NOTE: Due to non-disclosure agreements, not all details regarding used applications, vendors etc. are listed here. Audits were usually conducted front-to-back/end-to-end incl. business and IT.
Planning, coordination and realization of IT audits and projects in the retail, wholesale and investment division of a major global investment bank with following tasks and responsibilities:
Audit planning (plan, resources, scope) and stakeholder management (auditees, senior management, external vendors like IBM, GFT, HCL, CGI, SMC and many others). Fieldwork performance and management. Audit reporting and findings agreement. Audit and vendor coverage management.
I managed audits and performed fieldwork by myself for the following areas:
Regulatory compliance, e.g. for FATCA, SOX and respective compliance implementation projects and operations. Analysis of requirements, test coverage and sufficient operational controls.Auditing of large scale change and digitalization initiatives, programs and sub-projects with following topics:Analysis of adequate program setup and respective governance structures incl. senior management steering committees and their setup (incl. PMO, risk & issue tracking/management) over all phases of programs (planning, implementation, testing incl. UAT, go-live and post go-live). Analysis of quality management measures, adequate security concepts and sufficient non-functional requirements consideration.Roll-out of a lending core banking system (SAP CML) and migration of data from legacy systems.SEPA compliance and respective implementation projects.Implementation of a consolidated risk rating engine after a merger & acquisition (M&A) with another major bank.Analysis of corporate outsourcing and intra-group service governance and processes in an environment with 10.000+ vendors incl. strategic, large scale outsourcing deals including full datacenters and major parts of IT infrastructure and application landscape. Analysis of service level agreements, statements of work, contracts respective KPI setup for tracking/monitoring of service delivery and adequate governance structures and processes.Analysis of global program governance frameworks aimed for usage in a worldwide scale in all countries and subsidiaries.Analysis of online and mobile banking and brokerage propositions in various countries (i.a. Germany, Belgium, India) incl. adequate data leakage prevention, IT and cyber security measures, availability/DR/BCM, scalability, identity & access management for clients (tokens, authentication and authorization apps), processes and governance incl. payments transactions and processing. Validation of compliance to regulations like SecuRePay, MASI, MaRisk.Analysis of direct electronic banking channels for corporate clients (e.g. EBICS, SWIFT) and respective software and appplications.Cash management for corporates incl. governance, processes, daily reconciliations etc.Securities processing, custody, trading and brokerage with direct connections to global stock exchanges (e.g. Deutsche Börse, Euronext). Validation of compliance to local securities trading acts (e.g. WpHG).Setup of a global SAP governance framework with 30+ SAP instances incl. governance processes for patching, system security and code management using VirtualForge CodeProfiler and SystemProfiler. Found issue remediation in system configuration and ABAP and Java code. Validation of underlying infrastructure security regarding vulnerability and (cyber-)threats on OS and database level.Auditing of self-service banking (SB) governance, processes and infrastructure (SB-terminals). Intrusion protection of SB-terminals, terminal software development, testing and deployment management incl. payments transactions and processing.Analysis of anti-money laundering (AML) and know-your-client (KYC) processes during onboarding of clients. Validation of compliance, adequate governance and process setup incl. status senior management reporting.Validation of mobile application management of the bank, incl. processes around development, testing, and app-store upload/deployment (Windows Mobile, iOS, Android).