IT Regulation

From more than 10 years of consulting work in the banking and finance industry, I have a comprehensive knowledge of supervisory requirements for IT and know the focal points of supervisory audits as well as typical findings and pitfalls in the implementation of measures.

 

KNOWLEDGE OF REGULATORY REQUIREMENTS

  • EBA Guidelines on ICT & Security Risk Management (EBA/GL/2019/04)
  • EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02)
  • Minimum requirements for risk management (MaRisk)
  • Supervisory Requirements for IT in Financial Institutions (BAIT)
  • Cyber resilience oversight expectations for financial market infrastructures (CROE)

 

 

KNOWLEDGE OF FRAMEWORKS AND STANDARDS

  • ISO 27001/ISO 27002
  • Cloud computing compliance criteria catalogue (C5)
  • BSI Standards
  • NIST Cyber Security Framework v1.1
  • COBIT
  • ITIL v4