As a Senior Manager at KPMG FS Digital Audit team I'm serving a variety of clients in both a consulting and auditing capacity focusing on financial industry clients, applying my in-depth experience of information systems, risk management, internal and external auditing and internal controls:• Manage numerous information system and financial statement audits including all aspects of regulatory requirements based on MaRisk/BAIT/EBA Guidelines. This incorporates all parts of identity and access management, security and privacy, change management, and operations on a variety of platforms.• Manage and perform quality assessments / readiness checks regarding regulatory requirements MaRisk/ KAMaRisk and BAIT/KAIT at multiple clients.• Develop and implement digital audit approaches, guidelines and tools to increase quality and efficiency.

As an IT Audit Director at Daiichi Sankyo Europe GmbH, I was responsible for manage the relationship with senior IT management and perform IT audits and JSOX testing: • Internal Audit – Develop and implement the IT audit universe to drive the annual risk based internal audit plan; perform annual risk assessment interviews and workshops with senior leadership to develop the annual internal audit plan; plan and conduct IT audits and report audit results to management and the group audit function. • JSOX – Assess the design and operation of JSOX controls; report the results to the group internal audit function and act as a contact person for the external auditor;

As a Senior Manager at Deloitte I was serving a variety of clients in both a consulting and auditing capacity focusing on financial industry, technology and service provider clients, applying my in-depth experience of information systems, risk management, internal and external auditing and internal controls: • Managing numerous information system and financial statement audits including all aspects of security and privacy, change management, and operations on a variety of platforms (cloud); leading business process control audits. • Developed the Third Party Assurance practice, including development of guidance, tools, and quality review processes, bringing a depth of experience specific to Third Party Risk management and solutions; managed the delivery of Third Party Assurance engagements for a multitude of financial service clients. • As a team leader responsible for the information systems and process part of integrated international audit teams, I'm assessing risks, developing internal controls assessment approaches, developing an understanding of client business processes and the supporting information technology environment, as well as, evaluating the results of our assessments.

As an Internal IT Audit Manager at Protiviti, I was responsible for performing internal IT audits and SOX readiness testing for technology and fintech clients: • Internal Audit - Conducted annual risk assessment interviews and workshops with senior leadership, designed risk informed internal audit plans based on the prioritization of risk, executed business process and information technology control assessments, and regular reported to the CEO and Audit Committee of the Board of Directors for several clients at the technology industry. • SOX Readiness and Compliance - acted as project coordinator for a SOX internal audit testing projects at technology clients, performed project scoping, workplan development on SOX IT frameworks, control analysis, international coordination, status reporting, communication of deficiencies, and reporting.

As a Senior Audit Leader at the Enterprise Risk Management team, I was responsible for performing risk assessments and executing (planning, evaluation, investigation and reporting) internal audits at operational risk management, treasury, capital markets, and financial reporting.• Developed a group-wide liquidity risk management audit methodology including risk control-matrix and testing procedures based on regulation Reg YY - EPS.• Executed internal audits regarding liquidity risk management, capital markets and risk identification and risk appetite, drafted exceptions and root cause analysis, validated impact assessments and prepared audit reports.

As a Senior Associate at PwC RA Team, I was responsible for organization, planning and realization of external and internal audits. • Accomplished and managed the design and operation of internal controls of a large technology client. This engagement included over 130 internal controls across the company’s business and IT processes. Most notably, evaluated defined internal control rationalization efforts and evaluated the adoption of the COSO 2013 internal control framework. Further conducted walkthroughs to identify key risks, reviewed the testing of team members and tested the remediation of significant control deficiencies. • Accomplished and managed the evaluation of the design and operation of internal controls for change management at a financial technology client. This engagement included the evaluation of the change management controls. Most notably was to provide the effective remediation of past control deficiencies and provide better aligning internal controls objective with financial reporting risks. • Supported the internal audit department at a technology client at the evaluation of the internal control framework and testing of business controls. • Coaching and training on the job of team members.

As a Manager at Deloitte Risk-IT Team I was responsible for acquisition, organization, planning and realization of external audits, project-related reviews and third-party-assurance. • Led the IT-part of the securities deposit audit at a global bank. This engagement included the audit of the design and operation of certain parts of the General IT Controls, outsourcing controls, disaster recovery and business continuity management, portfolio management and reporting regulations stipulated by the German banking act. • Led and executed a ISAE 3402 project. This engagement included the integration of control requirements stipulated by the German banking authority regarding product information sheets.• Led and executed the year-end-IT-audit at a global bank. This engagement included audit of the design and operation of the General IT Controls, Risk & Regulatory requirements and automated controls implemented at trading and loans management systems.• Led the pre and post implementation review of the implementation of a data warehouse. This engagement included the evaluation of business, process and control outcomes achieved through the integration of all financial data at the data warehouse.• Coaching and training of team members.

As a Senior Consultant at PwC I was responsible for the audit of medium sized banks and other companies of the financial service sector.• Led and executed the IT-part of year-end-audits and security deposit holdings audits. These engagements included the audit of the internal control systems and business processes, audit of the suitability and effectiveness of the General IT Controls and the audit of the preparation of financial statements.• Led the pre and post implementation reviews of an IT-migration project at a bad bank. This engagement included the evaluation of business, process and control outcomes achieved through the migration to a complete new IT-environment. Further included the integration of control requirements stipulated by Minimum Requirements for Risk Management (MaRisk) and German banking regulations.• Coaching and training of team members.