Consultant Regulatory Risk & Compliance in the Financial Sector, International Project Manager available

Consultant Regulatory Risk & Compliance in the Financial Sector, International Project Manager

available
Profileimage by Anonymous profile, Beraterin für Regulatorik, Risikomanagenent im Finanzsektor, internationaler Projektmanagerin
  • 60529 Frankfurt am Main Freelancer in
  • Graduation: Consultant Regulatory, Risk Management in the Financial Sector, International Project Manager
  • Hourly-/Daily rates: not provided
  • Languages: German (Full Professional) | English (Native or Bilingual) | Italian (Elementary) | Spanish (Elementary)
  • Last update: 23.09.2020
KEYWORDS
PROFILE PICTURE
Profileimage by Anonymous profile, Beraterin für Regulatorik, Risikomanagenent im Finanzsektor, internationaler Projektmanagerin
SKILLS
Certification: Prince2®, ITIL v3®, Scrum Master

Technical Knowledge and Experience
MaRisk, BAIT, VAIT, EBA Guidelines for Outsourcing
Vendor management
KPI / SLA Management / KRI
EU & DE Data Protection / Compliance
Business process analysis & design
Change Management / Organization & Documentation
Risk Management
SoD (Segregation of Duties), Functional Taxonomy / Scorecard Analysis
KYC (Know Your Customer)

Regulatory Knowledge
  • MaRisk            Minimum Requirements for Risk Management
  • BAIT                Regulatory Obligations for IT in the Banking Industry
  • VAIT                Regualtory Obligations for IT in the Insurance Industry
  • BDSG             German Federal Data Protection Act
  • GDRP           EU General Data Protection Regulation
further experience with:
GWG  - Geldwäschegesetz                                          Anti-Money Laundering Law
VAG   - Versicherungsaufsichtsgesetz                         Insurance Governance Law
WpHG - Wertpapierhandelgesetz                                Securities Trading Act
DVO 2017 - Delegierte Verordnung (EU) 2017/ 565    Organisational requirements and operating conditions for investment firms
PROJECT HISTORY
  • 04/2019 - 04/2020

    • Finanz Informatik Technologie Services (FI-TS)
    • 500-1000 employees
    • Banks and financial services
  • Regulatory Specialist, Vendor Management Specialist
  • Responsible for the strategic, conceptual development of the Provider Management service. Area of expertise was in the context of outsourcing and relocation of services in the field of data processing and business informatics within the banking sector. Especially taken into account were the current requirements of the supervisory authorities BaFin, ECB and Bundesbank as well as the general legal requirements for support in central provider management.

    Activities:
    •    Continual supervision of current and new regulations in the area of the ECB, MaRisk, BAIT/VAIT and ensure the proper implementation of such into internal regulations and processes
    •    Drive forward the digital transformation of the company by developing solutions for the digitalization of provider management processes and their auditable implementation
    •    Create management reports representing status quo as well as current challenges and risks 
    •    Support internal and external audits by providing appropriate governance documentation and checklists
    •    Act as main provider management contact person for management, internal and external auditors as well as customers from the finance and insurance industries

  • 06/2018 - 03/2019

    • Bethmann Bank
    • 500-1000 employees
    • Banks and financial services
  • Regualatory Specialist, Vendor Management Specialist
  • Define, create, and implement central outsourcing management in accordance with the current regulatory landscape

    Activities:
    •    Coordinate with the main affected parties to document and incorporate business requirements into the new governance model of outsourcing management
    •    Identification and classification of relevant IT contracts in relation to MaRisk, AT 9 / BAIT / GDPR
    •    Analyze contract fulfillment against MaRisk, AT 9 / BAIT / GDPR
    •    Create of a standard risk assessment catalog to determine the criticality of a self-created application (IDV) from a risk management perspective (links, data quality, security-relevant and personal data)
    •    Revise official Outsourcing Strategy for publication in the Annual Report (in both English and German)
    •    Define and implement a sustainable governance structure

    License Management:
    •    Identify, analyze, and consolidate existing IT vendor contracts (approx. 100 different applications) and determine licensing roadmap for each application
    •    Support the legal department by the negotiations with external software and system suppliers
    •    Create a roadmap to upgrade and update the (ARIBA) contract management system 

    Acted as SME (Subject Matter Expert) for issues concerning German/EU laws & Best Practice (regarding provider management):
    -    MaRisk     Minimum Acceptable Risk in Outsourcing
    -    BAIT         Supervisory Requirements for IT in Financial Institutions
    -    BDSG       Federal Data Protection Law
    -    WpHG      Securities Trading Act
    -    GDPR      General Data Protection Regulation
    -    MiFID II    Markets in Financial Instruments Directive II
    -    (EU) 2017 / 565     Organisational requirements and operating conditions for investment firms
    -    EBA/GL/2019/02    EBA Guidelines on outsourcing arrangements


  • 03/2017 - 11/2017

    • Finanz Informatik Technologie Services (FI-TS)
    • 500-1000 employees
    • Banks and financial services
  • Business Analyst, Vendor Management Specialist
  • Engaged as Business Analyst for the Provider Management department. Responsible for providing guidance and support for two initiatives:
    1)    ECB Audit Resolution Project
    •    Provide guidance and support in resolving Findings from a recent audit of the European Central Bank
    •    Coordinate & train internal Stakeholders in updated procedures to resolve audit points
    •    Provide documentation for submission to the European Central Bank as evidence of Findings resolution and implementation of future risk mitigation measures

    2)    Contract Analysis
    •    Create database to capture risk-relevant information from client as well as vendor contracts
    •    Identify legacy documentation and analyze contractual value chain to ensure risk management compliance
    •    Create roadmap and provide procedural documentation for the resolution of identified compliance risks

    Acted as SME (Subject Matter Expert) for issues concerning German/EU laws & Best Practice:
    -    MaRisk    Minimum requirements for risk management  [Mindestanforderungen an das Risikomanagement]
    -    BAIT        Regulatory obligations for IT in the banking industry  [Bankaufsichtliche Anforderungen an die IT]
    -    VAIT        Regulatory obligations for IT in the insurance industry [Versicherungsaufsichtliche Anforderungen an die IT]
    -    BDSG      Federal Data Security Law  [Bundesdatenschutzgesetz]
    -    GDPR     General Data Protection Regulation

    Activities:
    Analysis and update of internal business processes to comply with new data protection regulation in the areas of:
    •    Compliance and risk controlling
    •    Exit Strategies
    •    Contract Management
    •    Definition and implementation of a centralized Provider Management structure



  • 06/2016 - 12/2016

    • RWE Supply and Trading GmbH
    • 250-500 employees
    • Banks and financial services
  • Business Analyst, Vendor Management Specialist
  • Engaged as Project Manager for the Quality Assurance Initiative "VIP” (Vendor Improvement Programme).. Tasked to analyze and revitalize stalled VIP project and create a roadmap to implement the 12 identified workflows.

    Scope: 568 international vendors
    Scale: Delivery window of 6 months, 14 delivery location in 9 countries (Germany, Czech Republic, England, India, Indonesia, Netherlands, Singapore, USA, Vietnam)
     

    ERFOLGE: •    Revitalized stalled project and brought it to conclusion within scheduling parameters

    Activities:

    • Create and implement an Engagement model for Vendor Management
    • Coordinate with main business Stakeholders to document and incorporate business-side requirements into new Vendor Management Governance and Engagement models
    • Create and implement Communications Plan; including the organization of Focus Groups, create and publish various internal and external project marketing collateral, create training documentation for the Vendor Management Group
    • Provide project closure training and lead implementation kick-off sessions for the areas of Governance, Engagement, Risk Reporting and Communications
    • Act as technical PM responsible for translating business requirements to offshore development teams
    • Analyze and re-design the data model for two (2) SharePoint databases
    • Coordinate UATs and implementation of database into production environment

  • 01/2016 - 07/2016

    • Postbank
    • 1000-5000 employees
    • Banks and financial services
  • Contract Specialist, License Manager
  • Engaged as Business Analyst/Contracts Specialist in the project 'Separation IT eWorkplace & Environment' which controls the contractual separation ('carve-out') of Postbank from Deutsche Bank in preparation for Postbank's stock market debut in June 2016.
    Tasked to analyze current contractual relationship between Deutsche Bank/Postbank for the area of 'IT eWorkplace' and create a roadmap to translate this relationship to Postbank and its chosen continuance vendors
    Acted as SME (Subject Matter Expert) for issues concerning German federal laws:
    -    BDSG    Bundesdatenschutzgesetz    [data protection]
    -    GWG    Geldwäschegesetz    [anti-money laundering]
    -    TKG    Telekommunikationsgesetz    [telecommunications]
    -    VAG    Versicherungsaufsichtsgesetz    [insurance governance]

    Scope:        20000+ affected workplaces, 3 vendor resources engaged
    Scale:        Delivery window for target phase was 4 months

    Success:
    •    Finalized contracts delivered on schedule
    •    Successfully incorporated COBIT and ITIL elements into the Frame Agreement, SLA-Agreement and individual Service Specifications (Leistungsscheine)

    Activities:
    •    Analyze Frame Agreements and SLA-Agreements for inclusion/compliance with key BaFin auditing specifications
    •    Identify key business services and create Service Specification documents (Leistungsscheine) for such

    License Management:
    •    Coordinate with main business Stakeholder to document and incorporate business-side requirements into new contracts framework
    •    Analyze global/tethered license agreements and determine carve out roadmap, i.e. release, third-party contract, hybrid volume, etc.
    •    Consolidate and negotiate license agreements according to enterprise economic guidelines

  • 04/2015 - 08/2015

    • Deutsche Bank
    • >10.000 employees
    • Banks and financial services
  • Business Analyst, Information Security Consultant
  • (a) Partial project within the group 'Global Technology & Operations'
    Supporting the KYC Process (Know Your Customer):
    •    Production of localized presentations for the KYC rollout to selected areas in Germany (Kickoff)
    •    Identification and coordination of Stakeholders, analysis, and documentation of their current KYC processes, and planning for the integration/implementation of global KYC guidelines

    (b) Partial project within group 'Identity & Access Governance' Engaged as Business Analyst in the CISO IAG GAMA BTF
    CISO        Chief Information Security Office   
    IAG        Identity & Access Governance 
    GAMA    Global Access Management
    BTF        Business Task Force
    Tasked to create and document the Business Design for the SoD TOM for global implementation (Segregation of Duties, Target Operating Model)
    Analyzed and documented processes for risk assessments and remediation with respect to the Functional Taxonomy

    Project value:    €45 Million
    Scope:        4500+ affected applications, 50+ vendor resources engaged
    Scale:    Delivery window for target phase was 4 months

    Activities:
    Analysis and documentation of business processes relating to:
    •    Review and design of Functional Taxonomy to identify toxic combinations
    •    Application Security Fundamental Issues from violation identification to remediation
    •    Review of access management issues across key business applications
    •    Review of roles, privileges, and entitlements within applications
    •    Maintenance of program master documents and libraries


TIME AND SPATIAL FLEXIBILITY
Available fulltime, remote or on-site in Frankfurt / Rhine-Main Metro area
GET IN TOUCH

Message:

Sender: