Senior Manager focusing on IT- Compliance, IT-Audit and SAP-Security/GRC not available until 03/31/2022

Senior Manager focusing on IT- Compliance, IT-Audit and SAP-Security/GRC

not available until 03/31/2022
Profileimage by Anonymous profile, Senior Manager mit Focus auf Agile Projekte, IT-Transformationen und IT/SAP-Security & GRC
  • 20257 Hamburg Freelancer in
  • Graduation: Diplom-Kaufmann (German MBA)
  • Hourly-/Daily rates:
  • Languages: German (Native or Bilingual) | English (Native or Bilingual) | French (Elementary)
  • Last update: 18.04.2021
KEYWORDS
PROFILE PICTURE
Profileimage by Anonymous profile, Senior Manager mit Focus auf Agile Projekte, IT-Transformationen und IT/SAP-Security & GRC
ATTACHMENTS
CV Englisch

You need an account to view this information.

CV Deutsch

You need an account to view this information.

Referenzen

You need an account to view this information.

SKILLS
Senior Manager with more than 13 years of experience in a Big-4 consultancy [PwC], across different regions, like Germany, the Netherlands, and the United Kingdom. Track Record for successful large-scale transformation projects for international key clients from the DAX30, MDAX, FTSE100, and DJII context. 

Focus Areas:
  • Complex IT-Governance Projects
  • Project-Lead Agile / Waterfall
  • IT-Security, IT-Audit, and IT-Compliance
  • CISO Strategy Consulting
  • SAP- Security (incl.GRC and IAM), as part of S4/HANA implementation projects
PROJECT HISTORY
  • 04/2020 - 02/2021

    • FTSE 100 Retailer
    • >10.000 employees
    • Consumer goods and retail
  • SAP Security / GRC Lead
  • Led a team of four FTEs for delivering SAP security to support the successful execution of a carve-out project. Devised and implemented a robust security strategy with policy adherence to manage compliance, reduce risks, and setup a secure and efficient authorization concept. Achieved SOX compliance for a TSA time remaining part of the group.

    • Introduced a comprehensive SOx framework for ITGC and business controls with an aim to reduce operational errors and fraudulent practices.
    • Established fully compliant work culture from day-1 by executing policies, developing documentation, and spearheading training for newly hired IT process owners.
    • Played an anchor role in the access separation for four legacy SAP ECC systems.
    • Oversaw GRC software selection for access and process controls, while leading design and execution of SAP access controls for a newly deployed SAP S4/HANA system.

  • 06/2019 - 02/2020

    • Royal Dutch Shell Plc
    • >10.000 employees
    • Energy, water and environment
  • Product Owner Lines of Defense Implementation
    • Strategically positioned as a Project Manager and lead SME for establishing a “Lines of Defence” model as a compliance standard for the IT-function.
    • Successfully steered 1.5 years’ long agile initiative, surrounding all three phases of LOD models from operational risk management (LOD1) to information risk management, assurance, and policies, and then to internal/external audit.
    • Carried out stakeholder workshops for the risk management use cases ‘privacy-by-design’, ‘security-by-design’, ‘IT controls management’, and ‘year-end audit cycle’.
    • Drove adoption across the IT function and brought people and cultural change by implementing continuous improvement initiatives and stakeholder trainings.

  • 02/2019 - 05/2019

    • Royal Dutch Shell Plc
    • >10.000 employees
    • Energy, water and environment
  • Project Lead LOD2 Testing Guideline Implemenation
    • Led a PwC/Client team (based in Bangalore) by defining a newly introduced IT control testing methodology as per the latest ISO 2700X, Cobit5, and SOx standards.
    • Defined the testing approach for multiple application security levels (Business /IT-managed: Non-SOx, FCM, SOx). Evaluated design and operating effectiveness of standards for RPA testing.
    • Earned reputation as a business change manager and a coach; improved knowledge of LoD2 management testing team in Bangalore through effective training and guidance.

  • 11/2017 - 02/2019

    • Royal Dutch Shell Plc
    • >10.000 employees
    • Energy, water and environment
  • Project Lead, IT-Control, Remediation and SOx Advisory
    • Guided a Shell/PwC team for managing a major project aimed at addressing IT security and compliance challenges in the year-end assurance cycle.
    • Analyzed and fixed/controlled control gaps and failures to minimize security incidents and potential audit deficiencies. Defined past-error investigation and discussed results/recommendations with external auditors.
    • Identified landscape security threats, and improved the ITSM in line with ISO 27001 and NIST 800
    • Reinforced security and compliance across a complex IT environment with more than 120 applications in SOx scope, including multiple SAP systems, and varying infrastructure (mainframe, and SQL server).

  • 10/2017 - 05/2018

    • Royal Dutch Shell
  • Interim IT-Security Manager for Enterprise Access Management
    • Oversaw Enterprise Access Management with keen focus on the SAP systems portfolio. Identified and remediated control gaps and incidents (regarding access) by leveraging strong analytical and problem-solving skills.
    • Aligned overall processes across with standard controls, while eliminating discrepancies to improve overall efficiency.

  • 03/2017 - 07/2017

    • PwC GmbH (diverse clients)
    • >10.000 employees
    • Banks and financial services
  • IT- Auditor for ITSM's
    • Reviewed the setup of IT Security Management Systems in line with the standard ISO27001:2013. Carried out a fit/gap analysis against the latest standard and developed a maturity rating per sub-process.
    • Drove improvements in IT security management systems by identifying and filling gaps (in collaboration with clients).

  • 12/2015 - 06/2017

    • Siemens AG / Siemens Healthineers
    • >10.000 employees
    • Industry and mechanical engineering
  • SAP FI-Lead for an SAP S4/HANA implementation
    • Led a geographically dispersed team of five personnel (spread across South Korea, Taiwan, and Japan) for spearheading end-to-end implementation of a global SAP S/4HANA.
    • Managed all phases of a 2.5 years’ long green-field initiative from process design to system build/implementation together with the SI and subsequent roll-out.

  • 02/2016 - 06/2016

    • Global Car Manufacturing Supplier
  • SOx IT-Controls and Business Process implementation SME
    • Oversaw successful execution of a comprehensive SOX framework with effective controls in both the ITGC and business process areas for an acquired manufacturing company.
    • Ensured fully-compliant operations/processes across multiple areas (Revenue, Expenditure, Inventory, Payroll, and Financial Reporting business) by establishing SAP IT general and finance controls.
    • Established IT risk management function in compliance with Lines of Defence standards.

  • 11/2014 - 11/2015

    • Siemens AG / Siemens Healthineers
    • >10.000 employees
    • Industry and mechanical engineering
  • PMO-Lead for a Carve-Out project
    • Designed roadmaps (in liaison with the head of the Planning Office) and led teams for executing the carve-out project across the entire healthcare division.
    • Played a key role in carve-out planning and a lean re-design of 12 corporate functions.

  • 08/2013 - 03/2014

    • Otto Group
    • >10.000 employees
    • Consumer goods and retail
  • Cutover SME as part of a system implementation
    • Headed PwC team to manage the cut-over work-stream for a core ERP upgrade, uplifting a legacy Cobol-system at a global online retailer.
    • Contributed to the cutover planning and led stakeholder awareness workshops with involved functions.

  • 06/2012 - 10/2012

    • Shell Deutschland GmbH
    • >10.000 employees
    • Banks and financial services
  • SOx IT-Controls and ICS auditor
    • Evaluated effectiveness of IT and business controls by planning and leading SOx IT audit. Identified control deficiencies/gaps and provided effective recommendations for remediation formulation.
    • Conducted comprehensive reviews over major system implementations from a SOx and Project Management perspective.

  • 12/2008 - 10/2012

    • PwC GmbH (diverse clients)
    • >10.000 employees
    • Banks and financial services
  • IT- and Process Auditor
    • Evaluated the design and operational effectiveness of IT and finance business controls for a broad range of middle-market clients through external audits.
    • Specialized in assessing controls environments and testing the design and operating effectiveness, for IT and finance business controls.

TIME AND SPATIAL FLEXIBILITY
  • Worked on diverse projects across Europe and the UK
  • Remote preferred, but available for projects preferred.
OTHER
  • Mehr als 13-Jahre Projekterfahrung bei einer Big-4 (PwC) in Deutschland, der Schweiz und zuletzt vier Jahre in London
  • Track-Record bei Grosskunden, unter anderem diverse DAX-30, MDAX, FTSE 100 und Dow Jones listed.
GET IN TOUCH

Message:

Sender:

WEB PRESENCE