• Ensuring the professional support of the SiDok/IRM application in the Service Portal (based on the GRC module of ServiceNow) as part of the implementation of IRM functionalities and their integration into the FI Service Portal.
• Supporting internal employees in using the new IRM functionalities to increase line efficiency and effectiveness.
• Further developing the application according to new requirements and needs to ensure it meets the needs of FI departments.
• Conducting functional tests to ensure the correct functionality and integrity of the application as part of the implementation of IRM functionalities.
• Writing help texts to assist users with questions and issues related to the new IRM functionalities and their integration into the FI Service Portal.
• Proposing optimization suggestions to improve the efficiency and user-friendliness of the application as part of the implementation of the new IRM functionalities.
• Creating a release plan for the IRM-2023 project, considering the prioritization of content from the packages by the IRM cluster of security management.
• Coordinating with the Central Information Security and Risk Management Department and the FI Digitalization Board to ensure project goals and budget.
• Supporting the SDLC process

Development of an Algorithmic Decision System (ADEST) for Automated Processing of Job-Related Data and Analysis of the HR-BA-XML Interface in the Context of Machine Learning

• Definition and Description of the Risk Process for the Project, including Transparency of Risks
• Regular Review and Update of the Risk Process
• Identification of Potential Risks through Workshops, Interviews, Meetings, Document Analysis, and Insight into Control Tools
• Maintenance of the Risk Register and Description of Risks Regarding Background, Causes, Developments, and Impacts
• Assessment of Risks in Terms of Probability of Occurrence and Potential Impacts
• Development of Measures for Risk Minimization and Avoidance, including Cost and Evaluation Forecasts
• Development of a Risk Treatment Strategy
• Proposal for Communicating Identified Risks to Project Management
• Coordination with Risk Managers and Execution of Risk Aggregation
• Ongoing Coordination with Project and Measure Responsible Parties
• Monthly Update of the Risk Register and Creation of the Overall Risk Assessment
• Maintenance of Reported Risks in the Internal BA Tool R2C
• Preparation of the Risk Presentation for the Project Steering Committee

• Risk Management/Issue Management
• Remediation of IT Vulnerabilities
• Conducting Workshops and Interviews
• Capturing and Implementing Global Information Security Requirements (GRC) in Financial Services (BAIT and MaRisk)
• Implementation of KRITIS Requirements
• Implementation of Requirements from the BSI IT-Grundschutz
• Capturing and Implementing Internal Information Security Requirements According to ISO 27001
• Implementation of Data Protection Requirements
• Creation of Business Impact Analyses & Data Classification
• Consolidation and Presentation of Work Results
• Task Management via Jira and Documentation in Confluence

• Risk Management/Issue Management
• Remediation of IT Vulnerabilities
• Conducting and Moderating Workshops
• Analysis of Current and Target State
• Process Modeling of Target Processes
• Capturing and Reviewing the Implementation of Global Information Security Requirements (GRC) in Financial Services (BAIT and MaRisk Requirements) with IT
• Implementation of KRITIS Requirements
• Implementation of Requirements from the BSI IT-Grundschutz
• Capturing and Implementing Internal Information Security Requirements According to ISO 27001
• Sourcing Management & Vendor Management with a Focus on Regulation & Compliance
• Commissioning and Accompanying Penetration Tests
• Accompanying and Introducing Platform-as-a-Service