Zoran Jovanovic - Senior IT PM & Governance & Operational Resilience Consultant | Financial Services

Recommended expert

Siegenfeld, Austria

Experience

Apr 2025 - Sep 2025

6 months

Frankfurt, Germany

Technical Writer – Implementation of the BNPP IT PROD SEC Service Catalog

BNP Paribas Deutschland

Conceptualization, authorship and finalization of the IT PROD SEC service catalog with eight standardized security services (S-ID001–S-ID008).
Development of consistent service components & deliverables, RACI assignments as well as SLA and KPI definitions per service.
Integration of BaFin document requirements under DORA into the service descriptions.
Coordination with IT, compliance, risk and operations for the professional validation of all service descriptions.
Specifically for governance & monitoring: definition of the governance cadence, evidence delivery processes, audit support and definition of measurable KPIs and measurement methodology.
Ensured that all services are documented in a standardized, measurable and audit-proof way.
Result: Approved service catalog with eight services as a binding basis for delivery, governance and audits; transparent SLAs/KPIs per service and DORA/BAIT/MaRisk-compliant documentation with clear responsibilities and evidence management.
Technologies and tools: Confluence, Jira, ServiceNow, Microsoft PowerPoint, Microsoft Visio, Office 365.

Jan 2025 - Dec 2025

1 year

Düsseldorf, Germany

Technical Writer – Creation of standardized operating procedures according to DORA

Deutsche Rückversicherung AG

Supported the operationalization of regulatory requirements of the Digital Operational Resilience Act (DORA) with a focus on the written order.
Designed and created Standard Operating Procedures (SOPs) for key DORA areas.
Structured the SOPs into sub-processes with detailed individual steps, clear activities, roles, escalation paths and evidence procedures.
Reviewed and harmonized existing policies to ensure they meet the written order requirements under DORA.
Ensured that operational implementation, responsibilities and regulatory compliance are always traceable and verifiable.
Result: Complete set of DORA-compliant SOPs with clearly structured sub-processes and audit-ready documentation, as well as successfully revised policies to strengthen operational resilience.
Technologies and tools: Microsoft Word, Microsoft Visio, Office 365.

Oct 2024 - Dec 2024

3 months

Berlin, Germany

DORA Expert – Adapting BCM Processes to DORA Requirements

Lloyds Bank GmbH Deutschland

Analyzed existing Business Continuity Management (BCM) processes with regard to DORA RTS 86 Article 26.
Identified gaps against regulatory requirements and developed a tailored action plan to close these gaps.
Revised all existing Business Continuity Plans (BCPs), including all nine relevant scenarios with a focus on third-party dependencies.
Defined test strategies to verify BCP effectiveness and held regular alignments with IT, risk management and compliance.
Adapted BCPs to the technical and organizational specifics of Lloyds Bank Germany.
Result: Fully revised, DORA-compliant Business Continuity Plans; strengthened operational and digital resilience, implemented a regular test plan including RTO/RPO definitions and emergency communication paths, and preparation for supervisory audits.
Technologies and tools: Office 365, Confluence, Jira.

Jul 2024 - Oct 2025

1 year 4 months

Stuttgart, Germany

DORA Expert – Support in Implementing DORA Compliance

Börse Stuttgart Gruppe

Supported the implementation of measures to ensure compliance with the Digital Operational Resilience Act (DORA).
Developed and implemented the Digital Operational Resilience (DOR) strategy to increase resilience and reduce risk.
Adapted the 2025 outsourcing strategy to DORA requirements.
Created standardized operating procedures and adjusted policies according to BaFin document requirements under DORA.
Designed and introduced optimized processes for information security incident management to improve reporting obligations and response times.
Analyzed existing IT systems and supported continuous improvements to the security architecture.
Collaborated closely with internal departments (IT, compliance, risk management) and external service providers, including KPMG.
Result: Advanced DOR strategy, adapted 2025 outsourcing strategy, correct representation of data in the information register and sustainable improvement of security concepts.
Technologies and tools: Confluence, Monday, Jira, Microsoft PowerPoint, Microsoft Visio, VMware, Office 365.

Apr 2024 - Nov 2025

1 year 8 months

Berlin, Germany

BAIT/MaRisk/DORA Expert – Support in Implementing DORA Compliance

Solaris SE (formerly Solarisbank Group AG)

Supported the implementation of the requirements of the Digital Operational Resilience Act (DORA) as well as regulatory requirements from BAIT and MaRisk.
Reviewed, redesigned and negotiated third-party contracts to ensure compliance with BAIT, MaRisk and DORA.
Developed a comprehensive SLA and control framework covering all requirements from DORA/RTS.
Revised and redesigned policies for IT governance, ICT risk management, information security management, monitoring, outsourcing and procurement.
Ensured fulfillment of BaFin document requirements under DORA.
Adapted the outsourcing strategy to the requirements of DORA and MaRisk.
Planned the Digital Operational Resilience (DOR) strategy to strengthen the operational resilience of the IT infrastructure.
Designed the IT asset management strategy and supported the implementation of the information network under DORA.
Developed a risk-based methodology (tool) for evaluating PS 951, ISAE 3402, SOC 1, SOC 2, SOX, PCI DSS and KRITIS audit reports.
Trained employees in third-party risk management and created a procedure for audits.
Supported the execution and assessment of audit reports from key service providers and suppliers.
Responsible for creating the information register.
Result: Successful alignment of IT and security processes with BAIT, MaRisk and DORA/RTS; introduction of an SLA and control framework and a risk-based audit report evaluation to increase organizational resilience.
Technologies and tools: Confluence, Jira, Microsoft PowerPoint, Microsoft Visio, Office 365.

Sep 2023 - Apr 2024

8 months

Stuttgart, Germany

IT Program Lead – Expert in IT Infrastructure Sourcing

Credit Agricole S.A. at CreditPlus Bank AG

Responsible for developing an IT infrastructure strategy and an IT sourcing strategy, managed as separate but closely linked projects.
Used the IT infrastructure strategy as the parent project for the IT sourcing strategy to cover missing infrastructure components in the sourcing process.
Focused on risk reduction, improving information security and daily operations in the German subsidiary.
Ensured the on-time preparation of a comprehensive Request for Proposal (RfP).
Performed an as-is analysis of the information network, designed and planned the operationalization and transformation to the Future Mode of Operation (FMO).
Defined four work packages for the IT infrastructure strategy: Business Applications (EDC), Network & Network Security (COM), User Help Desk (UHD), End User Computing (EUC).
Structured the IT sourcing strategy into phases: Discovery, RfP Setup, RfP On-Going, Contracting, Transition Transformation, CMO+ and FMO.
Integrated the work packages into two RfP lots.
Led coordination and negotiations with information security, procurement, legal, outsourcing (Third-Party Risk Management), internal audit, compliance, business continuity planning and data protection.
Reported to the board and steering committee.
Reviewed existing IT sourcing contracts and managed external service providers (KPMG, METRIC Sourcing Advisory, EY, Deutsche Telekom, etc.).
Took into account relevant regulatory requirements (EBA, BaFin BAIT/MaRisk, DORA, KRITIS, NIS2) and applied PMI, IT GRC assessments and KPIs.
Technologies and Tools: Confluence, Jira, Microsoft PowerPoint, Microsoft Visio, Citrix.

Jan 2023 - Jun 2024

1 year 6 months

Vienna, Austria

IT Project Manager – Expert in Re-Architecting Group Risk Solutions

Erste Digital GmbH at ERSTE BANK GROUP AG

Contributed to a group-wide project to modernize the architecture as part of the Credit Risk Architecture Modernisation Program at Erste Bank Group in Austria and CEE.
Aimed at consolidating and modernizing the entire risk portfolio, including replacing mainframe-heavy processing in Austria and harmonizing systems in the CEE countries.
Integrated new requirements (Basel IV-compliant rating models, early warning systems, property revaluations) into the target architecture.
Ensured compatibility and performance of the new environment for batch processing and online channels, as well as integration of internal and external data sources (e.g., KSV, CRIF).
Reviewed contracts, managed service providers and renegotiated terms for the redesigned target environment.
Combined enabler and business epics in a proof of concept for functional validation.
Implemented an OpenShift environment for computing and used DB2 on z/OS and PostgreSQL on RHEL for data management.
Prepared for the long-term replacement of the central ADABAS database for risk management through data replication and streaming.
Applied PMI, SAFe Lean Portfolio Management, IT GRC assessments, KPIs and Lean Guardrails.
Result: A high-performance, future-proof target architecture with improved performance, higher regulatory compliance and unified risk systems in Austria and CEE.
Technologies and Tools: Experian, FICO, SAS, Confluence, Jira, ITSM, ITAM, central authorization application, cross-platform banking applications, z/OS, ADABAS, DB2, PostgreSQL, Google Cloud, Red Hat OpenShift Container Platform, Kafka.

Oct 2022 - Jun 2023

9 months

Eschborn, Germany

Subproject Manager – Expert in Third Party Risk Management in Financial Services

USD AG at Deutsche Börse Group

Implemented measures from a BaFin special audit under KWG § 44 (P4 findings) in the area of Third Party Risk Management.
Assessed the as-is contract situation and developed new contract guidelines.
Planned processes and methods for assessments and audits, as well as for reporting and monitoring.
Selected and implemented a SaaS-based Third Party Risk Management software.
Used GRC methods according to OCEG and TPRM according to Shared Assessments (Evaluate, Trust, Verify, Manage).
Conducted risk assessments based on SIG questionnaires following ISO 27001:2022, DORA, NIS 2.0, NIST and EBA.
Ensured compliance with BAIT, KAIT, ZAIT, DORA, BaFin, MaRisk and international standards (ISO 27001:2022, NIS 2.0, EBA, NIST CSF).
Reviewed service and license contracts for regulatory and security requirements.
Managed stakeholders, ensured project support and coordinated interfaces between internal and external departments.
Result: Successfully mapped internal data types and sources for asset management and contract management in the TPRM software; created a phased implementation plan; designed management, core and support processes including scorecards and decision matrices.
Technologies and Tools: Microsoft PowerPoint, Microsoft Visio, Citrix.

Oct 2022 - May 2022

-1 years -4 months

Münster, Germany

IT Project Manager – Senior Security Analyst

IBM Deutschland GmbH at Finanz Informatik GmbH (German Savings Banks Association)

Supported implementation of regulatory requirements from BaFin and EBA and ensured IBM’s contractual obligations.
Focused on encrypted data transmission in a complex IT environment with IBM z Systems and AIX Power Systems.
Analyzed an environment with around 1,500 AIX Power Systems and one of the largest DB2 installations in Europe.
Identified gaps in meeting encrypted data transmission requirements in an environment with over 70 savings bank associations.
Prepared a final report with a detailed plan to fix deficiencies and define necessary implementation measures.
Defined technical interventions in applications, databases, web application servers and branch workstations.
Created a management summary to prioritize the program and the team backlog for an Enabler Agile Release Train (ART).
Documented the as-is state and created enabler epics.
Evaluated the IBM Global Security Kit (GSkit) in the DevOps environment.
Prepared a requirements specification with user stories for all eight network segments in the ART.
Planned and coordinated internal processes with the Certification Authority (CA) and resource planning for enabler PIs in the ART.
Defined Definition of Done and review processes for system testing, acceptance and maintenance.
Documented audit and investigation capabilities and test procedures for use by internal IT compliance.
Regulatory and Methodology: Implemented requirements from the BaFin circular dated 16.08.2021, BAIT, MaRisk, BIS; applied PMI, SAFe (Product Owner/Product Manager), KPIs and Lean Guardrails.
Technologies and Tools: Confluence, Jira, ITSM, ITAM, central authorization application, cross-platform banking applications, z/OS, AIX, DB2, RACF, GSkit, WebSphere, Apache.

Jun 2022 - Oct 2022

5 months

Linz, Austria

IT Project Manager – Senior Innovation Engineer

BMC Strategy GmbH at Raiffeisen Software GmbH

Achieved cost optimization through innovation in application development and enterprise architecture with a focus on reducing mainframe load.
Focused on securities processing with GEOS Classic and Nostro and evaluated a platform migration to GEOS CORACT (SDS).
Created transparency and assessed the enterprise portfolio of mainframe applications to evaluate possible migrations to alternative platforms.
Took into account the ongoing Agile transformation and agile working methods in the development value streams.
Ensured compliance with regulatory requirements of the Austrian Financial Market Authority (FMA) with help from consulting firms.
Used contract documents, budget figures and cost overviews across the entire IT portfolio as a decision basis.
Employed SAFe Lean Portfolio Management (Business Agility Assessment Toolkit, Portfolio Canvas, Lean Budget Guardrails, Participatory Budgeting, Epic Hypothesis, Lean Business Case).
Prepared a comparison of five economically viable options per application (e.g. redeveloping COBOL/PL/1 applications in Java, replacing with new applications or platform migration).
Developed a multi-phase roadmap for a platform migration in securities processing.
Collaborated with the software provider to create an MVP and validate the business hypothesis.
Technologies and Tools: Confluence, Jira, mainframe system architecture & software (z/OS, DB2, CICS, TSO, COBOL, PL/1, assembler, SQL, Java), core banking systems, Bankbasis, securities trading with GEOS, OpenShift, Kubernetes, VMware.

Jul 2021 - Dec 2021

6 months

Vienna, Austria

IT Project Manager – Senior Requirement Engineer

Federal Ministry of Finance

Conducted a preliminary study and developed a phased implementation plan to consolidate and harmonize supplier contracts and external partner data.
Objective: Eliminated lack of transparency in collaboration between public administration and external partners caused by missing change management during the agile transformation of IT application development.
Analyzed the impact of not having a LACE team (Lean-Agile Center of Excellence) and an APMO (Agile Program Management Office).
Reviewed audit reports from the Austrian Court of Audit and internal audit.
Used audit reports and stakeholder interviews to create epics to identify legal requirements and business needs.
Analyzed data from the development value streams to assess complexity, costs, and efforts.
Applied SAFe for Government (Business Agility Assessment, Kanban at epic, solution, program, and team levels, Lean budget guardrails, participatory budgeting, MVPs, agile contracting).
Prepared an approximately 100-page preliminary study including a management summary, phase descriptions from epic documentation to user story, root cause analysis with 13 cause items, and a prioritized action plan.
Defined 9 organizational and 5 technological measures, including tool consolidation and feature implementation.
Created requirements and specification documents for program increments (PIs) and defined the target architecture for an end-to-end solution with API integration.
Planned 3 PIs (9–12 sprints), and managed resource allocation and budget approval via agile contracting.
Defined system testing, acceptance, and maintenance processes (definition of done, reviews, retrospectives, inspect & adapt).
Ensured audit and investigation readiness through standard applications and had a bidirectional influence on the long-term IT strategy and strategic themes.
Technologies and tools: Confluence, Jira, API integrations, cross-platform management tools.

Apr 2021 - Jun 2021

3 months

Compliance Consultant

Pisano, Inc.

Advised to ensure compliance with regulatory requirements regarding personal data and trade secrets.
Supported the implementation of data protection and confidentiality requirements after Raiffeisen Bank International joined as a venture capital investor.
Guided the use of investment funds (€2.5 million) with respect to compliance and governance guidelines.

Jan 2021 - Jun 2021

6 months

Agile Coach

AM-BITS LLC / Dataslab GmbH

Established and founded the IT services company Dataslab in the big data sector for the DACH region.
Developed a service portfolio based on agile methods and customer-specific requirements.
Coached distributed teams (including Kyiv and Vienna) in agile practices, frameworks, and processes.
Supported the establishment of agile delivery models and organizational structures.

Nov 2019 - Dec 2020

1 year 2 months

Abu Dhabi, United Arab Emirates

Software Engineer for Artificial Intelligence

DEEM.IO

Analyzed and optimized an AI-driven loan approval system.
Customized and extended the existing Appian software to improve the automated approval process.
Developed new real-time data sources to enhance decision quality and speed of loan processing.

Jan 2018 - Jun 2019

1 year 6 months

Vienna, Austria

External Project Manager – Strategic IT Assessment

Volksbank AG

Conducted a strategic IT assessment to evaluate IT services and cost allocation for budget planning.
Designed and executed a carve-out scenario (bad bank) as part of the legal split of the bank.
Renegotiated service contracts to align with the new structure and risk distribution.

Jan 2017 - Dec 2020

4 years

Vienna, Austria

Managing Director of a software company

Prosper Intelligence Solutions GmbH

Managed a software company focused on data security using artificial intelligence.
Built and led a team of about 45 employees (40 in software development).
Served as external Business Owner and internal EPIC Owner.
Oversaw projects for automated detection of trade secret breaches.
Responsible for a cloud-based web application, workplace and server agents, and mobile apps for iOS and Android.
Led multiple agile teams, including five certified Scrum Masters, three PMI-certified project managers, and a certified Product Owner and Product Manager.
Set up agile processes, quality and delivery standards across the company.

Jan 2015 - Dec 2017

3 years

Essen, Germany

External Project Manager in IT outsourcing

ThyssenKrupp AG

Worked on a global IT outsourcing initiative with T-Systems for about 12,000 servers, 130,000 workstations and 11,000 network components.
Responsible for managing vendor collaboration and conducting risk assessments.
Handled escalation management for conflicts, incidents and delivery issues.
Helped define SLAs and governance structures in the outsourcing contract.

Jan 2013 - Dec 2014

2 years

Hanover, Germany

External Project Manager in IT outsourcing

E.ON AG

Assisted with inventory of all network products and local services across 25 business units and 2,000 branches.
Consolidated and organized collected data to prepare for an IT outsourcing project.
Handed over all consolidated data to T-Systems as a basis for decisions and implementation.

Jul 2011 - Dec 2012

1 year 6 months

Vienna, Austria

External Project Manager for Private Cloud

Bundesrechenzentrum GmbH

Established Austria's first private cloud to support existing virtualization solutions.
Designed and implemented a billing model for private cloud operations.
Supported the Finance and Justice Ministries in using the new cloud infrastructure.
Ensured integration with existing data center and security architectures.

Jul 2010 - Mar 2011

9 months

Vienna, Austria

External Project Manager

Bundesrechenzentrum GmbH

Consolidated and technically modernized the Austrian customs application and company register.
Planned and oversaw the retirement of the mainframe environment.
Created a six-year cost-benefit analysis to support decisions on technology and platform changes.

Sep 2009 - Jun 2010

10 months

Vienna, Austria

External Project Manager

ÖMV AG

Conducting a comprehensive data analysis of the existing data storage landscape.
Developing solutions to consolidate or outsource data storage.
Preparing tender documents for potential service providers.
Supporting management in decision-making regarding sourcing strategy and target architecture.

Jan 2009 - Dec 2016

8 years

Vienna, Austria

Executive Board Member at an IT and business process outsourcing service company

Virtualization Consolidation Architecture AG

Responsible as board member in a service company with about 50 employees (40 in service delivery).
Role as external business owner and internal EPIC owner.
Offering services in IT due diligence, IT compliance and IT consolidation.
Expanding the service portfolio in collaboration with Deutsche Telekom towards IT and business process outsourcing.
Introducing and using SCRUM methods for delivering services in small increments.
Implementing a billing model based on the Agile Contracting principle.

Sep 2004 - Jun 2009

4 years 10 months

External Project Manager for Data Center Consolidation

Raiffeisen Bank International (A&CEE)

Leading and participating in multiple IT and data center consolidation projects in Eastern Europe.
Building highly available platforms for business-critical applications.
Setting up and optimizing IT organizations in various CEE markets.
Introducing virtualization and grid computing for credit risk applications.
Supporting standardization, automation and cost reduction in data center operations.

Jun 2004 - Dec 2008

4 years 7 months

Vienna, Austria

Managing Director of a service company for data center consolidation

PII GmbH

Managing a specialized service company focused on data center consolidation.
Tackling "server sprawl" in large data centers, focusing on business-critical applications of international corporations.
Implementing software licenses for around 40 large clients.
Building partnerships with Oracle, IBM, HP and Microsoft.
Responsible for service delivery with about 10 employees (8 in service delivery).

Jan 2001 - May 2004

3 years 5 months

Princeton, United States

Director D.A.CH. & CEE

Princeton Softech, Inc.

Leading sales and consulting activities in the D.A.CH. region and CEE for a US software company.
Focusing on software products for database administration, data anonymization and archiving.
Supporting business-critical banking applications in deploying and running the solutions.
Responsible for revenue, market development and partner networks in the region.

Jan 1996 - Dec 2000

5 years

Vienna, Austria

Enterprise Technology Consultant A & CEE

PLATINUM TECHNOLOGY, Inc.

Advising on system and database management products in mainframe and Unix environments.
Implementing Y2K solutions for mission-critical systems.
Introducing and optimizing job automation, especially in SAP R/2 and R/3 environments.
Supporting large corporate clients with performance tuning, availability, and operational reliability.

Jan 1993 - Dec 1995

3 years

Vienna, Austria

Solution Manager A & CEE

EMPRISE TECHNOLOGIES, Inc.

Responsible for authentication and security solutions in the A & CEE region.
Focusing on developing and deploying single sign-on technologies (Kerberos).
Securing heterogeneous IT environments (OpenVMS, ULTRIX, HP-UX, zOS, Windows).
Assisting customers with implementation, integration, and operation of the SSO solutions.

Sep 1990 - Dec 1992

2 years 4 months

Wiener Neudorf, Austria

Software Engineer for Special Projects

BILLA EDV-GmbH

Developed and launched the first barcode-based scanner checkout systems in around 2,500 grocery stores in Austria.
Implemented the solutions on platforms such as HP-UX, SINIX, SCO-UNIX, and Oracle.
Contributed to automating and improving efficiency in the store-wide checkout and inventory management system.

Summary

With over thirty years of professional experience at the intersection of IT, business and regulation, I deliver projects where a clear separation between technology and business requirements no longer makes sense. Depending on need, my role shifts between business analyst, technologist and expert on legal and regulatory frameworks – especially in the highly regulated banking and financial sector. Through my work, I have adapted business practices and IT strategies for numerous national and international companies and authorities, regardless of industry, size or cultural context. I always focus on technological innovation and the continuous development of the organization to enable sustainable change. My special strength lies in aligning economic, technological and regulatory complexity to drive change efficiently.

Skills

It Project Management And Business Analysis In Highly Regulated Environments
Management Of Complex, Interconnected It Redesign And Transformation Initiatives (Including Iam, Asset & Configuration Management, Security & Monitoring Landscapes)
Implementation Of Regulatory Requirements (Dora, Bait/vait/kait/zait, Nis2, Kritis) Into Operational It Control And Governance Models
Audit- And Dora-compliant Evidence Management Including Documented Written Order (Sfo)
Stakeholder Management At It, Business And Management Levels
Analysis Of Complex Application, Data And System Landscapes In Regulated Environments
Translation Of Regulatory Requirements (E.g. Dora, Gdpr, Marisk) Into Actionable Business And Technical Concepts
Design And Alignment Of Data Retention, Archiving And Rule-based Cleansing Procedures Across The Entire Data Lifecycle
Coordination Between It (Development, Operations, Database), Compliance, Data Protection And Business Units
Management Of Implementations Including Testing, Acceptance, Documentation And Audit-proof Evidence
Conceptualization, Structuring And Documentation Of Audit-proof Sops According To Dora
Coverage Of Key Ict Domains, Including: Asset & Configuration Management, Logging & Monitoring, Network Security, Iam & Access Management, Cryptography, Vulnerability & Patch Management, Incident & Reporting, Resilience Testing, Backup & Recovery, Change & Operations Management
Integration Of Processes, Roles, Controls, Evidence And Audit Requirements
Operational Project Management With Jira & Confluence
Structured Project, Risk, Decision And Status Documentation
Traditional And Hybrid Project Management (Pmi / Agile-similar)
Management Of Internal Teams And External Service Providers