Jutta Edith Zilian CISA, CISM, CGEIT, Prince2, ITIL

  • First Diploma Jura Leopold Franzens University Innsbruck 1992
  • Mag. Phil. Leopold Franzens University Innsbruck 1994
  • CGEIT Certification Number 1506474 Date 22 Apr 2015
  • CISA Certification Number 0976597 Date 04 Sep 2009
  • CISM Certification Number 1013549 Date 15 Mar 2010
  • ITIL Candidate no. 0702#3XXX40678 Date 23 Mar 2007
  • PRINCE2 Candidate no. P2/NLXXX40436 Date 22 Nov 2006

Organizations: ISACA Germany Chapter, PMI Southern Germany Chapter


Insurance Munich

  • Project Security Officer Datacenter Consolidation Programm
  • Outtasking Outsourcing
  • Review of Security Concepts (Outsourcer)
  • ISAE Audit (Outsourcer)
  • Onboarding Bank Italy



  • IT Security Middleware (Oracle Fusion, Oracle Cloud Control, Oracle Weblogic)
  • Main responsibility for the ISMS (Information Security Management System) (used Tool HiScout: BSI – IT Grundschutz / ISO 27001)
  • Project Management & -coordination PAM (Privileged Access Management)

2015 – 07/2016

Bank Bonn – Project Security Manager

  • Writing Security Concepts for several projects
  • Guidance in Security architecture
  • Guidance in security Testing (Penetration Tests, Ethical Hack …)
  • Major Projects: MAR (Market Abuse), AML, Bank API, SecMon II (ArcSight)


Bank Frankfurt

Vendor Governance

Third-Party Assessments Reveal Gaps in the Governance Process

Governance problems become visible when mandated independent security assessments examine vendor practices. The most frequent findings appear in these NIST-designated areas:

  • Secure software development (SA)
  • Access controls (AC)
  • Configuration management (CM)
  • Logging and monitoring (AU)

These areas map to the following gaps in governance activities by the contracting organization:

  • Lack of resource planning for sufficient technical oversight
  • Limited in-house knowledge of the security requirements for the new technology
  • Over-reliance on generic contract language for technical compliance requirements


Automotive Munich

IT Security Manager for a large, group wide, datacenter consolidation project.

Personal tasks: Writing Security Concepts for France and Korea.


ISACA vChapter in Formation (Initiator Past president of the New York Metropolitan Chapter Felix Ramirez)


Bank Frankfurt Security Problem Management

Provide daily consultancy in solving security issues.

Provide guidance in security problem solving matters either related to IT or banking specific ones.

2012 – Ongoing Director, RMPI Risk Management Professional International,
German and Austrian Division

Provide on-site and public classes on IT Risk Management, IT Governance, IT Auditing, COBIT 5/CGEIT, GRC (Governance, Risk & Compliance), Privacy Risks, Application Auditing, IT General Controls, certification training in CISA, CISM & CRISC; Hosting for Jay Ranade/ISACA New York Metro Chapter (Axioms, one line statements to enhance knowledge for their CISA, CISM, CRISC and CGEIT students).

2011/2012 – CISA (Certified Information Systems Auditor) &
& CISM (Certified Information Security Manager) Instructor

2011 – Consultancy Munich IT Asset Management, Compliance & Governance

2010 – 2011 Project Munich based Company for Swiss Customer
Machine to Machine Communication (Logistics Company)

2009 – Training and Coaching Risk Management, Governance, Compliance, Project & Program Management Methodologies (ISACA, PMI PMBOK, CISSP CBK, Prince2)

2008 – MA&D Financial Institution Switzerland

Harmonizing HR and legal department
SAP Systems Harmonization SAP BI & FI.

2007/2008 – European Institution in The Hague
various projects managed carrying the role of a Multi Project Manager

  • Technical infrastructure JBoss Portal
    • Release and Deployment Management
    • RDBMS (mySql, DB2)
  • Single Sign On SSO Rollout (Open LDAP, RACF, Kerberos)
  • Technical infrastructure Alfresco ECMS & Single Legal Source
    • RDBMS (mySql)
    • ETL and Data Integration processes (Single Legal Source)
    • Release and Deployment Management (Alfresco ECMS)
  • General Security Awareness program

2005/2006 – US Bank EMEA

  • Project Management new strategic frontend and backend application
    Pilot Portugal (Java Portal using iPlanet and Bea Weblogic, iCMS using Intervowen Team Site)

    • Release and Deployment Management (Weblogic, Team Site)
  • Belgium OTP (One Time password) & SSO for Barcelona, Spain.
    Consumer Banking
    Online Banking (Java Financial Portal)
    iPlanet, Websphere, Bea Weblogic, Oracle, Vasco Digipass, Eracomm

    • Release and Deployment Management (Weblogic, Oracle)
  • OCC Audit (today it would be managed by SEC)
    IT Security Expertise & Compliance
    Datacenter Consolidation
  • Remote Management: Development Center in Chennai, Singapore, LA and Management including the executive sponsor in London

2004 – Bank in Geneva

  • Project Coordination / Lead on Oracle (RDBMS) Security Rollout
    Project Management Internet Trading Engine iTrader

    • Release and Deployment Management (Weblogic, Oracle RDBMS)
  • Datacenter Move & Datacenter Consolidation
  • Apache, Bea Weblogic, Oracle (RDBMS), RSA
    Business Continuity & Disaster Recovery strategies for iTrader.

2003 – Datacenter (Financial Institution) Munich

  • License Management,
  • CMDB (Infrastructure Management/Change /Strategy/Automation)
  • Business Case development for License management optimization
  • SLA Management
  • Various Clients Financial Sector (eg. Helaba, Bayr. Landesbank, Sparkassenverbund)
  • RDBMS: Oracle, Sybase, db2/UDB
  • Operating Systems: Unix (Solaris, AIX, Linux)

2002 – Bank in Basel

  • Project Management BMC Patrol
  • Data Warehouse
  • Electronically Archive
  • “nachrichtenlose Konti” (not translatable)
  • Monitoring System,
  • Security Aspects, Risk Analysis, RCSA/CSA (Risk Control Self-Assessment)
    IT Compliance,
  • DLP (Data Loss Protection) Strategy & Implementation

2001 – Atraxis (Swissair & Sabena) Zürich Unique Airport Zurich Ops

  • Project Management CA Unicenter
  • Project Coordination Rollout axsFlightplanning for Belgium Sabena
    • RDBMS Oracle
    • Release and Deployment Management (Centura Team Developer)
  • Project Coordination Crew Management System for Air Littoral
  • Remote Management: Development Center in Trivandrum/India
    • Release and Deployment Management
  • BAU Flight Navigation System axsFlightPlanning/SkyTrack
    • Release and Deployment Management
    • RDBMS (Oracle, DB2)
    • ETL and Data Integration processes (Flight Navigation Database Oracle, Weather data loading processes and more)
  • Stakeholder Management, Negotiate Issues between Airlines, Dispatch and IT
  • Problem & Incident Management

2000 – Merchandise Düsseldorf

  • Rollout MMS Store (AIX, RDBMS Oracle, Forms, Reports, OWAS)
    • Release and Deployment Management (OWAS)
  • Business Continuity & Disaster Recovery Strategies

1999 Bank Munich

Maternity Coverage (Interim) Compliance Desk & Compliance Database (RDBMS Oracle)
Investment Banking

1994- 1999 JES DatabaseService & NexTec Staudach & KEG

Programming Gupta Team Developer, Oracle Administration, Project Management (for several clients) In-house, fixed price projects