language Extension for People (BPEL4People) of SAP AG in cooperation with IBM.
Role:
Tasks:
Methods:
older projects on request
Certifications
ITIL V3 Foundation Certificate, APM Group Ltd, Buckinghamshire
COBIT Practitioner, ISACA Germany Chapter, Frankfurt
Auditing of SAP Systems on all layers (network, OS, database, application), IBS Schreiber, Hamburg
Education
2008
2001- 2008
My main fields of work are:
Applications:
HP ALM, HP QC, Dell One Identity Manager, QuickView, VMWare, IKV, KVS, Lotus Notes, Outlook, Agiliance/RiskVision, MS Sharepoint, IBM Tivoli Netcool, Tivoli Storage Manager, Control-M,
Microsoft Office, Microsoft Visio, Microsoft Project, VASCO Identity Solutions, VacMan Controller, GINI, VirtualForge CodeProfiler and SystemProfiler
Core Banking Systems:
SAP DM, SAP CML, SAP BP, Partenon, diverse mainframe (z/OS) based individual solutions
Content Management:
RedDot, Typo 3
ETL:
Informatica, Elixir
Development Tools:
Toad for Oracle, SQL Developer, Eclipse, Tortoise SVN
Web- & Applicationserver:
Weblogic, JBoss, Apache Tomcat, Window Server, MS Internet Information Server, SAP Netweaver Application Server, WebSphere
Further IT Skills:
SOA and Web Services, Workflow Modelling (IBM Websphere, ActiveBPEL Designer, ActiveBPEL Engine and others
Expertise & Focus Areas
Program & Project Management:
Program- and Project Management (agile, SCRUM, waterfall) in international environments in the area of financial services and other industries. Interim management, securities processing, cash management, securities custody, lending and credit processing, regulatory compliance (e.g. SOX, FATCA, CRS, WpHG, MaRisk, Solvency 2 etc.), KYC & client onboarding, AML, trade surveillance, outsourcing management, identity & access management (ID&M/IAM), online banking, online brokerage, mobile banking, mobile trading, electronic banking (i.a. EBICS, SWIFT), disaster recovery, business continuity management, business analysis, process analysis, process management, requirements analysis, requirements engineering, requirements management, test management, resource planning, PMO, SB-terminals, service level agreements,
Governance, Risk & Compliance
IT audit (processes, infrastructure, database, mobile, self-service banking (SB), applications, programs, projects), IT risk management and IT governance according to COSO and COBIT, internal control systems (conception, implementation and testing), IT-SOX, IT J-SOX, fraud investigation, KWG, anti-terrorism and sanction adherence. Strong expertise with main global regulators (e.g. MAS, FED, FSA, ECB, BaFin), application security monitoring, SIEM, segregation of duties (SoD), 4-eye-principles and respective control implementation.
Further Expertise
IT strategy, market research, data analysis, data quality management, quality assurance, IT and cyber security, threat & vulnerability management, data leakage prevention, digitalization programs/projects and inititatives, SOA, web service standards, coaching and workshops.
Experience
2016 - today
Management Consultant as Freelancer
2012 ? 2016
Principal Auditor IT at a major global Investment Bank
2011 - 2012
Senior Consultant at Cassini Consulting, Germany
2008 - 2010
Consultant at PWC for Governance, Risk & Compliance, Germany
2006 - 2007
6 months internship at SAP AG, Department for Security & Trust located in France
Financial Service Providers
Conglomerate
Transport &Logistics
Industrial Metals
Plant Engineering
ConsumptionGoods
Security Technology
Consultancy & Auditing
Energy Providers
IT, Elektronik & Hightech
Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.