Skills
* 20 years of experience in the finance, pharmaceutical and insurance industries, and 10 year in IT security functions as CISO and Head of IT & Security Audit.
* Strong experience in defining internal controls and processes, especially as a Business Process Manager, working with the process management tool Aeneis (like ARIS) for 3 years intensively.
* Extensive experience with stakeholder management and communication within IT-Security, both in German and in English.
* Solid experience consulting and auditing in Security and Security Process Management, based on regulatory standards such as SOX, Cobit, ISO, etc.
* Extensive exposure to wide IT structures and their security processes.
* Exposure to access control.
* Experience in risk identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks.
* Excellent communication skills, with the ability to explain complex concepts to both technical and non-technical stakeholders.
* Experience working in cross-functional teams and contributing to successful project outcomes and support overall system functionality.
My work typically includes: Analysis of structured and semi-structured data for risk, compliance, and operational insights Design of data models, KPIs, and dashboards for management and operational teams Support for data-driven decision-making in security, audit, and governance contexts Data preparation, validation, and quality assessment Translation of analytical results into clear, actionable recommendations I bring a strong understanding of business processes, controls, and regulatory requirements, allowing analytics results to be aligned with audit, compliance, and security objectives rather than isolated technical metrics Sprachen Deutsch verhandlungssicher Englisch verhandlungssicher Französisch gut Project of Secuirty Architecture and Risk identification through GDPR and SOX-Controls
Project is runninng in Sophia Antipolis
Risk Identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks
Advise organization on Information Security Management Systems
implementation, including risk assessment and monitoring of information security controls
Perform certification audits for ISO/IEC 27001, ISO/IEC
Perform IT security controls assessments
Start Organizations Big - Data - Analysis related to security requirements Head of IT & Security Audit Central Credit Bureau (ZEK Zentralstelle für Kreditinformationen Responsibilities:
* Security audit in finance environments and internal control for these environments
* Internal control of Cobit and SOX
* Responsible for design and optimization of operational processes and organizational structures
* Align the internal controls with the internal processes of the clients (banks) and proceeding to gap assessment
whenever necessary
* Security and data protection management
* Security architecture
* IT technology management (IBM interface
* Changes and projects
* Budget and controlling of IT
* Customer and supplier consulting
* Development of conceptual solutions for business and functional problems
* Recognition of weak points in the process landscape, development of solution and their implementation
* Security engineering and concepts
* Firewall regulations and authentication CISO - Compliance & BPM Manager Acino Pharma (Mepha Pharma LLC Responsibilities:
* Application owner of BPM modelling application (AENEIS
* Consult and support of business process owners of the business departments
* Evangelize BPM subject within the Mepha organization
* Analysing, modelling and documentation of IT-supported business processes according to existing regulatory (SOX,
GxP, ISO
* Single point of contact for all matters related to BPM
* Support of internal/external audits for SOX controls in SAP R3 and BW
* Be the main link between stakeholders and IT vendor ensuring that SOX is developed in line with business needs
* Organize a new SAP-Authorization-Management through GRC -SAP Access control. User risk and conflict violations
analysis
* Implement and maintain IT-SOX compliance
* Coordinate in Corporate level the roll-out audits for SOX controls compliance
* CISO:
o Implementation all the IT security regulations globally
o SAP Authorization Concept
o Risk Analysis and Measures
o Responsible for the internal IT-Audits
o ISMS Process optimization