Senior IT Enterprise Security Architect | Bank Migration Project

Client: Deutsche Bank AG (retail bank). Industry: Financial services / one of Germany’s top private and business banks.

Merger/insourcing project in banking: transferring all data, users, and processes from one bank to the parent company.

• IT Security Architect in CSO (Chief Security Office) at Deutsche Bank for a Postbank merger/insourcing project
• Developed a clustering concept for all migrating applications based on complexity criteria (risk profile, protection needs, compliance), considering: Deutsche Bank’s ISMS on ISO27001 vs. Postbank’s ISMS on BSI IT baseline protection. Protection analyses, risk assessments, and risk management processes differ and must be reviewed and adapted per application. Reviewed and aligned IT security architecture with bank, infrastructure, and target domain requirements.
• IT security architecture: Lead advisory for all program subprojects on architecture and concepts (integration patterns like batch, online/web services, MQ), and prepared new components for review and approval by the bank’s decision councils.
• IT security consultancy: Lead subject matter expert on all technical and content questions in the project.
• Compliance: Supported all vertical streams (Sales & Channels, Investments, Lending, Finance, Enterprise, etc.) in creating documentation and architectures for shared patterns and presenting to councils.
• Risk management: Led review responses for all streams on compliance questions for test system configurations. Reviewed full architecture and analyzed deviations. Conducted threat assessments.
• Risk governance: Lead security architect in CSO, aligned action plans on risk mitigation, specified actions, and provided evidence to close action items. Validated residual risks and mapped to the risk grid for final IT security/CSO rating. Prepared identified risks and non-compliances for the bank’s risk units.

Client: Allianz Germany & Allianz Italy. Industry: Insurance.

Local implementation of the global standard Allianz Input Management System (AIMS++) in Italy.

• Architected integration of the German parent’s global input management solutions into Allianz Italy’s IT landscape.
• Advised on cloud integration with legacy systems.
• Consulted on web service design and corporate architecture patterns.

Client: DZ Bank. Industry: Financial services.

Long-term advising since 2003, direct contracts from 2008. Guided multiple provider transitions (LH Systems, Fiducia, Atos) and the merger with WGZ BANK on groupware (messaging and collaboration). Supported SLAs, service transition planning, and migration plan reviews. Responsible for analysis and solution design migrating Lotus Domino apps to Microsoft.

Merger support of WGZ BANK and DZ BANK.

High availability | Enterprise architectures | Lotus Domino:

• Technical lead in groupware for designing a unified target infrastructure and migration of existing environments.
• Attended meetings and alignments.
• Created, reviewed, and assured quality of documents as the DZ Bank’s groupware contact with other bank units, external vendors, and project staff.

Client: Deutsche Bank AG | PBC. Industry: Financial services.

IT security architecture in an enterprise context, advising on IT security questions.

IT security architecture | IT security review | IT enterprise architecture | IT security risk analysis:

• Key lead in establishing the IT Security Architecture department in private & business clients (later Private Wealth & Commercial Clients, including Postbank).
• Advised projects (Change The Bank) and application owners (Run The Bank) on security concepts and processes for compliance with bank security requirements.
• From 2016, extended responsibilities to international business (mainly Europe).
• From 2017, added global wealth management.
• From 2018, added Postbank reintegration.
• Post-Magellan, advised on IT security in the Postbank deconsolidation project.
• Conducted security concept reviews, risk analyses, and qualification per the bank’s operational risk management.
• Advised CTB projects and RTB owners on all IT security issues at Deutsche Bank.

Client: DZ Bank. Industry: Financial services.

Long-term advising since 2003. Supported provider transitions and WGZ BANK merger for groupware. Aided SLAs, service transitions, and migration reviews. Led analysis and solution design migrating Lotus Domino apps to Microsoft.

Address error analysis in a cascaded address book environment: Groupware | Messaging | Lotus Domino:

• Data protection and audit-driven project
• Analyzed repeated misadreses and delivery failures in a large network of central bank, over 1,000 local banks, and service providers
• Examined technical processes, restrictions, and root causes
• Designed a multi-stage solution with name adjustments, aligned with IT leadership and providers
• Coordinated solution implementation with the bank’s IT providers
• Advised on user communication methods and approaches for different user groups

Client: DZ Bank. Industry: Financial services.

Long-term advising since 2003. Supported provider transitions and WGZ BANK merger for groupware. Aided SLAs, service transitions, and migration reviews. Led analysis and solution design migrating Lotus Domino apps to Microsoft.

Lotus Notes login sync with Windows AD: Groupware | Lotus Domino | IT security | Identity & access | Enterprise architecture:

• Audit-driven project
• Architect and advisor for syncing Windows login password with Lotus Notes client
• Designed a solution with Notes Shared Login and Domino policies for remaining users needing unified password rules
• Tested and piloted with the bank and IT providers
• Quality assurance

Client: DZ Bank. Industry: Financial services.

Long-term advising since 2003. Supported provider transitions and WGZ BANK merger for groupware. Aided SLAs, service transitions, and migration reviews. Led analysis and solution design migrating Lotus Domino apps to Microsoft.

Messaging infrastructure provider switch (Fiducia → Atos): Groupware | Lotus Domino:

• Architect for transitioning messaging for >5,000 users worldwide
• Quality assured provider transition and transformation plans
• Ongoing client support across technical and management levels to bridge functional, contractual, and operational needs
• Acted as translator between levels to ensure client requirements

Client: DZ Bank. Industry: Financial services.

Long-term advising since 2003. Supported provider transitions and WGZ BANK merger for groupware. Aided SLAs, service transitions, and migration reviews. Led analysis and solution design migrating Lotus Domino apps to Microsoft.

Messaging provider switch (LH Systems → Fiducia): Enterprise architectures | Groupware | Lotus Domino | Archiving:

• Architect for messaging infrastructure transition for >5,000 users
• Detailed concepts for architecture, transition, and transformation
• Quality assurance
• Planned email archive return to future document management system
• Tested, piloted, and rolled back + re-archived 2TB of data spanning ten years directly into DMS
• Acted as translator between levels to ensure client and provider interests

Client: EDS/Sal. Oppenheim Private Bank. Industry: Financial services.

Implementing previously defined hardening measures on bank Unix systems. Unix security / hardening (implementation):

• Coordinated implementation of hardening measures per the concept project’s specs and timeline
• Defined operating standards and procedures for continuous monitoring and admin of security aspects
• Advised on modern security architectures, mechanisms, and best practices
• Trained and advised bank segment and app owners
• Coordinated tests by bank and provider
• Managed implementation of security measures at different levels
• Implemented role-based security for app management to prevent shared functional accounts
• Defined processes and advised on transition projects
• Helped define operating standards
• Developed and enhanced scripts for software package and file rights analysis
• Integrated automated tools for the provider
• Defined and assigned roles and responsibilities to sustain the concepts

Client: various. Industry: IT vendor (Sun Microsystems until 2010), multiple sectors.

Open archiving solution C²MS. Archiving | Groupware | Enterprise architecture | Compliance | Legal archiving | Technical presales:

• Guided architecture and implementation of C²MS based on AXSOne records management
• Built demo environments at Sun Munich
• Created competitor comparison papers
• Defined reference architectures
• Advised on cross-country compliance and legal archiving
• Gave talks at internal and external events (IBM Lotusphere 2006, StorageDays Istanbul 2006, DNUG)
• Designed and ran load and performance tests on various platforms
• Developed migration strategies
• Advised Sun customers

Client: various. Industry: IT vendor (Sun until 2009), multiple sectors.

Email archiving solution Infinite Mailbox for Lotus Domino (IML). Archiving | Groupware | Enterprise architectures | Compliance | Legal archiving:

• Analyzed client infrastructures for email archiving solutions
• Ran POCs worldwide
• Reviewed Domino architecture, topology, and performance
• Assessed storage and network infra
• Designed solution architecture for implementation
• Planned hardware sizing and storage selection
• Performed capacity and trend analyses, TCO studies
• Acted as architect, project lead, and tech lead for implementations
• Ran workshops on IML, Sun SAMFS, Domino on Solaris
• Troubleshot issues globally
• Led global support team (2003–2010) for WIPRO/India and Sun

Industry: IT system integrator and consulting.

Management of ~20–30 staff in Karlsruhe and client sites + 20 in Riga (DeSL) and support locations.

Internal roles: Admin of a mixed client-server environment:

• Managed hardware, network, and server admin (AIX, OS/2, Solaris, Windows, Linux)
• Introduced Linux and Solaris replacing AIX and OS/2
• Built a security infra on Linux: DMZ, firewall, IDS, VPN across sites and countries, established a CA with open-source certificates
• Remote access solutions (modem, ISDN, VPN)
• WAN/VPN link with development in Riga

External roles: Senior consultant and architect:

• Network design and admin
• System architecture
• Security analysis and consulting
• Lotus Domino architectures, implementation, consulting, and support