Recommended expert

Hussam Greg

Consultant

Hussam Greg
Bad Honnef, Germany

Experience

Mar 2024 - Present
1 year 11 months

Consultant

Insurance company

  • Conducting gap analyses and optimizing the documented framework
  • Adapting templates for identification, risk analysis, and due diligence
  • Supporting departments in conducting risk analyses
  • Tracking results and ensuring data quality
  • Enhancing and optimizing the Outsourcing Control Report (OCR) as a management and monitoring tool
  • Developing and introducing an automated concept for concentration risk
  • Conducting a gap analysis on DORA regarding regulatory requirements
Jan 2023 - Mar 2024
1 year 3 months

Project manager & consultant

Mid-sized bank

  • Analyzing and closing findings after a §44 special audit under the KWG and implementing requirements from MaRisk, BAIT, and DORA
  • Conducting a gap analysis between the Bundesbank's findings and the current state of outsourcing management
  • Developing policies, work instructions, and manuals
  • Coordinating with relevant stakeholders in procurement and provider management
  • Reporting to the steering committee
Mar 2022 - Dec 2022
10 months

Consultant

Large bank

  • Redesigning outsourcing management, performing outsourcing analyses (classification, risk analysis, and contract reviews), and addressing OSI findings at a systemically important bank
  • Analyzing audit reports from the Bundesbank and internal audit
  • Developing and aligning an implementation plan with relevant stakeholders
  • Adjusting or expanding outsourcing policies and procedures to meet EBA/GL/2019/02, MaRisk, BAIT, and DORA requirements
  • Redesigning processes, tools, and manuals for the outsourcing process
  • Analyzing and reclassifying existing outsourcing contracts
  • Conducting gap analyses between existing contracts and the requirements of the EBA guidelines on outsourcing
  • Performing risk analyses and coordinating with key functions
Dec 2021 - May 2022
6 months

Senior consultant

Large investment management company

  • Managing the outsourcing process (from classification to exit strategy)
  • Responsible for communication with external clients regarding the outsourcing of IT infrastructure to Microsoft Azure
  • Creating cloud risk assessments for each application outsourced to Microsoft Cloud (IaaS and PaaS)
  • Creating an outsourcing risk report for the IT infrastructure migration to Microsoft Azure
  • Conducting risk analyses and defining mitigation measures, focusing on information security and data protection
  • Performing security controls and creating a list of target measures according to ISO 27001
  • Drafting client letters for approval of the outsourcing and answering follow-up questions, especially on U.S. data protection and information security laws
  • Analyzing contractual agreements, deriving controls, and designing a Cloud Control Matrix
Oct 2021 - Jun 2022
9 months

Senior consultant

Large reinsurer

  • Conducting a current-state analysis of processes, policies, and tools, and defining the target state
  • Revising the documented framework, creating policies, and introducing new tools (including BIA, risk analysis for outsourcing and third-party IT sourcing, target measures catalogue)
  • Performing risk analysis for existing and new outsourcing (identification, risk analysis, materiality assessment, due diligence, exit strategies)
  • Identifying contract gaps according to MaRisk AT 9 and the EBA outsourcing guidelines and defining measures to ensure contract compliance
  • Conducting business impact analysis (BIA) and protection needs analysis (SBA) for all processes and IT resources
  • Supporting external audits and deriving and implementing measures to close open findings in outsourcing management, information security, emergency management, and IT
  • Establishing outsourcing monitoring and completing the outsourcing register
Mar 2021 - Dec 2022
1 year 10 months

Consultant

Major Bank

  • Conducted a gap analysis between the current state and the relevant regulatory requirements (EBA guidelines, MaRisk and BAIT, as well as international standards like ISO-22301) for BCM
  • Analyzed the OSI report (On Site Inspection) of the ECB and identified areas for action
  • Created an implementation plan including measures and managed the implementation
  • Developed the BCM policy, established a new method for conducting the BIA, and introduced a BIA template
  • Introduced the Risk Impact Analysis (RIA) and designed a scenario analysis for unexpected service provider outages
  • Defined requirements for ITSCM and critical service providers regarding BCM and IT emergency management
  • Created a contract template to agree on BCM and IT emergency management requirements with service providers and conducted contract negotiations
  • Supported the execution of the BIA for all processes and coordinated with business units
Mar 2021 - Sep 2021
7 months

Consultant

Major Reinsurer

  • Designed the use cases taking into account customers, AI providers, and other service providers
  • Derived the compliance requirements for all involved parties
  • Held workshops with customers and AI providers, evaluated feedback, and adjusted the use cases
  • Created templates, process descriptions, and contract checklists
  • Advised management on strategic decisions regarding contract design and collaboration with customers and AI providers
Nov 2020 - Nov 2021
1 year 1 month

Consultant

Large State Bank

  • Developed a group outsourcing policy and all tools/templates for group entities
  • Regularly conducted workshops and status meetings with group entities, managed implementation, and reported to the steering committee
  • Optimized reporting to central outsourcing management for outsourcing risk and service quality and prepared reports for the executive board
  • Provided operational support for validating outsourcing analyses (identification and risk analyses)
  • Designed and implemented regular reporting
  • Conducted a gap analysis on ESMA guidelines for outsourcing to cloud service providers and closed identified gaps
  • Analyzed existing contracts for material outsourcing and supported the first line of defense in contract negotiations with existing service providers
  • Optimized interfaces with BCM/ISM regarding contract requirements, reporting, and risk analyses
  • Created, aligned, and rolled out an institution-wide contract management policy
  • Developed control plans and templates and conducted sample-based and risk-oriented controls in business units
Oct 2020 - May 2022
1 year 8 months

Consultant

Mid-sized Bank

  • Performed a gap analysis between the 2021 BAIT update and the current state of information security management in the bank, and identified gaps and defined measures
  • Updated the documented framework, processes, and relevant systems
  • Operationalized control activities and provided operational support in conducting controls and reporting
  • Ensured the quality of protection needs analyses and evaluated the measures and residual risks
  • Established a catalog of required security measures according to ISO 27001 and defined security measures for each IT resource
  • Conducted a gap risk analysis and defined technical and organizational measures
  • Further developed the deployed GRC tool, Forum Suite
Jun 2020 - Oct 2020
5 months

Consultant

Mid-sized Financial Services Provider

  • Analyzed group-internal outsourcing guidelines, their regulatory requirements, and relevant audit findings
  • Created a sourcing policy, set up outsourcing governance, and defined relevant roles
  • Defined outsourcing processes for all outsourcing activities, third-party IT procurements, and other third-party procurements
  • Defined the outsourcing process including roles, outputs, and RACI matrices
  • Documented existing outsourcing arrangements and established an outsourcing register
  • Prepared analyses for existing contracts (outsourcing identification, materiality analysis, risk assessment, materiality evaluation, conflicts of interest, due diligence, exit strategy, contract checklist)
May 2020 - Aug 2020
4 months

Consultant

FinTech

  • Identification, structuring and presentation of the relevant regulatory requirements for outsourcing management
  • Analysis of organizational structures, current external relationships and service providers
  • Creation of a gap analysis between regulatory requirements and the status quo
  • Identification of all outsourcing relationships and creation of an outsourcing register
  • Creation of all analysis tools for outsourcing identification, materiality analysis, risk assessment, materiality evaluation, due diligence and conflict of interest management
  • Conducting analyses of existing outsourcing arrangements and adding them to the outsourcing register
  • Setting up outsourcing governance and the organizational structure in outsourcing management according to the Three Lines of Defense model
Oct 2019 - Mar 2020
6 months

Consultant

Große Landesbank

  • Analysis and definition of requirements from BAIT, MaRisk and EBA guidelines for outsourcing management
  • Establishment of a new method for identifying, assessing and managing risks in provider management
  • Introduction of relevant Key Risk Indicators (KRIs) on system risks, information security, data protection, business continuity management (BCM), commercial risks, audit findings, IT outsourcing contract and IT production stability
  • Analysis and optimization of IT processes with service providers

Summary

Experienced consultant on DORA and digital resilience topics. Many years of experience advising on analyzing and implementing regulatory requirements (DORA, MaRisk, BAIT, VAIT, MaGo, EBA guidelines, cloud guidelines) and introducing digital solutions for outsourcing management, contract management, information security, and business continuity management. Led projects and reported to the executive board and regulatory authorities as part of remediating findings after Section 44 audits.

Skills

  • Leno

  • Ms Office

  • Vba

  • Figma

  • Jira

  • Confluence

  • Banks

  • Insurance Companies

  • Investment Management Companies

  • Crypto Custodians

  • Ai Providers

Languages

German
Native
English
Advanced

Education

Otto-Friedrich University of Bamberg

Master of Science, Business Administration · Business Administration · Bamberg, Germany

Otto-Friedrich University of Bamberg

Bachelor of Science, Business Administration · Business Administration · Bamberg, Germany

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Michael Schwendemann
Michael Schwendemann

Compliance Consultant

View Profile
Federico Leefhelm
Federico Leefhelm

ISO – Senior Consultant Quality & Information Security

View Profile
Zoran Jovanovic
Zoran Jovanovic

Senior IT PM & Governance & Operational Resilience Consultant | Financial Services

View Profile
Markus Marschollek
Markus Marschollek

Project Manager / Senior Consultant (multiple projects)

View Profile
Christine Mährle
Christine Mährle

Management Consultant

View Profile
Michael Speller
Michael Speller

Bridging Law, ICT-Operations & Best Practices

View Profile
Dmitrii Shatov
Dmitrii Shatov

IT Regulatory Compliance & GRC (BCM, IT Risk, DORA, ISO 22301, Outsourcing)

View Profile
Alexander Sänn
Alexander Sänn

Owner and Managing Director

View Profile
Robert Francia
Robert Francia

Interim Project Manager

View Profile
Sascha Englert
Sascha Englert

Lead Business Analyst and Project Manager (Consultant)

View Profile
Natascha Kluike
Natascha Kluike

Business Analyst DORA and System Architecture

View Profile
Fabian Flock
Fabian Flock

OT Security Champion Europe

View Profile
Julian Voje
Julian Voje

Project Lead Change the Bank

View Profile
Klaus Schmitt
Klaus Schmitt

IT Project Manager and Senior Consultant

View Profile
Michael Thiemann
Michael Thiemann

Advisor

View Profile
Oliver Frömel
Oliver Frömel

Senior IT Enterprise Security Architect | Project Bank Migration

View Profile
Christian Gebhardt
Christian Gebhardt

Deputy Chief Information Security Officer

View Profile
Nikolaus Betzler
Nikolaus Betzler

ICT Risk Management and Information Security

View Profile
Achim Klein
Achim Klein

Portfolio Manager, Consultant, Leadership Coach

View Profile
Károly Aczél
Károly Aczél

NIS2 & Risk Strategy Consultant

View Profile
Luca Pacor
Luca Pacor

ERP Program Manager

View Profile
Thomas Müller
Thomas Müller

Chief Risk Officer, Member of the Executive Board

View Profile
Yann Kissel
Yann Kissel

Freelance Management Consultant

View Profile
Volker Jung
Volker Jung

Interim CISO (Germany, Austria, US, APAC), Auditor

View Profile
Christian Schmitt
Christian Schmitt

Operation Manager

View Profile
Michael Vogelbacher
Michael Vogelbacher

AI Project Management and Governance Setup

View Profile
Axel Zimmermann
Axel Zimmermann

Project Manager

View Profile
Lucas Löcken
Lucas Löcken

Consultant in Information Security, Data Protection and Business Continuity Management

View Profile
Thomas Ullrich
Thomas Ullrich

Senior Consultant / PM Infrastructure Services & Workplace Migration

View Profile
Dirk Meissner
Dirk Meissner

Project Manager AOS

View Profile