Applications:                            HP ALM, HP QC, Dell One Identity Manager, QuickView, VMWare, IKV, KVS, Lotus Notes, Outlook, Agiliance/RiskVision, MS Sharepoint, IBM Tivoli Netcool, Tivoli Storage Manager, Control-M,
Microsoft Office, Microsoft Visio, Microsoft Project, VASCO Identity Solutions, VacMan Controller, GINI, VirtualForge CodeProfiler and SystemProfiler
Core Banking Systems:            SAP DM, SAP CML, SAP BP, Partenon, diverse mainframe (z/OS) based individual solutions
Content Management:               RedDot, Typo 3
ETL:                                         Informatica, Elixir
Operating Systems:                  Windows (all generations), DOS, Linux, Unix, OpenVMS, HP-NonStop, Tandem OS, SECOM, TACL
Programming Languages:         HTML, Cobol, SQL, TACL, Java, JavaScript, XML, XSLT, CSS, PHP, VBA, WS-* Standards, C++, OPL, ABAP
Development Tools:                  Toad for Oracle, SQL Developer, Eclipse, Tortoise SVN
Databases:                              Oracle, DB2, MS Access, MySQL, MSSQL
Web- & Applicationserver:         Weblogic, JBoss, Apache Tomcat, Window Server, MS Internet Information Server, SAP Netweaver Application Server, WebSphere
Others:                                     SAP/R3, SAP-FI, Typo 3 CMS
Hardware / IT Infrastructure:      Bladelogic, Mainframce z/OS, Cisco, Alcatel, Novell
Further IT Skills:                        SOA and Web Services, Workflow Modelling (IBM Websphere, ActiveBPEL Designer, ActiveBPEL Engine and others

Sector /Client:                         Financial Industry
Duty Station:                            Frankfurt, Germany
Date:                                       12/2012 – 10/2016
 
 
Project Description:
Lead Auditor IT in a major global investmant bank, managing global interdisciplinary audit projects with up to 10 auditors and up to 250 man days of budget.
 
Roles:
•           Lead IT Auditor
 
Tasks:
 
NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.
 
Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:

• Audit planning (plan, resources, scope) and stakeholder management (auditees, senior management, external vendors like IBM, GFT, HCL, CGI, SMC and many others). Fieldwork performance and management. Audit reporting and findings agreement. Audit and vendor coverage management.
  I managed audits and performed fieldwork by myself for the following areas:
• Regulatory compliance, e.g. for FATCA, SOX and respective compliance implementation projects and operations. Analysis of requirements, test coverage and sufficient operational controls.
• Auditing of large scale change and digitalization initiatives, programs and sub-projects with following topics:
  • Analysis of adequate program setup and respective governance structures incl. senior management steering committees and their setup (incl. PMO, risk & issue tracking/management) over all phases of programs (planning, implementation, testing incl. UAT, go-live and post go-live). Analysis of quality management measures, adequate security concepts and sufficient non-functional requirements consideration.
     
     
     
     
  • Roll-out of a lending core banking system (SAP CML) and migration of data from legacy systems.
  • SEPA compliance and respective implementation projects.
  • Implementation of a consolidated risk rating engine after a merger & acquisition (M&A) with another major bank.
• Analysis of corporate outsourcing and intra-group service governance and processes in an environment with 10.000+ vendors incl. strategic, large scale outsourcing deals including full datacenters and major parts of IT infrastructure and application landscape. Analysis of service level agreements, statements of work, contracts respective KPI setup for tracking/monitoring of service delivery and adequate governance structures and processes.
• Analysis of global program governance frameworks aimed for usage in a worldwide scale in all countries and subsidiaries.
• Analysis of online and mobile banking and brokerage propositions in various countries (i.a. Germany, Belgium, India) incl. adequate data leakage prevention, IT and cyber security measures, availability/DR/BCM, scalability, identity & access management for clients (tokens, authentication and authorization apps), processes and governance incl. payments transactions and processing. Validation of compliance to regulations like SecuRePay, MASI, MaRisk.
• Analysis of direct electronic banking channels for corporate clients (e.g. EBICS, SWIFT) and respective software and appplications.
• Cash management for corporates incl. governance, processes, daily reconciliations etc.
• Securities processing, custody, trading and brokerage with direct connections to global stock exchanges (e.g. Deutsche Börse, Euronext). Validation of compliance to local securities trading acts (e.g. WpHG).
• Setup of a global SAP governance framework with 30+ SAP instances incl. governance processes for patching, system security and code management using VirtualForge CodeProfiler and SystemProfiler. Found issue remediation in system configuration and ABAP and Java code. Validation of underlying infrastructure security regarding vulnerability and (cyber-)threats on OS and database level.
• Auditing of self-service banking (SB) governance, processes and infrastructure (SB-terminals). Intrusion protection of SB-terminals, terminal software development, testing and deployment management incl. payments transactions and processing.
• Analysis of anti-money laundering (AML) and know-your-client (KYC) processes during onboarding of clients. Validation of compliance, adequate governance and process setup incl. status senior management reporting.
• Validation of mobile application management of the bank, incl. processes around development, testing, and app-store upload/deployment (Windows Mobile, iOS, Android).

• Project Manager

• Data Quality Management
• Data Analysis
• Coordination of multipleProject Activities in international projects
• Business Analysis
• Defectmanagement in the ETL-Environment
• Moderation ofworkshops, performance ofinterviews for analysis and information gaining purposes.
• Process Development
• Several Activities in the area of customer master data as well as in the area of private and merchant bank accounts, loans and avales.

• Informatica ETL Engine
• HP Quality Center
• Core Banking Systems
• MS Office, MS Project
• Enterprise Architect

• Project Manager

• Planning and coordination of the Risk Management System Audit and its implementation in the organization
• Identification and mitigation of undetected risks
• Restructuring of processes and process controls
• Moderation of workshops, performance of interviews for analysis and information retrieval
• Coaching and expert consulting

• Auditing of IT processes and the IT organisation compliant with standards like IDW PS 330, PCAOB und ISA
• COSO ERM
• ITIL V3
• COBIT 4.1

• Sub-project Manager

• Establishment of a baseline and analysis of the quality and quantity of available risk management system documentation
• Analysis of the existing processes and process controls
• Gap-Analysis based on the requirements of theSarbanes Oxley Act
• Optimisation of processes and process controls
• Coordination oft he implementation and documentation of new and adapted processes and process controls

• Implementation of anInternal Control Systemin the IT department compliant with SOX Section 404.
• Methodic use of automation potentials for achieving the posed control goals
• Constant orientation on a risk based approach (COSO).
   

• Sub-project Manager

• Documentation and analysis of the status of the ITGC and the Internal Control System
• Documentation of the results for the elaboration of the annual audit report for 2009
• Presentation, analysis and discussion of the results with the client
• PwC Standard audit method for ITGC and Internal Control Systems
• Different infrastructuretechnologies
• SAP FI/CO

• Sub-project Manager

• Documentation and analysis of the status of the ITGC and the Internal Control System
• Documentation of the results for the elaboration of the audit report for 2009

• PwC Standard audit method for Internal Control Systems

• Sub-project Manager

• Documentation and analysis of the status of the ITGC and the Internal Control System
• Documentation of the results for the elaboration of the audit report for 2009
• Presentation, analysis and discussion of the results with the client
• PwC Standard audit method for ITGCs and Internal Control Systems
• Diverse IT Infrastructure Technologies
• SAP R/3

• Sub-project Manager

• Documentation and analysis of the status of the ITGC and the Internal Control System
• Documentation of the results for the elaboration of the audit report for 2009
• Presentation, analysis and discussion of the results with the client
• PwC Standard audit method for ITGCs and Internal Control Systems
• Diverse IT Infrastructure Technologies
• SAP ASAP
   

• Senior Business Analyst

• Preparation and mailing of the Risk Assessment Surveys to the third parties, as well as documentation and analysis of answers
• Optimisation of the processes and procedures within the Project Management Office
• Development of an automized tool for the processing of the received third party data
• Quality assurance of the daily, weekly and monthly status reporting

• Intensive use of MS Excel and MS Powerpoint
• Development of automatized tools based on MS Visual Basic for Applications (VBA)
• Compliance with predefined quality standards forproject status reporting

• Sub-project Manager

• Planning, coordination and implementation of the design effectiveness and operating effectiveness testings
• Documentation of processes and process controls
• Optimisation of processes and process controls

• Implementation aligned with the COSO risk based approach
• MS Office
• iScala ERP
• MS Visual Basic for Applications (VBA)

• Sub-Project Manager

• Advisory to the project manager with regards to the implementation of theInternal Control System
• Analysis of the SOX relevant intermal control system documentation.
• Identification of optimisation potential of the Internal Control System.
• Optimisation of processes and process controls.
• Coordination of the implementation of new and changed process and process controls.

• Implementation of a SOX conform Internal Control System, based on the SOX Cycle.
• COSO based risk approach oriented implementation of the identified optimisation potential
• Development of Internal Control System reporting tools to support Management during the annual SOX Cycle.

• Sub-project Manager

• Scoping of the data requirements of the SAP and Legacy-Systems for the forensic data analysis of the company und diverse subsidiary companies
• Evaluation of the local data requirements with the IT responsibles in the company und diverse subsidiary companies
• Data preparation/data mappingwith MS Access, according to the set data analysis requirements
• Support during the programming of a Case-Management-Tool with Visual Basic for Applications (VBA)

• MS Office (Access, Excel, Word)
• SAP FI/CO
•  
  Sector/Client:                          PricewaterhouseCoopers AG WPG
  Project Title:                           Unit Sustainable Business Solutions (internal secondment)
  Duty Station:                            Frankfurta.M., Germany
  Date:                                       05–10/2009
  Project Description:
  Market research and product development for sustainable business practices and solutions in the business unit „Sustainable Business Solutions“, in the context of an internal secondment.Focus on the Chemical &Pharma and the Financial Services Sectors.
  Support during the elaboration and translation (English to French)of a process handbook in the framework of the „Cotton made in Africa“ (CmiA) project.
   
  Role:
  • Sub-project Manager
  Tasks:
  • Market research for the evaluation of the market potential of sustainable business solutions.
  • Product development through the transfer of the risk-oriented Enterprise Risk Management approachbased on COSOto issues related to Corporate Responsibility.
  • Translation and conception of a process handbook (French language)
  Methods:
  • ERM based on COSO
  • MS Office
  • MS Visual Basic for Applications (VBA)
     
   
  
   
  Sector/Client:                          Hitachi Metals Europe GmbH
  Project Title:                           SOX@Hitachi Metals 2008
  Duty Station:                            Düsseldorf, Germany
  Date:                                       09/2008 – 05/2009
  Project Description:
  Compliance with the Sarbanes Oxley Act (SOX) requirements through the implementation of an Internal Control Systembased on the COSO framework.Documentation and testing oft he processes and process controls.
   
  Role:
  • Sub-project Manager
  Tasks:
  • Documentation of the process landscape and of the integrated process controls
  • Implementation of the Testing-Phase of the Internal Control System implementation project
  • Documentation of results, discussion of results with the client and presentation of improvement recommendations
  • Development ofIT toolsto support testing and status reporting
  Methods:
  • ERM and Internal Control System based on COSO
  • MS Office
  • iScala ERP
  • MS Visual Basic for Applications (VBA)
   
  
   
  Sector/Client:                          Bundeswehr
  Project Title:                           Activity- und Workflow Mapping in federal SOA-Systems
  Duty Station:                            Mainz, Germany
  Date:                                       01–06/2008
  Project Description:
  Project staff in the Global Business Services Unit of IBM Deutschland GmbH within the framework of a study for the Bundeswehr(national military) for the identification of the potential to use service-oriented architectures (SOA) in the field.
   
  Role:
  • Researcher& Developer
  Tasks:
  • Analysis of diversefederation scenarios of support teams in case of disasters or emergencies
  • Analysis and documentation of the optimal, service-oriented IT-support of the focused federation scenarios
  • Analysis of the use of artificial intelligence (AI algorythms) for the automatic mapping of activities and workflows
  Methods:
  • IBM WebsphereApplciation Server
  • IBM WebsphereMessage Broker
  • IBM Websphere Enterprise Service Bus
  • IBM Websphere Service Registry and Repository
  
   
  Sector/Client:                          SAP Research
  Project Title:                           Business Process Execution Language Extension for People (BPEL4People)
  Duty Station:                            Sophia-Antipolis, France
  Date:                                       10/2006 – 04/2007
  Project Description:
  Project staff within an international team in the business unit Security & Trust of the SAP Labs France.Support during the standardization process of the Business Process Execution Language Extension for People (BPEL4People) of SAP AG in cooperation with IBM.
   
  Role:
  • Analysis of the security aspects of the design of both BPEL4People und Web Services Human Tasks (WS-HumanTask) components
  • Discussion of the results with the standardization committee of the SAP AG in Walldorf
  • Implementation of prototypes for the evaluation of the results
  Methods:
  • SAP Netweaver
  • BPEL4People and WS-HumanTask
  • Further WS* Standards
  
   
  Sector/Client:                          Pop-Akademie Baden-Württemberg
  Project Title:                           Implementation of an electronic Music Label (E-Label)
  Duty Station:                            Darmstadt and Mannheim, Germany
  Date:                                       04–10/2005
  Project Description:
  Cooperation project between the University of Technology, Darmstadt (TechnischenUniversität Darmstadt) and the Pop-Akademie Mannheim for the development and implementation of an E-Label concept.
   
  Role:
  • Sub-project Manager &Developer
  Tasks:
  • Implementation of a Typo 3 Content Management Systems (CMS) with Frontend und Backend
  • User Interface Design of the Frontend
  • Development of an own Typo 3 Plugin
  • Integration of an Online Shop System
  Methods:
  •  
    Sector/Client:                          Fraunhofer Institute for integrated Publication Systems (IPSI)
    Projekttitel:                              Tool- und Template Development in the XSL Transformation Language (XSLT) for the analysis of activity graphs
    Duty Station:                            Darmstadt, Germany
    Date:                                       04/2002 and 04/2004
    Project Description:
    Cooperation project of University of Technology, Darmstadt (TechnischeUniversität Darmstadt) and the Pop-Academy Mannheim for the development and implementation of an E-Label concept.
     
    Role:
    • Development of tools and XSLT templates for the analysis of activity graphs
    Methods:
    • N/A