Keywords
Outsourcing
EBA Outsourcing Regulation
EBA Risk Management regulation
FAC regulation
MAS IT outsourcing regulation (Singapore)
BaFin MaRisk
BAIT
MaGo
VAIT
Banking Supervision
EBA Risk Assessment regulation
EBA Governance regulation
Audit experience
German KWG
Regulatory Compliance
provider qualificaton
Contract Management
IT contract negotiation
Organisational Change Management
EU banking supervision
Skills
DOCUMENTED WEAKNESS or WEAK DOCUMENTATION is easy prey in AUDITS
With the impending stricter European IT regulations such as #DORA, #NIS2, #ESG, #CER, etc., legal entities, institutions, and their third-party providers are under pressure when it comes to IT compliance audits
● The threat of fines or regulatory actions rises as a result of audits without defense or decent preparation
● The lack of qualified auditors these days often leads to increasing expenses and monetary risks due to formal deficiencies in the procedure
● Quick-hire auxiliaries with a "lead auditor in 5 days" diploma often have no clue about the contractual, formal, or regulatory boundaries of specific types of audits
● Efforts on irrelevant controls may consume many billable hours with no added value
● Efforts on various similar customer-driven audits bind valuable resources and generate costs
● Investigating controls without respect to a special type of audit may lead to losses and irregular fines which only can be cleared in front of a court
WHAT I CAN DO FOR YOU ...
30+ years of multi-disciplinary experience within IT operations in front of a sound legal & regulatory background let me operate with an unbiased approach outside the bounds of internal conflicts of interest or knowledge silos as a sound defense for the auditee
▸ I help you get the PAPERWORK in ORDER (i.e. policies, contracts, minutes, etc.) as they serve as PIECES OF EVIDENCE
▸ I help you prepare a compliant audit policy and charter
▸ I help you build and train an audit response team
▸ I help you prepare a list of self-identified issues (SII) that may be presented before an audit starts
▸ I prepare your human resources for interviews and audit processes
▸ I help you to organize "joint audits" to reduce workloads and increase quality
▸ I teach your organization how to take a profit from being audited
▸ I get auditors back on track once they get lost in the jungle of regulations or conflicts of interest
Let me help you to establish a regulatory-sound audit response organization covering relevant and critical processes, policies, instructions, and demands by treating auditors, etc. as "special clients" deserving of "customized services"!
⌛ The question is NOT IF, BUT WHEN the next audit challenge is at your door
? ROLLING DICE once a year and ticking some GRC checkboxes will no longer be sufficient
? Get back in the lead and let me help you turn costly re-acting into compliant pro-acting
☑ Get compensation for serving your customers´ audit obligations, i.e. solving their issues
☎ Let´s get in contact!
Skills / Experiences:
Education:
1984 graduation
1986 - 1991: German Law studies
1990 - 1993: Studies of Business Administration (Orga / BWL)
1991 - 1992: Various Novell courses
1993: Novell courses CNE 3
1996: Novell Courses CNE 4 (NDS Design)
1997: HP - Courses HPUX Unix - Basics (SHELLs, SAM, etc.)
1998: Various IT Management courses:
-Project
-Verhandlungsstrategieen
-Moderation
1998: Microsoft Total Cost of Ownership
1998 - 1999: Microsoft courses MCP / MCSE
1999: Novell Courses CNE 5 (Networking Techn., Admin., Adv. Admin.)
1999 - 2003: (Distance) study: Information and Communication Management
2000: Microsoft Windows 2000 Professional (Deployment and AD)
2001: ITIL Service Management Foundation
2003: ITIL Service Manager Certification
2004: PRINCE2
2005: COBIT basics
2008: COBIT 4.1 update
2009: Scrum courses (PO, SM)
2011: course Compliance Management
2012: Certified Certified Outsourcing Professional (COP)
2015: Certification Business Coach and Trainer (IHK)
2016: Scrum (PO, SM) certification
2021: CRCM (EU) Certified Regulatory Compliance Manager
2021: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities)
2022: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
With the impending stricter European IT regulations such as #DORA, #NIS2, #ESG, #CER, etc., legal entities, institutions, and their third-party providers are under pressure when it comes to IT compliance audits
● The threat of fines or regulatory actions rises as a result of audits without defense or decent preparation
● The lack of qualified auditors these days often leads to increasing expenses and monetary risks due to formal deficiencies in the procedure
● Quick-hire auxiliaries with a "lead auditor in 5 days" diploma often have no clue about the contractual, formal, or regulatory boundaries of specific types of audits
● Efforts on irrelevant controls may consume many billable hours with no added value
● Efforts on various similar customer-driven audits bind valuable resources and generate costs
● Investigating controls without respect to a special type of audit may lead to losses and irregular fines which only can be cleared in front of a court
WHAT I CAN DO FOR YOU ...
30+ years of multi-disciplinary experience within IT operations in front of a sound legal & regulatory background let me operate with an unbiased approach outside the bounds of internal conflicts of interest or knowledge silos as a sound defense for the auditee
▸ I help you get the PAPERWORK in ORDER (i.e. policies, contracts, minutes, etc.) as they serve as PIECES OF EVIDENCE
▸ I help you prepare a compliant audit policy and charter
▸ I help you build and train an audit response team
▸ I help you prepare a list of self-identified issues (SII) that may be presented before an audit starts
▸ I prepare your human resources for interviews and audit processes
▸ I help you to organize "joint audits" to reduce workloads and increase quality
▸ I teach your organization how to take a profit from being audited
▸ I get auditors back on track once they get lost in the jungle of regulations or conflicts of interest
Let me help you to establish a regulatory-sound audit response organization covering relevant and critical processes, policies, instructions, and demands by treating auditors, etc. as "special clients" deserving of "customized services"!
⌛ The question is NOT IF, BUT WHEN the next audit challenge is at your door
? ROLLING DICE once a year and ticking some GRC checkboxes will no longer be sufficient
? Get back in the lead and let me help you turn costly re-acting into compliant pro-acting
☑ Get compensation for serving your customers´ audit obligations, i.e. solving their issues
☎ Let´s get in contact!
Skills / Experiences:
- IT-Governance and Risk-Management in EU financial sector
- Up-to-date knowledge of regulatory requirements (e.g. DORA, EBA, EIOPA, BaFin, etc.) - CLOUD, OUTSOURCING,
- Supplier Qualification, Governance and Risk Management
- Requirements for IT operations and IT outsourcing from EU / DE- regulatory framework (EBA, ECB, DE-BaFin, GB-FCA, ÖNB, DNB, MAS etc. esp. MaRisk, BAIT / VAIT, KRITIS, GDPR , NIS-RL, EnWG, KWG, VAG, etc.)
- Monitoring of special audits by ECB, Bundesbank, BaFin, FCA, et al.
- Overview IT and Outsourcing Regulation in Finance and Insurance EU, US, ASIA
- Reorganization and consolidation of providers
- Validation of exit strategies
- E2E sub-business chains transparency
- Contract management and negotiation
- IT Outsourcing Methods (Make-or-Buy, RfP, RfQ, Negotiation, Transition, Transformation, Governance, Processes, Risk Management, Claim Management, Exit, etc.)
- IT and data governance (classification, quality, security, protection requirements, risks)
- Smart Contracts / Blockchain / Distributed Ledger Outsourcing Technologies
- Order processing / techn. organizational measures (BDSG / EUDSGVO, MaRisk, etc.)
Education:
1984 graduation
1986 - 1991: German Law studies
1990 - 1993: Studies of Business Administration (Orga / BWL)
1991 - 1992: Various Novell courses
1993: Novell courses CNE 3
1996: Novell Courses CNE 4 (NDS Design)
1997: HP - Courses HPUX Unix - Basics (SHELLs, SAM, etc.)
1998: Various IT Management courses:
-Project
-Verhandlungsstrategieen
-Moderation
1998: Microsoft Total Cost of Ownership
1998 - 1999: Microsoft courses MCP / MCSE
1999: Novell Courses CNE 5 (Networking Techn., Admin., Adv. Admin.)
1999 - 2003: (Distance) study: Information and Communication Management
2000: Microsoft Windows 2000 Professional (Deployment and AD)
2001: ITIL Service Management Foundation
2003: ITIL Service Manager Certification
2004: PRINCE2
2005: COBIT basics
2008: COBIT 4.1 update
2009: Scrum courses (PO, SM)
2011: course Compliance Management
2012: Certified Certified Outsourcing Professional (COP)
2015: Certification Business Coach and Trainer (IHK)
2016: Scrum (PO, SM) certification
2021: CRCM (EU) Certified Regulatory Compliance Manager
2021: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities)
- Jul 2021 - CISA 1 - Auditing Information Systems for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2021 - CISA 2 - Information Technology Governance and Management for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2021 - CISA 3 - Information Technology Life Cycle for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2021 - CISA 4 - IT Operations, Maintenance, and Service Delivery for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Oct 2021 - Audit and Due Diligence: Priorities and Best Practices
Skills: Information Security Management · Information Security · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Oct 2021 - CCSP: 1 Cloud Concepts, Architecture, and Design
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Oct 2021 - CCSP: 6 Legal, Risk, and Compliance
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Oct 2021 - Certified Analytics Professional (CAP): Domains 5–7
Skills: Information Security Management · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Nov 2021 - Adaptive Project LeadershipAdaptive Project Leadership
Skills: Operational Risk ManagementSkills: Operational Risk Management - Nov 2021 - Digital TransformationDigital Transformation
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management - Nov 2021 - Executive LeadershipExecutive Leadership
Skills: Operational Risk Management - Nov 2021 - Risk Management for IT and Cybersecurity Managers
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Nov 2021 - SSCP: 4 Incident Response and Recovery
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Nov 2021 - The New Age of Risk Management Strategy for Business
Skills: Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
2022: Bachelor of Science - ECTS-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
- Jul 2022 - Microsoft Azure Security Technologies (AZ-500) Cert: 1 Manage Identity and Access
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 1 Core Concepts
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 4 Understanding Microsoft Security and Compliance Capabilities
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Jul 2022 - Office 365: Implement Networking and Security (Office 365/Microsoft 365)
Skills: Information Security Management · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Operational Risk Management - Jul 2022 - Top 10 Security Features to Enable within Microsoft 365
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management - Aug 2022 - Microsoft 365: Health and Security
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management - Aug 2022 - Microsoft 365: Implement Security and Threat Management
Skills: Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Aug 2022 - Microsoft 365: Manage Governance and Compliance
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Data Governance · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Advanced Microservices: Tactical Forking
Skills: Enterprise Architecture · Cloud Computing · Risk Management - Apr 2023 - Building and Auditing a Cybersecurity Program
Skills: Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity - Apr 2023 - CCSK Cert: 1 Cloud Architecture
Skills: Information Security Management · Cloud Computing · Cloud Security · IT Audit · Risk Management - Apr 2023 - CCSK Cert: 2 Infrastructure Security for Cloud
Skills: Information Security Management · Infrastructure Security · Cloud Computing · IT Audit · Risk Management - Apr 2023 - CIPP/US Cert: 1 U.S. Privacy Environment
Skills: Information Security Management · Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Apr 2023 - Cloud Architecture: Advanced Concepts
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Apr 2023 - Cloud Architecture: Core Concepts
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Apr 2023 - Cloud Security Architecture for the Enterprise
Skills: Enterprise Architecture · Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Apr 2023 - Cybersecurity Foundations
Skills: Cybersecurity - Apr 2023 - Ethics in Information SecurityEthics in Information Security
Skills: Information Security · IT Audit · Computer Ethics - Apr 2023 - IT Security Foundations: Core Concepts
Skills: IT Audit · IT Security Operations - Apr 2023 - IT and Cybersecurity Risk Management Essential Training
Skills: IT Risk Management · Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity - Apr 2023 - Computer Forensics
Skills: Computer Forensics · Cloud Computing · IT Audit - Apr 2023 - Learning Threat Modeling for Security Professionals
Skills: Threat Modeling · Cloud Computing · IT Audit - Apr 2023 - Learning Vulnerability ManagementLearning Vulnerability Management
Skills: Cloud Computing · IT Audit · Vulnerability Management - Apr 2023 - Practical Cybersecurity for IT Professionals
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity - Apr 2023 - Scaling Your Cybersecurity and Privacy Program
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity - Apr 2023 - Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits - Apr 2023 - Soft Skills for Information Security Professionals
Skills: Information Security · IT AuditSkills: Information Security · IT Audit - Apr 2023 - Using SABSA to Architect Cloud Security
Skills: Information Security Management · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
Project history
Certifications
Local Availability
Only available for remote work
Remote preferred