Profileimage by MichaelGeorg Speller Regulatory IT Compliance | DORA/RTS, NIS2, etc. | Auditor | DueDiligence | Policy Writer from StGallen

Michael Georg Speller

available

Last update: 26.03.2024

IT Audit Defense | Regulatory GRC | CyberSecurity | 3rdPartyRisks

Graduation: Law Degree, Informatics Degree
Hourly-/Daily rates: show
Languages: German (Native or Bilingual) | English (Native or Bilingual)

Attachments

2021-06-28_EU Digital Operational Resilience Act (DORA) planned for 2022 _ LinkedIn.pdf
BG-Academy Excellence Certificate .pdf
Customer-Testimonials_2000-2022.pdf
LinkedIn-Cybersecurity-Assessment-Badge_010523.pdf
20230515-Certifications-Michael-Speller-compr_160523.pdf
Completed-Education-Content_210523.pdf
Master-Cybersecurity-Management_210523.pdf
CERT-michael-Speller-Info-Sec-komprimiert_160623.pdf
Environmental-Social-and-Governance-ESG_290623.pdf
Algorithmic-Auditing-and-Continuous-Monitoring_171023.pdf
profil-m-speller-2023-12_011223.pdf
Prime-Contractors-and-3rd-Party-Risks-in-Your-Value-Chain-LinkedIn_101223.pdf
What-s-your-strategy-during-an-audit-present-Self-Identified-Issues-SII_101223.pdf
OSI-Audit-komprimiert_151223.pdf
OSI-IT-Compliance-Audit-Process-and-response-defense-german_161223.pdf
Wind-of-change-IT-Compliance-Consulting-XII-2023_221223.pdf
DORA-und-das-Fremd-Personal-Dilemma-der-Finanzbranche-in-DE_170124.pdf
Cloud-Security-and-Audit-Fundamentals-AWS-Microsoft-Azure-and-Google-Cloud_040224.pdf
WS-Certified-Security-Specialty-SCSC02-Cert-Prep-1-Threat-Detection-and-Incident-Response_160224.pdf
LearningPath-Prepare-for-the-AWS-Certified-Security-Specialty-SCSC02-Certification_160224.pdf

Skills

DOCUMENTED WEAKNESS or WEAK DOCUMENTATION is easy prey in AUDITS

With the impending stricter European IT regulations such as #DORA, #NIS2, #ESG, #CER, etc., legal entities, institutions, and their third-party providers are under pressure when it comes to IT compliance audits
● The threat of fines or regulatory actions rises as a result of audits without defense or decent preparation
● The lack of qualified auditors these days often leads to increasing expenses and monetary risks due to formal deficiencies in the procedure
● Quick-hire auxiliaries with a "lead auditor in 5 days" diploma often have no clue about the contractual, formal, or regulatory boundaries of specific types of audits
● Efforts on irrelevant controls may consume many billable hours with no added value
● Efforts on various similar customer-driven audits bind valuable resources and generate costs
● Investigating controls without respect to a special type of audit may lead to losses and irregular fines which only can be cleared in front of a court

WHAT I CAN DO FOR YOU ...
30+ years of multi-disciplinary experience within IT operations in front of a sound legal & regulatory background let me operate with an unbiased approach outside the bounds of internal conflicts of interest or knowledge silos as a sound defense for the auditee

▸ I help you get the PAPERWORK in ORDER (i.e. policies, contracts, minutes, etc.) as they serve as PIECES OF EVIDENCE
▸ I help you prepare a compliant audit policy and charter
▸ I help you build and train an audit response team
▸ I help you prepare a list of self-identified issues (SII) that may be presented before an audit starts
▸ I prepare your human resources for interviews and audit processes
▸ I help you to organize "joint audits" to reduce workloads and increase quality
▸ I teach your organization how to take a profit from being audited
▸ I get auditors back on track once they get lost in the jungle of regulations or conflicts of interest

Let me help you to establish a regulatory-sound audit response organization covering relevant and critical processes, policies, instructions, and demands by treating auditors, etc. as "special clients" deserving of "customized services"!

⌛ The question is NOT IF, BUT WHEN the next audit challenge is at your door
? ROLLING DICE once a year and ticking some GRC checkboxes will no longer be sufficient
? Get back in the lead and let me help you turn costly re-acting into compliant pro-acting
☑ Get compensation for serving your customers´ audit obligations, i.e. solving their issues
☎ Let´s get in contact!


Skills / Experiences:
  • IT-Governance and Risk-Management in EU financial sector
  • Up-to-date knowledge of regulatory requirements (e.g. DORA, EBA, EIOPA, BaFin, etc.) - CLOUD, OUTSOURCING, 
  • Supplier Qualification, Governance and Risk Management
  • Requirements for IT operations and IT outsourcing from EU / DE- regulatory framework (EBA, ECB, DE-BaFin, GB-FCA, ÖNB, DNB, MAS etc. esp. MaRisk, BAIT / VAIT, KRITIS, GDPR , NIS-RL, EnWG, KWG, VAG, etc.)
  • Monitoring of special audits by ECB, Bundesbank, BaFin, FCA, et al.
  • Overview IT and Outsourcing Regulation in Finance and Insurance EU, US, ASIA
  • Reorganization and consolidation of providers
  • Validation of exit strategies
  • E2E sub-business chains transparency
  • Contract management and negotiation
  • IT Outsourcing Methods (Make-or-Buy, RfP, RfQ, Negotiation, Transition, Transformation, Governance, Processes, Risk Management, Claim Management, Exit, etc.)
  • IT and data governance (classification, quality, security, protection requirements, risks)
  • Smart Contracts / Blockchain / Distributed Ledger Outsourcing Technologies
  • Order processing / techn. organizational measures (BDSG / EUDSGVO, MaRisk, etc.)

Education:
1984 graduation
1986 - 1991: German Law studies
1990 - 1993: Studies of Business Administration (Orga / BWL)
1991 - 1992: Various Novell courses
1993: Novell courses CNE 3
1996: Novell Courses CNE 4 (NDS Design)
1997: HP - Courses HPUX Unix - Basics (SHELLs, SAM, etc.)
1998: Various IT Management courses:
                   -Project
                   -Verhandlungsstrategieen
                   -Moderation
1998: Microsoft Total Cost of Ownership
1998 - 1999: Microsoft courses MCP / MCSE
1999: Novell Courses CNE 5 (Networking Techn., Admin., Adv. Admin.)
1999 - 2003: (Distance) study: Information and Communication Management
2000: Microsoft Windows 2000 Professional (Deployment and AD)
2001: ITIL Service Management Foundation
2003: ITIL Service Manager Certification
2004: PRINCE2
2005: COBIT basics
2008: COBIT 4.1 update
2009: Scrum courses (PO, SM)
2011: course Compliance Management
2012: Certified Certified Outsourcing Professional (COP)
2015: Certification Business Coach and Trainer (IHK)
2016: Scrum (PO, SM) certification
2021: CRCM (EU) Certified Regulatory Compliance Manager
2021: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities)
  • Jul 2021 - CISA 1 - Auditing Information Systems for IS Auditors
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2021 - CISA 2 - Information Technology Governance and Management for IS Auditors
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2021 - CISA 3 - Information Technology Life Cycle for IS Auditors
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2021 - CISA 4 - IT Operations, Maintenance, and Service Delivery for IS Auditors
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Oct 2021 - Audit and Due Diligence: Priorities and Best Practices
    Skills: Information Security Management · Information Security · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Oct 2021 - CCSP: 1 Cloud Concepts, Architecture, and Design
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Oct 2021 - CCSP: 6 Legal, Risk, and Compliance
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Oct 2021 - Certified Analytics Professional (CAP): Domains 5–7
    Skills: Information Security Management · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Nov 2021 - Adaptive Project LeadershipAdaptive Project Leadership
    Skills: Operational Risk ManagementSkills: Operational Risk Management
  • Nov 2021 - Digital TransformationDigital Transformation
    Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management
  • Nov 2021 - Executive LeadershipExecutive Leadership
    Skills: Operational Risk Management
  • Nov 2021 - Risk Management for IT and Cybersecurity Managers
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Nov 2021 - SSCP: 4 Incident Response and Recovery
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Nov 2021 - The New Age of Risk Management Strategy for Business
    Skills: Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management

2022: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
  • Jul 2022 - Microsoft Azure Security Technologies (AZ-500) Cert: 1 Manage Identity and Access
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 1 Core Concepts
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 4 Understanding Microsoft Security and Compliance Capabilities
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Jul 2022 - Office 365: Implement Networking and Security (Office 365/Microsoft 365)
    Skills: Information Security Management · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Operational Risk Management
  • Jul 2022 - Top 10 Security Features to Enable within Microsoft 365
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management
  • Aug 2022 - Microsoft 365: Health and Security
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
  • Aug 2022 - Microsoft 365: Implement Security and Threat Management
    Skills: Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Aug 2022 - Microsoft 365: Manage Governance and Compliance
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Data Governance · Regulatory Audits · IT Audit · Risk Management · Internal Audits
2023: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
  • Apr 2023 - Advanced Microservices: Tactical Forking
    Skills: Enterprise Architecture · Cloud Computing · Risk Management
  • Apr 2023 - Building and Auditing a Cybersecurity Program
    Skills: Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
  • Apr 2023 - CCSK Cert: 1 Cloud Architecture
    Skills: Information Security Management · Cloud Computing · Cloud Security · IT Audit · Risk Management
  • Apr 2023 - CCSK Cert: 2 Infrastructure Security for Cloud
    Skills: Information Security Management · Infrastructure Security · Cloud Computing · IT Audit · Risk Management
  • Apr 2023 - CIPP/US Cert: 1 U.S. Privacy Environment
    Skills: Information Security Management · Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Apr 2023 - Cloud Architecture: Advanced Concepts
    Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Apr 2023 - Cloud Architecture: Core Concepts
    Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Apr 2023 - Cloud Security Architecture for the Enterprise
    Skills: Enterprise Architecture · Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Apr 2023 - Cybersecurity Foundations
    Skills: Cybersecurity
  • Apr 2023 - Ethics in Information SecurityEthics in Information Security
    Skills: Information Security · IT Audit · Computer Ethics
  • Apr 2023 - IT Security Foundations: Core Concepts
    Skills: IT Audit · IT Security Operations
  • Apr 2023 - IT and Cybersecurity Risk Management Essential Training
    Skills: IT Risk Management · Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
  • Apr 2023 - Computer Forensics
    Skills: Computer Forensics · Cloud Computing · IT Audit
  • Apr 2023 - Learning Threat Modeling for Security Professionals
    Skills: Threat Modeling · Cloud Computing · IT Audit
  • Apr 2023 - Learning Vulnerability ManagementLearning Vulnerability Management
    Skills: Cloud Computing · IT Audit · Vulnerability Management
  • Apr 2023 - Practical Cybersecurity for IT Professionals
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
  • Apr 2023 - Scaling Your Cybersecurity and Privacy Program
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
  • Apr 2023 - Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes
    Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
  • Apr 2023 - Soft Skills for Information Security Professionals
    Skills: Information Security · IT AuditSkills: Information Security · IT Audit
  • Apr 2023 - Using SABSA to Architect Cloud Security
    Skills: Information Security Management · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits

Project history

Certifications

Alle aktuellen 340+ Zertifizierungen auf einen Blick
2021

Local Availability

Only available for remote work
Remote preferred

Recommendations

Black Griffin Limited
Director
"Herr Speller ist der führende Spezialist im Bereich Cloud, Outsourcing und Regulatorik für Banken und Versicherungen. Besonders hervorheben lässt sich außerdem, dass Herr Speller in Bezug auf Verhandlungsführung mit Cloud Service Providern exzellente Ergebnisse für unsere Kunden und Partner erzielt. Ich möchte mich herzlich für die sehr gute und partnerschaftliche Zusammenarbeit bedanken."
Profileimage by MichaelGeorg Speller Regulatory IT Compliance | DORA/RTS, NIS2, etc. | Auditor | DueDiligence | Policy Writer from StGallen IT Audit Defense | Regulatory GRC | CyberSecurity | 3rdPartyRisks
Register