Operational Resilience and Delivery Lead (Register of Information, ICT Third-Party Oversight)

10/2024 – 4/2025

- Collected and validated data across 100+ providers and around 10 critical or important functions from distributed sources (Procurement, IT, Risk)
- Built data quality gates to catch inconsistencies early, resolving classification gaps and format issues before submission
- Outcome: BAU operating model with defined ownership and quality gates; successful submission within the first days of the window

Cyber Security, Datenmodelierung, Governance, Informationssicherheit

9/2024 – 12/2024

- Conducted cyber security assessments and Business Impact Analyses for providers supporting critical or important functions, covering technical and organisational security measures, dependencies, and recovery time objectives

- Structured and maintained third-party and dependency data as input to ICT risk management and the Register of Information; coordinated with Procurement, IT, Information Security, and business units

- Outcome: assessment and BIA results captured for critical or important functions; third-party and dependency data integrated into ICT risk management and the Register of Information

Cyber Security, Governance, Informationssicherheit, ISO / IEC 27001

4/2024 – 12/2024

- Designed and led a 6-workstream DORA programme across Risk, Technology, Legal, Compliance, and Procurement

- Translated DORA requirements into a working operating model: defined ownership, decision rights, escalation paths, and a reporting cadence from weekly PMO to quarterly board (including Luxembourg Authorised Managers)

- Outcome: governance framework adopted into BAU; passed internal audit without significant findings

Cyber Security, Governance, Informationssicherheit, Projektleitung / Teamleitung, Risikomanagement

1/2024 – 4/2024

- Led PCI DSS recertification and ISO/IEC 27001 activities (evidence, remediation tracking, audit readiness)

- Managed incident response, SOC focus (signal-to-noise), and executive reporting

- Outcome: certifications on track; security governance handed over to permanent leadership without continuity gap

Informationssicherheit, Pci DSS, Security Operations Center (SOC), Incident-Management, ISO / IEC 27001

1/2023 – 12/2023

- Migrated from a custom key management solution to AWS KMS, establishing durable governance for cryptographic assets

- Built a key inventory and dependency map across applications, coordinating platform and engineering teams for a safe migration

- Implemented rotation, monitoring, and access control processes with audit-ready evidence for each

- Outcome: migration completed without service disruption; full cryptographic asset inventory established, replacing a bespoke solution with governed, auditable controls

Cyber Security Engineer, Digitale Transformation

1/2022 – 12/2022

- Co-owned delivery with Treasury: target architecture, transition approach, and risk control

- Coordinated Engineering and Operations to maintain regulatory and operational continuity through cutover

- Outcome: migration delivered without service disruption or customer interface impact

SWIFT

1/2022 – 12/2022

- Identified and inventoried production certificates and keys, eliminating "shadow certificates" and unclear lifecycle ownership

- Defined lifecycle processes for issuance, renewal, rotation, and decommissioning with clear roles, approvals, and evidence requirements

- Aligned governance to regulated-environment expectations (including PCI DSS)

- Outcome: shadow certificates eliminated; structured lifecycle governance established with clear accountability and PCI DSS-aligned evidence, reducing risk of unplanned expirations

Informationssicherheit

6/2020 – 12/2020

- Co-owned delivery with Treasury to identify and onboard new partner banks and migrate payment and settlement workflows to work with them, driven by Brexit regulatory changes

- Defined target state options and decision material; coordinated Treasury, Engineering, Operations, and external partners

- Outcome: new partner banks onboarded and payment and settlement workflows migrated without service disruption

SWIFT, Systemmigration

4/2020 – 12/2021

- Led engineering, infrastructure, and platform architecture; later took additional Interim CTO responsibility

- Migrated critical systems from data centre to AWS-based cloud architecture

- Restructured engineering ways of working to reduce silos and improve delivery speed, reliability, and root cause discipline

- Outcome: stabilisation and scaling of a globally operating payments platform

Cloud Computing, Systemmigration, Amazon Web Services (AWS)

1/2018 – 3/2020

- Led the build and operation of banking and payments infrastructure including SWIFT connectivity

- Implemented and operated SWIFT Alliance Lite2 and integrated SWIFT messaging into a microservice architecture

- Drove hardening and operational controls aligned to SWIFT CSP; coordinated internal teams and external infrastructure and security providers

- Outcome: stable operation of a regulated BaaS payments infrastructure under CSSF supervision, with SWIFT CSP controls embedded

Informationssicherheit, SWIFT