30.09.2025 aktualisiert
AV
Premiumkunde
80 % verfügbarIT-Security & Audit Consultant / Controls Writer
Horgen, Schweiz
Deutschland +6
Bsc.Skills
SAPBWIT SecuritySOXGDPRCOBIT® 5 FoundationSAP ProzessintegrationCyber Risk ManagementTARA Threat Analyses and Risk AssessementSEO TexterIT Security Management Systems (ISMS)BSIITSM Beratungnetwork security monitoringSIEMGRP
- 20+ years of experience in the finance, pharmaceutical and insurance industries, and 10+ year in IT security functions as CISO and Head of IT & Security Audit.
- Strong experience in defining internal controls and processes, especially as a Business Process Manager, working with the process management tool Aeneis (like ARIS) for 3 years intensively.
- Extensive experience with stakeholder management and communication within IT-Security, both in German and in English.
- Solid experience consulting and auditing in Security and Security Process Management, based on regulatory standards such as SOX, Cobit, ISO, etc.
- Extensive exposure to wide IT structures and their security processes.
- Exposure to access control.
- Experience in risk identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks.
- Excellent communication skills, with the ability to explain complex concepts to both technical and non-technical stakeholders.
- Experience working in cross-functional teams and contributing to successful project outcomes and support overall system functionality.
Sprachen
DeutschverhandlungssicherEnglischverhandlungssicherFranzösischgut
Projekthistorie
Project of Secuirty Architecture and Risk identification through GDPR and SOX-Controls.
Project is runninng in Sophia Antipolis.
Risk Identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks.
Advise organization on Information Security Management Systems
implementation, including risk assessment and monitoring of information security controls
- Perform certification audits for ISO/IEC 27001, ISO/IEC 20000-1.
- Perform IT security controls assessments.
- Start Organizations Big - Data - Analysis related to security requirements.
Project is runninng in Sophia Antipolis.
Risk Identification and analysis through gap assessments. Recognition of potential risks and definition of the counter-measure to mitigate those risks.
Advise organization on Information Security Management Systems
implementation, including risk assessment and monitoring of information security controls
- Perform certification audits for ISO/IEC 27001, ISO/IEC 20000-1.
- Perform IT security controls assessments.
- Start Organizations Big - Data - Analysis related to security requirements.
Responsibilities:
* Security audit in finance environments and internal control for these environments
* Internal control of Cobit and SOX
* Responsible for design and optimization of operational processes and organizational structures
* Align the internal controls with the internal processes of the clients (banks) and proceeding to gap assessment
whenever necessary
* Security and data protection management
* Security architecture
* IT technology management (IBM interface)
* Changes and projects
* Budget and controlling of IT
* Customer and supplier consulting
* Development of conceptual solutions for business and functional problems
* Recognition of weak points in the process landscape, development of solution and their implementation
* Security engineering and concepts
* Firewall regulations and authentication
* Security audit in finance environments and internal control for these environments
* Internal control of Cobit and SOX
* Responsible for design and optimization of operational processes and organizational structures
* Align the internal controls with the internal processes of the clients (banks) and proceeding to gap assessment
whenever necessary
* Security and data protection management
* Security architecture
* IT technology management (IBM interface)
* Changes and projects
* Budget and controlling of IT
* Customer and supplier consulting
* Development of conceptual solutions for business and functional problems
* Recognition of weak points in the process landscape, development of solution and their implementation
* Security engineering and concepts
* Firewall regulations and authentication
Responsibilities:
* Application owner of BPM modelling application (AENEIS).
* Consult and support of business process owners of the business departments.
* Evangelize BPM subject within the Mepha organization.
* Analysing, modelling and documentation of IT-supported business processes according to existing regulatory (SOX,
GxP, ISO9001)
* Single point of contact for all matters related to BPM.
* Support of internal/external audits for SOX controls in SAP R3 and BW.
* Be the main link between stakeholders and IT vendor ensuring that SOX is developed in line with business needs.
* Organize a new SAP-Authorization-Management through GRC -SAP Access control. User risk and conflict violations
analysis.
* Implement and maintain IT-SOX compliance.
* Coordinate in Corporate level the roll-out audits for SOX controls compliance.
* CISO:
o Implementation all the IT security regulations globally.
o SAP Authorization Concept
o Risk Analysis and Measures
o Responsible for the internal IT-Audits
o ISMS Process optimization
* Application owner of BPM modelling application (AENEIS).
* Consult and support of business process owners of the business departments.
* Evangelize BPM subject within the Mepha organization.
* Analysing, modelling and documentation of IT-supported business processes according to existing regulatory (SOX,
GxP, ISO9001)
* Single point of contact for all matters related to BPM.
* Support of internal/external audits for SOX controls in SAP R3 and BW.
* Be the main link between stakeholders and IT vendor ensuring that SOX is developed in line with business needs.
* Organize a new SAP-Authorization-Management through GRC -SAP Access control. User risk and conflict violations
analysis.
* Implement and maintain IT-SOX compliance.
* Coordinate in Corporate level the roll-out audits for SOX controls compliance.
* CISO:
o Implementation all the IT security regulations globally.
o SAP Authorization Concept
o Risk Analysis and Measures
o Responsible for the internal IT-Audits
o ISMS Process optimization