AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Transcription

1 Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse Mannheim E: W: Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter Konrad Executive Partner Senior Consultant German 17 Jahre including 10 years in line functions including 7 years in project functions Sprachen German mother tongue English fluent AT FIRST VIEW Strategic head with special ability to develop structure and document complex content and processes Technical expertise in the IT audit, in the field of IT governance, IT risk, IT compliance and IT security Establish the company IT-SCAN GMBH with focus on IT security, IT Compliance & IT Audit consultancy. Previously establishing the FALK IT Consulting Services GmbH ( as a subsidiary of FALK & Co with comparable advisory priorities Audit of IT application development and IT operations in line to best practices standards such as BSI IT Grundschutz and CobiT or IDW PS 951 (ICS at service companies), the IDW PS 850 (Project-related examination with use of information technology) and the IDW PS 330 (final examination with use of information technology) Expertise in data protection according to BDSG in the function of the external / internal data protection officer as well as the internal auditor by executing reviews in the field of data protection Support of different implementation projects focused on information security (ISMS) in compliance of standards such as ISO 27.00x or BSI IT Grundschutz

2 PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: (IT-)AUDIT united bank international 6 months Year 2017 Senior Engagement Manager Key Subject Matter Expert by order of ARC- Institutes (Audit Research Center) Performance of IT audit activities on behalf of the internal audit department based on the following business audits: Depositary, funding process, marketing & sales Validation of the materiality of information security data stored in the CMDB for audit relevant applications Audit of fulfilling the minimum level of documentation for audit relevant applications Conducting interviews in business and information technology departments Create the working papers for the audit report Assess and categorize the audit results in accordance to the COSO methodology united bank worldwide 2 months / 6 months Year 2016 Senior IT auditor CoSourcing support of group audit as expert during the audit Vendor Management and monitoring of relevant services according to ITIL Significant participation in preparation of audit planning Performance of the audit activities with main audit focus on o Disaster Recovery o Configuration Management (CMDB) o Release Management & Deployment o Capacity Management o Security State & Event Management (SIEM) Perform the audit and create the audit documentation completely in english language Administrative support to the audit lead CoSourcing support of group audit as expert for different audits with scope on Governance in context with business digitalization strategy in regard to the business strategy 2020 Significant participation in preparation of audit planning (risk & control list, audit planning memorandum, audit program, etc.) Performance of the activities with main audit focus on o Program and project planning

3 PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: (IT-)AUDIT o Compliance with project and software development methodology such as Agile methodology (SCRUM) Waterfall methodology (QMS) Program Governance Framework (PGF) o Traceability of strategy transformation in line with the digitalization strategy and the relevant programs and projects o Compliance with budget and finance planning o Program and project controlling o Risk and issue management o Compliance of internal and external specifications and integration of control functions Implementation methodology of digitalization initiatives in cooperation with technology partners and start-ups Compliance with Software Development Life Cycle (SDLC) requirements within the scope of developing a software tool based on a sharepoint platform Compliance with contract requirements (e.g. NDA) in collaboration with partners to realize digitalization projects Training of audit methodology for new internal staff and consultants Perform the audit and create the audit documentation completely in english language Administrative support to the audit lead regional bank Northern Germany 6 months Year 2015 Coordinator and Specialist IT-Audit Coordination and Performance of IT audits Significant participation in preparation of audit plan (with focus on IT) Implementation of IT audits in accordance with audit plan (joint audits: BCM, Provider Management) Project related audit of a large scale IT project Coordination of audits of the Supervisory Authority and Group Internal Audit Technical responsibility for performing IT audits within the IT Audit Team Administrative support given to the Head of Audit Department united bank worldwide 1 month Year 2014

4 PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: (IT-)AUDIT Senior IT Auditor CoSourcing of Internal Audit Department as Senior Auditor and perform the audit End User Computing Create the audit program in regard of standards such as DIIR, ISACA or the German Banking Supervision Conducting interviews in information security department Analysis of relevant policies, standards and work instructions Review of identified vulnerabilities within the EUC Create of audit reports in accordance with auditing standards of the financial institute University Northern Germany education industry non profit organisation 3 months Year 2013 Process and Organizational Consultant Senior Auditor Implementation of an Internal Audit Department Analysis of key business processes of the University Implementation of Internal Audit Department and processes based on standards of the IIA or DIIR Construction of a risk-based audit planning process Create Organizational Rules of Audit Department (Audit Charta and Audit Manual) Perform IT audit and University-related business process audit Accounting Firm worldwide (Big4) accounting industry 6 months Year 2012 Manager IT-Audit Coordination and Performance of IT Audits Responsibility of Consulting and Audit Contracts Generating new assignments Responsible for project-related Audit within a large-scale project in compliance with IDW PS 850 standard Regular reporting to the Audit and Project Management Responsible for performing the audit Outsourcing Service Provider with banking license worldwide service providing industry

5 PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: (IT-)AUDIT 42 months Year Head of Group IT-Audit Coordination and Performance of IT Audits Responsibility of the overall audit process to ensure proper performance of IT audits in compliance with MaRisk standard of German Regulatory Authority Development of audit plans according to the standards of IIA (Institute of Internal Audit) Organization and coordination of internal audits Responsible for performing internal audits according to the standards of the IIA and DIIR (German Institute of Internal Auditors) Performing of IT system audits in compliance of IDW PS 330 Quality assurance of audit results performed by audit team members Implementation and customization of the "risk and control based audit approachs" regarding IT audits Special Project support in integrating a new business unit (France) within the enterprise by fulfilling the corporate standards Local project responsibility (Germany) for a migration and release change project "SAP R/3 ECC 6.0" as part of the group-wide IT systems consolidation project Publishing Southern Germany publishing industry 34 months Year Senior IT Auditor Coordination and Performance of IT Audits Performance of IT audits Organization and coordination of IT audits Responsibility of the entire IT audit process Review security settings and the related processes of a card-based single sign on system Review of security systems in the area of debit and credit card processes Insurance worldwide 12 months Year Senior IT Auditor Coordination and Performance of IT Audits

6 PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: (IT-)AUDIT Review and consulting of the IT security team within setting up an Information Security Management System (ISMS) Validation of IT security processes (according to BSI IT Grundschutz/ ISO /2) Responsibility for performing various IT audits at various European locations of the enterprise Mortgage Bank worldwide 18 months Year , IT Auditor Coordination and Performance of IT Audits Implementation of a risk-based audit approach and construction of Group IT - Audit as part of Internal Audit Department Review of the risk management system of the bank with focus on IT risk management and control Advisory support in implementation of a risk management process for operational IT risks

7 M: PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: IT-COMPLIANCE leading energy company throughout Germany energy industry 7 months Year external data protection officer in the role of interim manager external data protection officer Performing analysis of the current compliance level of data protection to prepare implementation of a Data Protection Management System (DPMS) to prepare the customer for the EU General Data Protection Regulation Processing / consulting of data protection based requests upcoming from project teams or business departments o Requirements of data privacy statement o Requirements to transform data into anonymous or pseudonymous status o Data Privacy requirements of usage of client terminals o Consulting and support in context of commissioning of data processing Review of commissioned data processing Close cooperation with the legal department Compliance with regulatory of data protection midsize accounting firm throughout Germany accounting industry 24 months Year Internal Data Protection Officer Internal Data Protection Officer for entire Group Compliance with data protection rules Extract from the spectrum of tasks o Review of individual data security measures o Audit of commissioned data processing o Dealing with requests o Review of regulations concerning data protection controls Monitoring of data processing programs Staff training Guide the process directory Carrying out prior checks

8 M: PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: IT-SECURITY united bank worldwide 13 months ++ (extended until April 2018) Year Expert for IT Governance / Process and Control Design Implementation Project of an Identity and Access Management (IAM) Analysis and validation of the current control environment Optimizing / re-design and implementation of the control environment within the existing IAM processes Analysis / adaption of existing IAM processes and creation of new IAM processes based on the process modeling methodology EPK (event-driven process chain) by usage of the process design tool BIC Performing of workshops with relevant stakeholders Re-design of IAM standards and policies as well on 1 st Line of Defense as on 2 nd Line of Defense Presentation of project deliverables Deputy of sub-project management Inventory, assessment, addressing and tracking of IAM relevant (internal and external) audit findings (follow up activities) Advising the project management and steering committee on security and compliance relevant issues Coordination and first contact of other projects in conjunction with audit findings of the regulating authority Automotive Manufacturer (OEM) worldwide leading automotive industry 5 months Year 2013 Security and Process Consultant Implementation Project of an ISMS in accordance with ISO 27.00x Validation of audit findings relevant to ISMS in compliance to a companybased risk system Performing interviews based on the IS findings Development of actions necessary to eliminate or reduce existing risks Conceptual development and establish security policies and standards Automotive Manufacturer (OEM) worldwide leading automotive industry 2 months Year 2014 Security and Process Consultant

9 M: PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: IT-SECURITY Implementation Project of Provider Selection Process for Cloud Computing Conceptual development of a procedure for the selection of cloud services and their providers Construct a service scorecard model for service providers Analysis of existing organizational documents concerning outsourcing and cloud providing management Adapting policies and standards and including cloud computing-related aspects Development of XLS-based tools to support the selection process Develop management presentations Regular presentation of interim & final results large bank leading in Germany 1 month Year 2014 Security and Process Consultant Conceptual Creating a Balanced Security Scorecard and a Provider Management System in the context of an ISMS project based on ISO 27.00x Analysis of ISMS organizational and process structure Conceptual development of an ISMS organization and governance in line with the enterprise standards Adjustment of security related policies and standards

10 M: PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: SERVICES midsized Consulting Heidelberg IT industry (industry-independend consulting) 35 months Year CEO and Senior Consultant Foundation and Management of the Construction of the organizational structures of the Design of consulting services (IT Audit & Security, Outsourcing Services, expert services, Business Administration, Governance / Compliance) Initiation and conclusion of strategic alliances with business partners to supplement the service portfolio and to increase revenues Performance of acquisition activities Data Protection Officer for the entire group Performance of audit engagements related to IDW PS 330 (IT system audits), IDW PS 951 (examination of the ICS at service companies), IDW PS 850 (Project-related test) and IDW PS 880 (testing of software products) Automotive Manufacturer (OEM) worldwide leading automotive industry 3 months Year 2014 Process Consulting Designing and creating an interface documentation as part of the process documentation of a complex application environment Analysis of existing metadata within the application environment Structuring the metadata Design of a document standard in consideration of regulatory and security requirements Generating the documentation

11 M: PROFESSIONAL AND PROJECT EXPERIENCE CATEGORY: SERVICES Investment Firm (Subsidiary of an Insurance ) Germany 35 months Year IT Manager Responsibility for IT Operations and IT Organization Support and administration of the system environment Build up an IT organization Responsible for performing IT project such as release changes in ERP environment Realise small programming requirements using MS-Excel / MS Access and VBA