Profileimage by Anonymous profile, Beraterin für Regulatorik, Risikomanagenent im Finanzsektor, internationaler Projektmanagerin
not available until 01/01/2022

Last update: 23.09.2021

Consultant Regulatory Risk & Compliance in the Financial Sector, International Project Manager

Graduation: Consultant Regulatory, Risk Management in the Financial Sector, International Project Manager
Hourly-/Daily rates: show
verhandelbar für Remote-Projekte
Languages: German (Full Professional) | English (Native or Bilingual) | Italian (Elementary) | Spanish (Elementary)


Analysis AS/400 BPO IT Project Manager IT purchasing IT Risk Assessment IT Rollout IT Service Delivery IT Service Management IT Supplier IT Team Leader ITIL ITIL V3 BPMN JIRA Know Your Customer KPI KPI monitoring KPI Report KRI KYC KYC Review landesk large project business LE leadership leadership skills Leadership Coaching Licensing License Manager License Management M&A Managed Services Management Consultancy Business & Functional Requirements Gathering Management Advisory management and business consultant Management Consultant Management Consulting management reporting Manager MIFID II MS Office suite MS project Outsourcing Business & IT Analyst Outsourcing & procurement P&L Performance Management PRINCE2® Practitioner PRINCE2® Procurement Project management Project Manager Project Delivery project experience Business & IT Consultant Project lead Project Leader project leadership project management & consulting Project Management Outsourcing project monitoring Quality assurance / management Quality Management RFI RFP Business Analysis RfP full life-cycle RFP/RFQ RFQ Risk and Compliance Risk Management Scrum Scrum Master scrum master certified Segregation of Duties (SoD) Service & Incident Management Business Analyst Service contracts Service Delivery Service Delivery Manager Service Level Agreements Service Management Service Manager Service Now Service provider SLA SLA Management Business and Finance Sourcing Sourcing Management Sourcing Manager Sourcing strategy SoD Software Licensing Software life-cycle SOX supplier development Supplier Lifecycle Management Business and IT Supplier management SUPPLIER QUALIFICATION supplier sourcing Transition Management Transition manager UAT UAT Testing Vendor Management Vendor Invoice Management Vendor relationship Bank Know How Business and IT Process Management Business Consultant Business Consulting Business Continuity Management Business Management Business Needs Clarification Business Operations Business Partner Business process model Carve Out Management Bank Technology Carve-out Certification Change & Performance Management Change Management Change the Bank COBIT Communication Compliance Compliance Management Contract Banking & Finance Contract evaluation Contract Management Contract Manager Contract Negotiation Contract preperation Contract/Risk Manager Contractor Management Controlling CSI metrics CSI processes Banking experience data flow diagramming Data Modelling Data Privacy data protection Delivery Management Delivery Manager Disaster Recovery Document Management System (DMS) Documentation Documentum banking sector EBA EBA Outsourcing Regulations eDMS English English native speaker English and German ERP GDPR GDPR Compliance German Basel II German and English Global Administrator global delivery Global implementations Global Sourcing Global Teams Management global timelines Global Project Management Intercultural Communication International deployments Basel III international project management international Projects International Rollouts International Sourcing interpersonal skills ISO 27001 IT Business Analyst IT Consultant IT Consulting IT contract administration BCM IT Freelancing IT generalist IT Governance IT Infrastructure IT Management IT Management Consulting IT Licensing IT Manager It outsourcing IT project management


Certification: Prince2®, ITIL v3®, Scrum Master

Technical Knowledge and Experience
MaRisk, BAIT, VAIT, EBA Guidelines for Outsourcing
Vendor management
KPI / SLA Management / KRI
EU & DE Data Protection / Compliance
Business process analysis & design
Change Management / Organization & Documentation
Risk Management
SoD (Segregation of Duties), Functional Taxonomy / Scorecard Analysis
KYC (Know Your Customer)

Regulatory Knowledge
  • MaRisk            Minimum Requirements for Risk Management
  • BAIT                Regulatory Obligations for IT in the Banking Industry
  • VAIT                Regualtory Obligations for IT in the Insurance Industry
  • BDSG             German Federal Data Protection Act
  • GDRP           EU General Data Protection Regulation
further experience with:
GWG  - Geldwäschegesetz                                          Anti-Money Laundering Law
VAG   - Versicherungsaufsichtsgesetz                         Insurance Governance Law
WpHG - Wertpapierhandelgesetz                                Securities Trading Act
DVO 2017 - Delegierte Verordnung (EU) 2017/ 565    Organisational requirements and operating conditions for investment firms

Project history

03/2021 - 12/2021
Business Analyst, Outsourcing Expert
Aareal Bank (1000-5000 employees)
Banks and financial services

06/2020 - 02/2021
Regulatory Senior Expert
Deutsche Börse AG (1000-5000 employees)
Banks and financial services

04/2019 - 04/2020
Regulatory Specialist, Vendor Management Specialist
Finanz Informatik Technologie Services (FI-TS) (500-1000 employees)
Banks and financial services
Responsible for the strategic, conceptual development of the Provider Management service. Area of expertise was in the context of outsourcing and relocation of services in the field of data processing and business informatics within the banking sector. Especially taken into account were the current requirements of the supervisory authorities BaFin, ECB and Bundesbank as well as the general legal requirements for support in central provider management.

•    Continual supervision of current and new regulations in the area of the ECB, MaRisk, BAIT/VAIT and ensure the proper implementation of such into internal regulations and processes
•    Drive forward the digital transformation of the company by developing solutions for the digitalization of provider management processes and their auditable implementation
•    Create management reports representing status quo as well as current challenges and risks 
•    Support internal and external audits by providing appropriate governance documentation and checklists
•    Act as main provider management contact person for management, internal and external auditors as well as customers from the finance and insurance industries

06/2018 - 03/2019
Regualatory Specialist, Vendor Management Specialist
Bethmann Bank (500-1000 employees)
Banks and financial services
Define, create, and implement central outsourcing management in accordance with the current regulatory landscape

•    Coordinate with the main affected parties to document and incorporate business requirements into the new governance model of outsourcing management
•    Identification and classification of relevant IT contracts in relation to MaRisk, AT 9 / BAIT / GDPR
•    Analyze contract fulfillment against MaRisk, AT 9 / BAIT / GDPR
•    Create of a standard risk assessment catalog to determine the criticality of a self-created application (IDV) from a risk management perspective (links, data quality, security-relevant and personal data)
•    Revise official Outsourcing Strategy for publication in the Annual Report (in both English and German)
•    Define and implement a sustainable governance structure

License Management:
•    Identify, analyze, and consolidate existing IT vendor contracts (approx. 100 different applications) and determine licensing roadmap for each application
•    Support the legal department by the negotiations with external software and system suppliers
•    Create a roadmap to upgrade and update the (ARIBA) contract management system 

Acted as SME (Subject Matter Expert) for issues concerning German/EU laws & Best Practice (regarding provider management):
-    MaRisk     Minimum Acceptable Risk in Outsourcing
-    BAIT         Supervisory Requirements for IT in Financial Institutions
-    BDSG       Federal Data Protection Law
-    WpHG      Securities Trading Act
-    GDPR      General Data Protection Regulation
-    MiFID II    Markets in Financial Instruments Directive II
-    (EU) 2017 / 565     Organisational requirements and operating conditions for investment firms
-    EBA/GL/2019/02    EBA Guidelines on outsourcing arrangements

03/2017 - 11/2017
Business Analyst, Vendor Management Specialist
Finanz Informatik Technologie Services (FI-TS) (500-1000 employees)
Banks and financial services
Engaged as Business Analyst for the Provider Management department. Responsible for providing guidance and support for two initiatives:
1)    ECB Audit Resolution Project
•    Provide guidance and support in resolving Findings from a recent audit of the European Central Bank
•    Coordinate & train internal Stakeholders in updated procedures to resolve audit points
•    Provide documentation for submission to the European Central Bank as evidence of Findings resolution and implementation of future risk mitigation measures

2)    Contract Analysis
•    Create database to capture risk-relevant information from client as well as vendor contracts
•    Identify legacy documentation and analyze contractual value chain to ensure risk management compliance
•    Create roadmap and provide procedural documentation for the resolution of identified compliance risks

Acted as SME (Subject Matter Expert) for issues concerning German/EU laws & Best Practice:
-    MaRisk    Minimum requirements for risk management  [Mindestanforderungen an das Risikomanagement]
-    BAIT        Regulatory obligations for IT in the banking industry  [Bankaufsichtliche Anforderungen an die IT]
-    VAIT        Regulatory obligations for IT in the insurance industry [Versicherungsaufsichtliche Anforderungen an die IT]
-    BDSG      Federal Data Security Law  [Bundesdatenschutzgesetz]
-    GDPR     General Data Protection Regulation

Analysis and update of internal business processes to comply with new data protection regulation in the areas of:
•    Compliance and risk controlling
•    Exit Strategies
•    Contract Management
•    Definition and implementation of a centralized Provider Management structure

06/2016 - 12/2016
Business Analyst, Vendor Management Specialist
RWE Supply and Trading GmbH (250-500 employees)
Banks and financial services

Engaged as Project Manager for the Quality Assurance Initiative "VIP” (Vendor Improvement Programme).. Tasked to analyze and revitalize stalled VIP project and create a roadmap to implement the 12 identified workflows.

Scope: 568 international vendors
Scale: Delivery window of 6 months, 14 delivery location in 9 countries (Germany, Czech Republic, England, India, Indonesia, Netherlands, Singapore, USA, Vietnam)

ERFOLGE: •    Revitalized stalled project and brought it to conclusion within scheduling parameters


  • Create and implement an Engagement model for Vendor Management
  • Coordinate with main business Stakeholders to document and incorporate business-side requirements into new Vendor Management Governance and Engagement models
  • Create and implement Communications Plan; including the organization of Focus Groups, create and publish various internal and external project marketing collateral, create training documentation for the Vendor Management Group
  • Provide project closure training and lead implementation kick-off sessions for the areas of Governance, Engagement, Risk Reporting and Communications
  • Act as technical PM responsible for translating business requirements to offshore development teams
  • Analyze and re-design the data model for two (2) SharePoint databases
  • Coordinate UATs and implementation of database into production environment

01/2016 - 07/2016
Contract Specialist, License Manager
Postbank (1000-5000 employees)
Banks and financial services
Engaged as Business Analyst/Contracts Specialist in the project 'Separation IT eWorkplace & Environment' which controls the contractual separation ('carve-out') of Postbank from Deutsche Bank in preparation for Postbank's stock market debut in June 2016.
Tasked to analyze current contractual relationship between Deutsche Bank/Postbank for the area of 'IT eWorkplace' and create a roadmap to translate this relationship to Postbank and its chosen continuance vendors
Acted as SME (Subject Matter Expert) for issues concerning German federal laws:
-    BDSG    Bundesdatenschutzgesetz    [data protection]
-    GWG    Geldwäschegesetz    [anti-money laundering]
-    TKG    Telekommunikationsgesetz    [telecommunications]
-    VAG    Versicherungsaufsichtsgesetz    [insurance governance]

Scope:        20000+ affected workplaces, 3 vendor resources engaged
Scale:        Delivery window for target phase was 4 months

•    Finalized contracts delivered on schedule
•    Successfully incorporated COBIT and ITIL elements into the Frame Agreement, SLA-Agreement and individual Service Specifications (Leistungsscheine)

•    Analyze Frame Agreements and SLA-Agreements for inclusion/compliance with key BaFin auditing specifications
•    Identify key business services and create Service Specification documents (Leistungsscheine) for such

License Management:
•    Coordinate with main business Stakeholder to document and incorporate business-side requirements into new contracts framework
•    Analyze global/tethered license agreements and determine carve out roadmap, i.e. release, third-party contract, hybrid volume, etc.
•    Consolidate and negotiate license agreements according to enterprise economic guidelines

04/2015 - 08/2015
Business Analyst, Information Security Consultant
Deutsche Bank (>10.000 employees)
Banks and financial services

(a) Partial project within the group 'Global Technology & Operations'
Supporting the KYC Process (Know Your Customer):
•    Production of localized presentations for the KYC rollout to selected areas in Germany (Kickoff)
•    Identification and coordination of Stakeholders, analysis, and documentation of their current KYC processes, and planning for the integration/implementation of global KYC guidelines

(b) Partial project within group 'Identity & Access Governance' Engaged as Business Analyst in the CISO IAG GAMA BTF
CISO        Chief Information Security Office   
IAG        Identity & Access Governance 
GAMA    Global Access Management
BTF        Business Task Force
Tasked to create and document the Business Design for the SoD TOM for global implementation (Segregation of Duties, Target Operating Model)
Analyzed and documented processes for risk assessments and remediation with respect to the Functional Taxonomy

Project value:    €45 Million
Scope:        4500+ affected applications, 50+ vendor resources engaged
Scale:    Delivery window for target phase was 4 months

Analysis and documentation of business processes relating to:
•    Review and design of Functional Taxonomy to identify toxic combinations
•    Application Security Fundamental Issues from violation identification to remediation
•    Review of access management issues across key business applications
•    Review of roles, privileges, and entitlements within applications
•    Maintenance of program master documents and libraries

Time and spatial flexibility

Available fulltime, remote or on-site in Frankfurt / Rhine-Main Metro area

Contact form

Contact details