Michael Schwendemann

Compliance Consultant

Avatar placeholder
Limassol, Cyprus

Experience

Sep 2024 - Present
1 year 5 months
Lorem ipsum dolor sit amet

Bank-Verlag

  • Setting up outsourcing management
  • Developing a new SfO strategy, policy, and work instruction
  • Creating an outsourcing information register and defining critically important functions and critical service providers
  • Defining SLAs and KPIs
  • Establishing service provider management and conducting external audits
  • Building a conflicts of interest register
  • Setting up due diligence and risk assessments
  • Developing a cloud strategy and AI strategy
  • Establishing a data protection coordinator and creating SfO for data protection
  • Conducting DPIAs and data protection audits
  • Creating technical and organizational measures, data processing agreements, and maintaining the RoPA and RoPA-DP
Sep 2024 - Dec 2024
4 months
Lorem ipsum dolor sit amet

Stuttgarter Versicherung

  • Creating the information register
  • Contract extensions and defining critically important functions and service providers
  • Developing strategy, policy, and process description for third-party management
  • Implementing third-party management
  • Setting up risk assessment processes and due diligence process
  • Role description "Third-Party Manager"
  • Contract reviews and additions of minimum contract contents according to DORA
  • Developing exit planning and exit strategy
  • Handling ICT incidents
Nov 2023 - May 2024
7 months

Compliance Consultant

Zurich Insurance Europe AG

  • Advising on setting up the property insurer in compliance with and implementation of VAIT/DORA requirements
  • Conducting a gap analysis and fully developing the SfO
  • Developing guidelines/policies for all VAIT/DORA topic areas
  • Preparing to determine the information network
  • Developing policies for IAM, information risk management, information security management, and IDV
  • Developing strategy, governance, and policies for critical infrastructure, as well as outsourcing IT services and third-party management
  • Contract adjustments for outsourcing
  • Setting up risk reporting and controlling and mitigating risks
  • Developing IT emergency management and BCM policies with work instructions and process descriptions
  • Providing technical support in setting up Artemeon as a central information register
  • Initial review of the outsourcing register and checking the completeness of the contract database with initial assessment
  • Introducing a tool to capture processes in outsourcing management
  • Creating the information register, risk analysis and evaluation, as well as due diligence
  • Implementing the SfO in the area of outsourcing service provider management
Oct 2022 - Oct 2023
1 year 1 month

Project Manager, IAM Architect

Fondsdepotbank

  • Introducing and restarting an IAM software (ORG by FSP) with monitoring and controlling the project (10 FTE)
  • Stakeholder management at C-level and developing the implementation strategy
  • Creating a new document framework and actively implementing it as a business analyst in IT emergency management, outsourcing IT services, contract management and risk evaluation, as well as information risk management
  • Defining the information network and setting up the IDV process
  • Contract negotiations and tenders
  • Providing technical support for building a central asset register using ServiceNow
  • Optimizing and updating the BCM according to DORA
  • Information security management, critical infrastructures, protection needs analysis, IT inventory, IT operations, and operational information security
  • Controlling the technical implementation while considering dependencies
Jan 2022 - Sep 2022
9 months

Business Analyst

ING Diba AG

  • Supporting the migration to One Identity
  • Data migration from ServiceNow or Ramon to One Identity
  • Setting up roles and individual permissions
  • Supporting HPU accounts and setting up internal control systems as well as monitoring in IAM and IT operations
Dec 2021 - Mar 2022
4 months

Financial Statement Auditor

PWC

  • Performing audit procedures for the annual financial statements
  • Auditing IT strategy, IT governance, information risk management, and information security management
  • Auditing operational information security, identity and access management, as well as IT projects and application development
  • Auditing IT operations, outsourcing management, and identity provider
Oct 2021 - Oct 2024
3 years 1 month

Business Analyst

FI-TS

  • Assisting with internal controls under the ECB program and updating the SfO for new processes and requirements
  • Defining and coordinating KPI reporting with stakeholders
  • Optimizing and documenting access processes as well as reviewing and updating access concepts
  • Checking the completeness of connected components and their documentation, and the integration into Garancy
  • Monitoring SoD conflicts and overseeing the exception and documentation process for SoD conflicts
  • Supporting the implementation of new SoD requirements into the FI-TS structure based on association recommendations
  • Assisting with external audits and special tasks
  • Introducing Garancy and integrating and expanding the ITAB tool (LUY) into the access management processes
  • Supporting and preparing audits (WP, §44 KWG, internal audit, PS951, TÜV, and data protection audits)
  • Implementing the findings from these audits
Apr 2021 - May 2021
2 months

Project Manager

International law firm Hengeler and Müller

  • Pre-study for the introduction of an access management system
  • Drafting the RfP and analyzing the role model to be implemented (RBAC or ABAC)
  • Choosing ABAC
Nov 2020 - Mar 2021
5 months

IT audit auditor at banks in Frankfurt

PWC

  • Performing audit procedures for the annual financial statements
  • Auditing IT strategy, IT governance, information risk management, and information security management
  • Auditing operational information security, identity and access management, as well as IT projects and application development
  • Auditing IT operations, outsourcing management, and identity provider
Jan 2020 - Sep 2021
1 year 9 months

Business Analyst

EEX Leipzig

  • Specifying and implementing a custom IAM solution in compliance with regulatory requirements and a high degree of automation
  • Reviewing and adapting authorization concepts of all relevant applications to regulatory requirements (role model)
  • Implementing an RBAC role model
  • Defining SoD guidelines and implementing a monitoring process for SoD violations, as well as setting up processes to resolve or accept SoD violations
  • Conducting the project using Scrum and Kanban
  • Updating the audit process and the SfO
  • Optimizing and supporting the recertification, ordering, J-M-L, and SoD processes
  • Implementing, securely operating, and continuously enhancing the IAM service
  • Integrating applications into the IAM landscape
  • Designing, implementing, and operating interfaces to other systems
  • Identifying optimization needs regarding regulatory requirements and developing solution options for continuous improvement
  • Defining and implementing the operating model with service providers
  • Foundational work for introducing One Identity and data transfer from the legacy system
  • Accompanying internal and external auditors during audits
  • Creating the protection needs analysis and BIA, and deriving additional resilience measures
Dec 2018 - Dec 2019
1 year 1 month
Stuttgart, Germany

Business Analyst/Subproject Lead

LBBW

  • Build a new authorization management under the Garancy system in the Authorization Management-IAM project
  • Create functional specifications for forming roles and IT profiles and customizing them
  • Define the enterprise role and prepare the role rollout (modified RBAC-ABAC role model, variable decision matrix)
  • Specify the Joiner, Mover, Leaver process and set up the ordering process
  • Develop and quality-assure the authorization concepts
  • Set up a segregation of duties (SoD) check and resolve SoD conflicts
  • Support recertifications
  • Data analysis of the directory services to be integrated and analysis of the connection of OSPlus, Kondor, LDAP, Profis, IDV, organizational and project drives
  • Support system integration and test execution
  • Analyze ECB findings and develop an implementation concept to resolve the findings
  • Assist in preparing for the ECB audit
Feb 2018 - Nov 2018
10 months
Bonn, Germany

IT Architect Treasury

Postbank System

  • Develop the new IT architecture for ES Treasury as part of the integration of Postbank into the Deutsche Bank Group
  • Focus on architecture in the areas of ALM and issuance
Mar 2015 - Jan 2018
2 years 11 months
Frankfurt, Germany

TPL / Deputy Project Lead

DZBANK

  • Project to migrate credit card accounts from the former WGZ to DZBANK Frankfurt
  • Establish risk management and dependency management for the migration project
  • Introduce the role of a communications manager in the organization
  • Support test management (Silk and Jira) and act as deputy project lead
  • Contribute to migration concepts for SAP-BCA, SAP-CML, SAP-CMS, SAP-CYT, and SAP BP master data migration
  • Define functional extension requirements in the SAP-CYT area
  • Conduct tests and go-live
  • Stakeholder management and prepare steering committee meetings
  • Part of the migration team: manage all tasks in the migration cockpit with focus on SAP applications
  • Test manager: set up and carry out all test activities and reporting to the project lead
Jan 2000 - Dec 2015
16 years

Project Lead/Multi-Project Lead/Scrum Master

Deka Bank

  • Prepare project proposals, project plans, project management, requirements and procurement management, and integration management
  • Budget application and control, status reporting, resource management, process analysis, communication and stakeholder management
  • Dependency and risk management, implementation of regulatory requirements, and workshop facilitation
  • Methods used: Scrum and agile methods
  • Work on projects related to EMIR, Dodd-Frank, MiFID, MiFIR, FATCA, BCBS239, CRR, MaRisk, LQR, CRS, OPR, market risk, FX risk, stress testing, money market statistics, authorization concept, and other regulatory requirements
  • Implement a data warehouse, new payment system PTS, Internet FX trading platform, new general ledger and sub-ledger
  • Implement an automated margin hedging process connecting SAP-CML, SAP-CMS, and SAP-BCA
  • Implement SEPA requirements, customizing, and integrate UBIX
  • Introduce the new Pfandbrief legislation, FX management, lean management
  • Set up new accounting and liquidity management with integration of all SAP applications and Front Arena
  • Profit and loss calculation, risk management
  • Build internal controls and KPIs, control manual, training, and maturity assessment
  • Back office/payment transactions, fixing trades, retail business, reporting, and connection to trading venues
  • Work with external auditors, BaFin and ECB
  • Introduce an IAM management system (Omada Identity Suite) with requirements management, role concepts, functional specifications considering regulatory requirements
  • Implementation concept, SoD, reconciliation, conflict resolution, and support for external audits
  • Support process changes, application integration, workshops, and creation of an article catalog in OIS
  • Set up a change request management and support development of authorization concepts
  • IT project management: manage rollouts and carry out optimization measures
Jan 1998 - Dec 2000
3 years

Business Analyst

DVG

  • Create functional specifications to determine requirements from the 6th KWG amendment in connection with the Berger & Schier application
Jan 1990 - Dec 1998
9 years

COO; CIO; Overall Program Manager; Head of Finance and Accounting

Banco di Napoli

Skills

  • Overall Project Manager; Multi-project Manager; Project Manager; It Project Manager; Business Analyst; It Architect; Annual Financial Statement Auditor; It Auditor; Test Manager; Scrum Master

  • Finance And Accounting; Annual Financial Statement (Proficient)

  • Securities Trading; Securities Settlement; Treasury

  • Regulatory Requirements; Supervisory Law; Marisk; Bait; Bsi; Psd2; Iso 20022; Iso 27001; Isae; Ps951

  • Access Management (Iam And Pam); Sod Processes; Authorization Concepts; Segregation Of Duties (Sod) And Sod Conflict Management

  • Wealth Management; Fx Risk Management; Interest Rate Risk; Market Risk; Stress Testing; Operational Risks; Liquidity Risk

  • Bcm; It Emergency Management; Liquidity Management

  • Outsourcing Management; Third-party Management; Outsourcing And Order Registers; Service Provider Management; Setup And Operation Of Payment Systems

  • Data Protection; Dpia; Data Protection Audits; Technical And Organizational Measures; Data Processing Agreements; Creating And Maintaining Records Of Processing Activities (Ropa/ropa-dp)

  • Rollout Planning; Central Control Of It Projects; It Project Management; Establishing An Internal Control System; Developing And Optimizing Control Manuals And Control Matrices; Kpi Definition And Reporting

  • Business Process Analysis; Requirements Analysis; Business Analysis And Project Management; Creating Project Plans; New Product Processes

  • Annual Financial Statement Auditor; It Auditor; Supporting Audits (E.g. Wp, §44 Kwg, Internal Audit, Ps951, Tüv, Data Protection Audits); Implementing Audit Findings

  • Cyt; Compliance; Tenders; Contract Management; Contract Reviews; Defining Slas; Kpis; Exit Planning And Exit Strategy

  • Information Security Management; Information Risk Management; Critical Infrastructures; Protection Needs Analysis; It Inventory; It Operations; Operational Information Security

  • Iam Architecture; Introduction And Operation Of Iam Solutions (E.g. Garancy, One Identity, Omada Identity Suite, Org By Fsp); Integrating Applications Into Iam Landscapes

  • Defining And Implementing Role Models (Rbac, Abac); Corporate Roles; Joiner-mover-leaver Processes; Recertification Processes; Provisioning Processes; J-m-l Processes

  • Building And Operating Asset And Information Registers; Information Network; Idv Processes; Monitoring And Reporting

  • Setting Up Risk Reporting And Risk Control As Well As Mitigation

  • Supporting The Implementation Of Dwh, Payment Systems, Fx Platforms, General And Sub-ledgers, Margin Hedge Processes

  • Goal Orientation

  • Team Orientation

  • Motivating Others

Languages

German
Native
English
Advanced
Italian
Elementary

Education

Lorem ipsum dolor sit amet

Business Administration · Rendsburg, Germany

Lorem ipsum dolor sit amet

Training as a Bank Clerk · Bank Clerk · Rüsselsheim, Germany

Certifications & licenses

BAIT

BSI

ISAE

ISO 20022

ISO27001

MaRisk

PS951

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Achim Klein
Achim Klein

Portfolio Manager, Consultant, Leadership Coach

View Profile
Markus Marschollek
Markus Marschollek

Project Manager / Senior Consultant (multiple projects)

View Profile
Oliver Frömel
Oliver Frömel

Senior IT Enterprise Security Architect | Project Bank Migration

View Profile
Sascha Leitner
Sascha Leitner

CEO

View Profile
Sandra Klinkenberg
Sandra Klinkenberg

Webinar Leader - Blackout Prevention and Preparation

View Profile
Maxim Ribakowski
Maxim Ribakowski

Information Security Officer

View Profile
Björn Bausch
Björn Bausch

Project Manager NIS-2

View Profile
Nikolaus Betzler
Nikolaus Betzler

ICT Risk Management and Information Security

View Profile
Volker Jung
Volker Jung

Interim CISO (Germany, Austria, US, APAC), Auditor

View Profile
Alexander Sänn
Alexander Sänn

Owner and Managing Director

View Profile
Federico Leefhelm
Federico Leefhelm

ISO – Senior Consultant Quality & Information Security

View Profile
Daniel Jüntgen
Daniel Jüntgen

Information Security Consultant

View Profile
Jörg Hoffmann
Jörg Hoffmann

Managing Director; Data Protection Officer; Information Security Officer

View Profile
Lucas Garzarolli
Lucas Garzarolli

Business Consultant

View Profile
Dmitrii Shatov
Dmitrii Shatov

Operational Risk Management IT, Vice President

View Profile
Fabian Flock
Fabian Flock

OT Security Champion Europe

View Profile
Stephan Selnerat
Stephan Selnerat

IT-Security Manager

View Profile
Günther Eufinger
Günther Eufinger

Senior Consultant

View Profile
Julian Voje
Julian Voje

Project Lead Change the Bank

View Profile
Klaus Kilvinger
Klaus Kilvinger

Consultant and Trainer, Managing Partner

View Profile
Pierre Gronau
Pierre Gronau

Ansible Automation, Windows Third Level Support

View Profile
Robert Vattig
Robert Vattig

Freelance Consultant Information Security and Business Continuity

View Profile
Thomas Ullrich
Thomas Ullrich

Senior Consultant / PM Infrastructure Services & Workplace Migration

View Profile
Henryk Orantek
Henryk Orantek

Security Consultant

View Profile
Patrick Beck
Patrick Beck

AML Officer

View Profile
Lucas Löcken
Lucas Löcken

Consultant in Information Security, Data Protection and Business Continuity Management

View Profile
Christian Gebhardt
Christian Gebhardt

Deputy Chief Information Security Officer

View Profile
Frank Joraschkewitz
Frank Joraschkewitz

Lead Project Manager

View Profile
Károly Aczél
Károly Aczél

NIS2 & Risk Strategy Consultant

View Profile
Wilhelm Haupt
Wilhelm Haupt

Project Manager / Senior Consultant

View Profile