AV
teilweise verfügbar

Letztes Update: 08.03.2024

IT-Security & Audit Consultant / Controls Writer

Abschluss: Bsc.
Stunden-/Tagessatz: anzeigen
Sprachkenntnisse: deutsch (verhandlungssicher) | englisch (verhandlungssicher) | französisch (gut)

Dateianlagen

Kurz-CV-2023_200124.pdf
Zeug-ZEK_200124.pdf

Skills

- In-depth knowledge of computer networking concepts, protocols, and network security methodologies.
- Familiarity with wireless technologies, including cellular and satellite, and modern wireless communications systems.
- Understanding of cyber threats and vulnerabilities.
- Knowledge of cyber intelligence/information collection capabilities and repositories.

- Proficient in writing, reviewing, and editing cyber-related intelligence/assessment products.
- Experience providing current intelligence support to critical internal/external stakeholders.
- Ability to think strategically from the perspective of threat actors.

 - Cyber Analysis.
 - Process Cyber Inteligence.
 - Analyze and Investigate logs.
 - Network and Cyber Threat landscape.
- SOX, Cobit, ISO, Data - Protection.
- IBM, Firewall, SOX - Controls, ITIL.
- SAP-R3, BW-SAP, SAP-Access, Release-Management.
- ServiceNow, Test-Director.
- IT-Security, Cryptography.
- AS400, Unix (Dec, Sun-Solaris, Aix, MVS, Oracle - Sybase, SQl, DB2 - Interfaces, ODBC, OLE DB, ADO, ADOCE, ADO.NET, Client / Server, Windows2000 - NT4.0 (Client/Server, Msoffice, XML, NET, DTS, Stored Procedures - Scripts, VMWARE, FileNet, Ixos, Docuware, Mobius, Documentum
OLE, ActiveX, Data Assembly subsystem, Data-Storage Subsystem, SMS, Data  CDMP, SAP / R3 BW, SAP-GRC-Access Control.
- SAP Data - Archiving, SAP/iXos Optical.
- Testing Validation for Autonomous Systems.
- Threat Assesments & Remediations Analysis (TARA).
- TARA - Methodology.
- SIEM & IBM - QRadar.
- SEO - Writer.
-Capable of understanding client,stakeholder needs and translating this into   products and services.

 

Projekthistorie

08/2022 - 12/2022
Security Analysis & Compliance
(Internet und Informationstechnologie, 50-250 Mitarbeiter)

Project of Secuirty Architecture and Risk identification through GDPR and SOX-Controls.
Project is runninng in Sophia Antipolis.

Risk Identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks.
Advise organization on Information Security Management Systems
implementation, including risk assessment and monitoring of information security controls
- Perform certification audits for ISO/IEC 27001, ISO/IEC 20000-1.
- Perform IT security controls assessments.
- Start Organizations Big - Data - Analysis related to security requirements.

02/2013 - 05/2022
Head of IT & Security Audit
Central Credit Bureau (ZEK Zentralstelle für Kreditinformationen)

Responsibilities:
* Security audit in finance environments and internal control for these environments
* Internal control of Cobit and SOX
* Responsible for design and optimization of operational processes and organizational structures
* Align the internal controls with the internal processes of the clients (banks) and proceeding to gap assessment
whenever necessary
* Security and data protection management
* Security architecture
* IT technology management (IBM interface)
* Changes and projects
* Budget and controlling of IT
* Customer and supplier consulting
* Development of conceptual solutions for business and functional problems
* Recognition of weak points in the process landscape, development of solution and their implementation
* Security engineering and concepts
* Firewall regulations and authentication

06/2010 - 01/2013
CISO - Compliance & BPM Manager
Acino Pharma (Mepha Pharma LLC)

Responsibilities:
* Application owner of BPM modelling application (AENEIS).
* Consult and support of business process owners of the business departments.
* Evangelize BPM subject within the Mepha organization.
* Analysing, modelling and documentation of IT-supported business processes according to existing regulatory (SOX,
GxP, ISO9001)
* Single point of contact for all matters related to BPM.
* Support of internal/external audits for SOX controls in SAP R3 and BW.
* Be the main link between stakeholders and IT vendor ensuring that SOX is developed in line with business needs.
* Organize a new SAP-Authorization-Management through GRC -SAP Access control. User risk and conflict violations
analysis.
* Implement and maintain IT-SOX compliance.
* Coordinate in Corporate level the roll-out audits for SOX controls compliance.
* CISO:
o Implementation all the IT security regulations globally.
o SAP Authorization Concept




o Risk Analysis and Measures
o Responsible for the internal IT-Audits
o ISMS Process optimization

08/2008 - 05/2010
Senior Project Manager und Account Manager for Asia
Falcon Private Bank (Formal AIG Private Bank)

Responsibilities:
* ITSM Project -ITCC (Global Competence Center) for Asia
o Incident Management Process
o Problem Management Process
o Change & Release Management Process
o Continuity Management Process
o BCP for Asia
o Global System for Contracts and SLA Management (Discovery Engine)
o Global Roll out of the competence center with the implementation of the tool: ServiceNow
o Test Management of the project with organization and coordination of all test-cycles.
* Singapore & Hong Kong Account Manager
o Manage the Business Requests in Asia
o Coordinate the IT Tasks between Europe and Asia
o Quality Assurance for the Project-Services in Asia
o SLA's and Services for Asia
o Support the client portfolio Relationship management for the services and Customer satisfaction.
o Business support for the definition of IT-Budget, Plan, and Governance.
* Project Matterhorn (Asia Part)
o Outsource the Business and IT - Core-Processes in Incore. Migration from Olympic-Core-System in
Legando-Core-System.
o Coordination the outstanding processes for Migration.

08/2005 - 07/2008
Project Manager IT/F (IT- Finance) Deputy of the Team Leader
SwissLife AG

Responsibilities:
* Asia Program Manager
o Host all necessary project planning
o Coordinate and facilitate capturing all Business functional requirements
o Develop and discuss Business Case
o Represent IT towards Stakeholders and towards Business
o Responsible for all necessary project paperwork
o Manage the performance and quality of the external service providers with respect to any formal project
agreements
o Develop coordinate, and monitor project budget
o Manage reporting process
o Manage scope, identify and resolve key issues and risks, ensure timely and complete deliverables
o Integrate change management processes into project plan
o Interface with implementation team
o Manage components of the implementation methodology and manage post-implementation review
* Project: Life System (Wrap Product Application) in Shanghai:
o Life system is a LAP (Life Asset Portfolio) application. These products are combining asset and insurance
portfolios together.
o The development of the product runs in Shanghai by a company named eBaoTech
o Manage the Development Implementation and engineering in Shanghai.
* Project: Integration of Capital Leben Lichtenstein into eBao Life System.
o Project Management for the Integration procedures.
o Gap-Analysis/Assessment
o Secure the communication between SL(FL), CL and eBao in Shanghai
o Create the IT specifications for the Integration and Roll-Out.
o Create the IT-Architecture Concept
o Define the strategy of Data migration
o Define the migration approach for the functionalities and new products.

02/2001 - 07/2005
Associate Director - IT Quality Manager for Investment funds
UBS AG

Responsibilities:
* IT Quality Reviews
* Specify and apply the IT-Quality.
* Concepts for the development process.
* Coaching of Project Managers.




* Project Test Plans, Implementation of Regressions Tests with Test Director, WinRunner.
* Coordination of IT-Security.
* Create the IT Architecture of the Investment Funds.
* Create the project management governance.

01/1999 - 06/2000
Senior Consultant
IMG AG


08/1999 - 04/2000
Applications Developer/Project Manager
ZKB (Zürcher Kantonalbank)


08/1995 - 11/1998
System Consultant
Rank Xerox AG


08/1995 - 11/1998
System engineer/Customer Service Engineer
Digital Equipment Corporation AG


Reisebereitschaft

Verfügbar in den Ländern Deutschland, Österreich und Schweiz

Sonstige Angaben

An experienced audit and risk professional able to work in complex multinational organisations.
Skilled at stakeholder management at all levels from board level to frontline.
Has a high level of strong analytical skills, integrity and hands-on approach, being able to navigate in different cultures globally with ease and influence organisational cultural development.   Creation of Internal Audit department in a Greenfield environment. Responsible for developing and leading the execution of the global risk-based audit plan.

Experienced in developing and deploying Enterprise Risk Management Projects.
Implementation of internal control requirements for listed companies & IPO introduction (EU and Canada SOX).

Skilled at assessing Group key processes including its governance, risk management and control environment and system implementation to increase organisational efficiency.

Broad business exposure to different sectors and geographies: Pharmaceutical, Finance, Telecommunication & Public sector in Europe.
Fluent in English and German.
Profilbild von Anonymes Profil, IT-Security & Audit Consultant / Controls Writer IT-Security & Audit Consultant / Controls Writer
Registrieren