Sector /Client: Financial Industry
Duty Station: Frankfurt, Germany
Date: 12/2012 – 10/2016
Project Description:
Lead Auditor IT in a major global investmant bank, managing global interdisciplinary audit projects with up to 10 auditors and up to 250 man days of budget.
Roles:
• Lead IT Auditor
Tasks:
NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.
Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:
- Audit planning (plan, resources, scope) and stakeholder management (auditees, senior management, external vendors like IBM, GFT, HCL, CGI, SMC and many others). Fieldwork performance and management. Audit reporting and findings agreement. Audit and vendor coverage management.
I managed audits and performed fieldwork by myself for the following areas: - Regulatory compliance, e.g. for FATCA, SOX and respective compliance implementation projects and operations. Analysis of requirements, test coverage and sufficient operational controls.
- Auditing of large scale change and digitalization initiatives, programs and sub-projects with following topics:
- Analysis of adequate program setup and respective governance structures incl. senior management steering committees and their setup (incl. PMO, risk & issue tracking/management) over all phases of programs (planning, implementation, testing incl. UAT, go-live and post go-live). Analysis of quality management measures, adequate security concepts and sufficient non-functional requirements consideration.
- Roll-out of a lending core banking system (SAP CML) and migration of data from legacy systems.
- SEPA compliance and respective implementation projects.
- Implementation of a consolidated risk rating engine after a merger & acquisition (M&A) with another major bank.
- Analysis of corporate outsourcing and intra-group service governance and processes in an environment with 10.000+ vendors incl. strategic, large scale outsourcing deals including full datacenters and major parts of IT infrastructure and application landscape. Analysis of service level agreements, statements of work, contracts respective KPI setup for tracking/monitoring of service delivery and adequate governance structures and processes.
- Analysis of global program governance frameworks aimed for usage in a worldwide scale in all countries and subsidiaries.
- Analysis of online and mobile banking and brokerage propositions in various countries (i.a. Germany, Belgium, India) incl. adequate data leakage prevention, IT and cyber security measures, availability/DR/BCM, scalability, identity & access management for clients (tokens, authentication and authorization apps), processes and governance incl. payments transactions and processing. Validation of compliance to regulations like SecuRePay, MASI, MaRisk.
- Analysis of direct electronic banking channels for corporate clients (e.g. EBICS, SWIFT) and respective software and appplications.
- Cash management for corporates incl. governance, processes, daily reconciliations etc.
- Securities processing, custody, trading and brokerage with direct connections to global stock exchanges (e.g. Deutsche Börse, Euronext). Validation of compliance to local securities trading acts (e.g. WpHG).
- Setup of a global SAP governance framework with 30+ SAP instances incl. governance processes for patching, system security and code management using VirtualForge CodeProfiler and SystemProfiler. Found issue remediation in system configuration and ABAP and Java code. Validation of underlying infrastructure security regarding vulnerability and (cyber-)threats on OS and database level.
- Auditing of self-service banking (SB) governance, processes and infrastructure (SB-terminals). Intrusion protection of SB-terminals, terminal software development, testing and deployment management incl. payments transactions and processing.
- Analysis of anti-money laundering (AML) and know-your-client (KYC) processes during onboarding of clients. Validation of compliance, adequate governance and process setup incl. status senior management reporting.
- Validation of mobile application management of the bank, incl. processes around development, testing, and app-store upload/deployment (Windows Mobile, iOS, Android).
Sector /Client: SEB Bank / Banco SantanderProject Title: Carve-out SEB Retail BranchDuty Station: Frankfurt, Germany
Date: 05/2011 – 12/2012
Project Description:(Co-)Workstream Lead in the carve-out project of the SEB Retail Banking branch and the following migration of data and systems (Group IT Germany). Interface between the teams of Banco Santander and SEB.
Roles:Tasks:- Data Quality Management
- Data Analysis
- Coordination of multipleProject Activities in international projects
- Business Analysis
- Defectmanagement in the ETL-Environment
- Moderation ofworkshops, performance ofinterviews for analysis and information gaining purposes.
- Process Development
- Several Activities in the area of customer master data as well as in the area of private and merchant bank accounts, loans and avales.
Technology / Methods:- Informatica ETL Engine
- HP Quality Center
- Core Banking Systems
- MS Office, MS Project
- Enterprise Architect
Sector /Client: EnBW SystemeInfrastruktur Support GmbHProject Title: Risk Optimisation SIS OIDuty Station: Karlsruhe, Germany
Date: 02/2011 – 05/2011
Project Description:Validation of the risk and compliance environment of IT processes. Coaching and expert consulting regarding IT governance, risk and compliance. Analysis and optimisation of processes.Reorganisation and optimisation of IT controls and IT control functions.
Role:Tasks:- Planning and coordination of the Risk Management System Audit and its implementation in the organization
- Identification and mitigation of undetected risks
- Restructuring of processes and process controls
- Moderation of workshops, performance of interviews for analysis and information retrieval
- Coaching and expert consulting
Technology / Methods:- Auditing of IT processes and the IT organisation compliant with standards like IDW PS 330, PCAOB und ISA
- COSO ERM
- ITIL V3
- COBIT 4.1
Sector /Client: Lloyds Banking Group plc, LondonProject Title: SOX Implementation Heidelberger Leben / Clerical Medical EuropeDuty Station: Heidelberg, Germany; Maastricht,Netherlands; Luxemburg
Date: 01-11/2010
Project Description:Operationalisation of the Enterprise Risk Management (ERM) and development of an Internal Control System, based on the requirements of Sarbanes Oxley Act’s Section 404 (SOX).Analysis of the baseline situation, including a Gap-Analysis.documentation of the relevantprocess and process controls.
Role:Tasks:- Establishment of a baseline and analysis of the quality and quantity of available risk management system documentation
- Analysis of the existing processes and process controls
- Gap-Analysis based on the requirements of theSarbanes Oxley Act
- Optimisation of processes and process controls
- Coordination oft he implementation and documentation of new and adapted processes and process controls
Methods:- Implementation of anInternal Control Systemin the IT department compliant with SOX Section 404.
- Methodic use of automation potentials for achieving the posed control goals
- Constant orientation on a risk based approach (COSO).
Sector / Client: Bernstein AG, Porta WestfalicaProject Title: Annual Audit 2009Duty Station: PortaWestfalica, Germany
Date: 11/2009
Project Description:Audit of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Role:Tasks:- Documentation and analysis of the status of the ITGC and the Internal Control System
- Documentation of the results for the elaboration of the annual audit report for 2009
- Presentation, analysis and discussion of the results with the client
- PwC Standard audit method for ITGC and Internal Control Systems
- Different infrastructuretechnologies
- SAP FI/CO
Sector / Client: Stahlwerk Bous GmbH, BousProject Title: Annual Audit 2009Duty Station: Bous, Germany
Date: 11/2009
Project Description:Audit of the Internal Control System within the context of the annual audit for 2009.
Role:Tasks:- Documentation and analysis of the status of the ITGC and the Internal Control System
- Documentation of the results for the elaboration of the audit report for 2009
Methods:- PwC Standard audit method for Internal Control Systems
Sector / Client: Duni GmbH, BramscheProject Title: Annual Audit 2009Duty Station: Bramsche, Germany
Date: 11/2009
Project Description:Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual audit of 2009.
Role:Tasks:- Documentation and analysis of the status of the ITGC and the Internal Control System
- Documentation of the results for the elaboration of the audit report for 2009
- Presentation, analysis and discussion of the results with the client
- PwC Standard audit method for ITGCs and Internal Control Systems
- Diverse IT Infrastructure Technologies
- SAP R/3
Sector / Client: KCA Deutag GmbH, Bad BentheimProject Title: Annual Audit 2009Duty Station: Bad Bentheim, Germany
Date: 11/2009
Project Description:Assessment of the IT General Controls (ITGC) and the Internal Control System within the context of the annual final audit of 2009.
Role:Tasks:- Documentation and analysis of the status of the ITGC and the Internal Control System
- Documentation of the results for the elaboration of the audit report for 2009
- Presentation, analysis and discussion of the results with the client
- PwC Standard audit method for ITGCs and Internal Control Systems
- Diverse IT Infrastructure Technologies
- SAP ASAP
Sector / Client: Tyco Group, Schaffhausen (Schweiz)Project Title: 3rd Party Risk Assessment 2009/2010Duty Station: Munich, Germany
Date: 10–11/2009
Project Description:Coordination of the Risk Assessment of a total of 30,000 suppliers and clients (third parties) of the Tyco Group and its subsidiary companies.
Role: Tasks:- Preparation and mailing of the Risk Assessment Surveys to the third parties, as well as documentation and analysis of answers
- Optimisation of the processes and procedures within the Project Management Office
- Development of an automized tool for the processing of the received third party data
- Quality assurance of the daily, weekly and monthly status reporting
Methods:- Intensive use of MS Excel and MS Powerpoint
- Development of automatized tools based on MS Visual Basic for Applications (VBA)
- Compliance with predefined quality standards forproject status reporting
Sector / Client: Hitachi Metals Europe GmbHProject Title: SOX@Hitachi Metals 2009Duty Station: Düsseldorf, Germany
Date: 10/2009 – 04/2010
Project Description:Projectfor the continuation of the implementation and optimisation of an Internal Control System compliant with SOX section 404 in the context of Enterprise Risk Management (ERM) based on COSO. Documentation and coordination of the testing process and process controls in the sales department.
Role:Tasks:- Planning, coordination and implementation of the design effectiveness and operating effectiveness testings
- Documentation of processes and process controls
- Optimisation of processes and process controls
Methods:- Implementation aligned with the COSO risk based approach
- MS Office
- iScala ERP
- MS Visual Basic for Applications (VBA)
Sector / Client: Hitachi Power Europe GmbHProject Title: SOX@Hitachi Power 2009Duty Station: Duisburg, Germany
Date: 07-09/2009
Project Description:Optimisation of the cost-benefit-relationship within the Internal Control System in the framework of the Enterprise Risk Management (ERM) based on COSO.Analysis of the optimisation potential of the Internal Control System after the 3
rd year of implementation.Re-enginereering and documentation of process steps and process controls, according to the identified optimisation potential.
Role:Tasks:- Advisory to the project manager with regards to the implementation of theInternal Control System
- Analysis of the SOX relevant intermal control system documentation.
- Identification of optimisation potential of the Internal Control System.
- Optimisation of processes and process controls.
- Coordination of the implementation of new and changed process and process controls.
Methods:- Implementation of a SOX conform Internal Control System, based on the SOX Cycle.
- COSO based risk approach oriented implementation of the identified optimisation potential
- Development of Internal Control System reporting tools to support Management during the annual SOX Cycle.
Sector/Client: International Commercial Vehicle Producer (anonymous)Project Title: Fraud InvestigationDuty Station: Munich, Germany
Date: 07–08/2009
Project Description:Investigation and clarification of allegedfraud and bribery incidents within a global commercial vehicle producer.Data collection and data analysis of external cash-flow.
Role:Tasks:- Scoping of the data requirements of the SAP and Legacy-Systems for the forensic data analysis of the company und diverse subsidiary companies
- Evaluation of the local data requirements with the IT responsibles in the company und diverse subsidiary companies
- Data preparation/data mappingwith MS Access, according to the set data analysis requirements
- Support during the programming of a Case-Management-Tool with Visual Basic for Applications (VBA)
Methods:- MS Office (Access, Excel, Word)
- SAP FI/CO
-
Sector/Client: PricewaterhouseCoopers AG WPG
Project Title: Unit Sustainable Business Solutions (internal secondment)
Duty Station: Frankfurta.M., Germany
Date: 05–10/2009
Project Description:
Market research and product development for sustainable business practices and solutions in the business unit „Sustainable Business Solutions“, in the context of an internal secondment.Focus on the Chemical &Pharma and the Financial Services Sectors.
Support during the elaboration and translation (English to French)of a process handbook in the framework of the „Cotton made in Africa“ (CmiA) project.
Role:Tasks:- Market research for the evaluation of the market potential of sustainable business solutions.
- Product development through the transfer of the risk-oriented Enterprise Risk Management approachbased on COSOto issues related to Corporate Responsibility.
- Translation and conception of a process handbook (French language)
Methods:- ERM based on COSO
- MS Office
- MS Visual Basic for Applications (VBA)
Sector/Client: Hitachi Metals Europe GmbH
Project Title: SOX@Hitachi Metals 2008
Duty Station: Düsseldorf, Germany
Date: 09/2008 – 05/2009
Project Description:
Compliance with the Sarbanes Oxley Act (SOX) requirements through the implementation of an Internal Control Systembased on the COSO framework.Documentation and testing oft he processes and process controls.
Role: Tasks:- Documentation of the process landscape and of the integrated process controls
- Implementation of the Testing-Phase of the Internal Control System implementation project
- Documentation of results, discussion of results with the client and presentation of improvement recommendations
- Development ofIT toolsto support testing and status reporting
Methods:- ERM and Internal Control System based on COSO
- MS Office
- iScala ERP
- MS Visual Basic for Applications (VBA)
Sector/Client: Bundeswehr
Project Title: Activity- und Workflow Mapping in federal SOA-Systems
Duty Station: Mainz, Germany
Date: 01–06/2008
Project Description:
Project staff in the Global Business Services Unit of IBM Deutschland GmbH within the framework of a study for the Bundeswehr(national military) for the identification of the potential to use service-oriented architectures (SOA) in the field.
Role:Tasks:- Analysis of diversefederation scenarios of support teams in case of disasters or emergencies
- Analysis and documentation of the optimal, service-oriented IT-support of the focused federation scenarios
- Analysis of the use of artificial intelligence (AI algorythms) for the automatic mapping of activities and workflows
Methods:- IBM WebsphereApplciation Server
- IBM WebsphereMessage Broker
- IBM Websphere Enterprise Service Bus
- IBM Websphere Service Registry and Repository
Sector/Client: SAP Research
Project Title: Business Process Execution Language Extension for People (BPEL4People)
Duty Station: Sophia-Antipolis, France
Date: 10/2006 – 04/2007
Project Description:
Project staff within an international team in the business unit Security & Trust of the SAP Labs France.Support during the standardization process of the Business Process Execution Language Extension for People (BPEL4People) of SAP AG in cooperation with IBM.
Role:- Analysis of the security aspects of the design of both BPEL4People und Web Services Human Tasks (WS-HumanTask) components
- Discussion of the results with the standardization committee of the SAP AG in Walldorf
- Implementation of prototypes for the evaluation of the results
Methods:- SAP Netweaver
- BPEL4People and WS-HumanTask
- Further WS* Standards
Sector/Client: Pop-Akademie Baden-Württemberg
Project Title: Implementation of an electronic Music Label (E-Label)
Duty Station: Darmstadt and Mannheim, Germany
Date: 04–10/2005
Project Description:
Cooperation project between the University of Technology, Darmstadt (TechnischenUniversität Darmstadt) and the Pop-Akademie Mannheim for the development and implementation of an E-Label concept.
Role:- Sub-project Manager &Developer
Tasks:- Implementation of a Typo 3 Content Management Systems (CMS) with Frontend und Backend
- User Interface Design of the Frontend
- Development of an own Typo 3 Plugin
- Integration of an Online Shop System
Methods:-
Sector/Client: Fraunhofer Institute for integrated Publication Systems (IPSI)
Projekttitel: Tool- und Template Development in the XSL Transformation Language (XSLT) for the analysis of activity graphs
Duty Station: Darmstadt, Germany
Date: 04/2002 and 04/2004
Project Description:
Cooperation project of University of Technology, Darmstadt (TechnischeUniversität Darmstadt) and the Pop-Academy Mannheim for the development and implementation of an E-Label concept.
Role:- Development of tools and XSLT templates for the analysis of activity graphs
Methods: