Profile

Jutta Edith Zilian CISA, CISM, CGEIT, Prince2, ITIL
Facts:

  • First Diploma Jura Leopold Franzens University Innsbruck 1992
  • Mag. Phil. Leopold Franzens University Innsbruck 1994
  • CGEIT Certification Number 1506474 Date 22 Apr 2015
  • CISA Certification Number 0976597 Date 04 Sep 2009
  • CISM Certification Number 1013549 Date 15 Mar 2010
  • ITIL Candidate no. 0702#3XXX40678 Date 23 Mar 2007
  • PRINCE2 Candidate no. P2/NLXXX40436 Date 22 Nov 2006

Organizations: ISACA Germany Chapter, PMI Southern Germany Chapter

2017

Insurance Munich

  • Project Security Officer Datacenter Consolidation Programm
  • Outtasking Outsourcing
  • Review of Security Concepts (Outsourcer)
  • ISAE Audit (Outsourcer)
  • Onboarding Bank Italy

2016/2017

Government

  • IT Security Middleware (Oracle Fusion, Oracle Cloud Control, Oracle Weblogic)
  • Main responsibility for the ISMS (Information Security Management System) (used Tool HiScout: BSI – IT Grundschutz / ISO 27001)
  • Project Management & -coordination PAM (Privileged Access Management)

2015 – 07/2016

Bank Bonn – Project Security Manager

  • Writing Security Concepts for several projects
  • Guidance in Security architecture
  • Guidance in security Testing (Penetration Tests, Ethical Hack …)
  • Major Projects: MAR (Market Abuse), AML, Bank API, SecMon II (ArcSight)

2015

Bank Frankfurt

Vendor Governance

Third-Party Assessments Reveal Gaps in the Governance Process

Governance problems become visible when mandated independent security assessments examine vendor practices. The most frequent findings appear in these NIST-designated areas:

  • Secure software development (SA)
  • Access controls (AC)
  • Configuration management (CM)
  • Logging and monitoring (AU)

These areas map to the following gaps in governance activities by the contracting organization:

  • Lack of resource planning for sufficient technical oversight
  • Limited in-house knowledge of the security requirements for the new technology
  • Over-reliance on generic contract language for technical compliance requirements

2014

Automotive Munich

IT Security Manager for a large, group wide, datacenter consolidation project.

Personal tasks: Writing Security Concepts for France and Korea.

2014

ISACA vChapter in Formation (Initiator Past president of the New York Metropolitan Chapter Felix Ramirez)

http://vchapter.org

2013

Bank Frankfurt Security Problem Management

Provide daily consultancy in solving security issues.

Provide guidance in security problem solving matters either related to IT or banking specific ones.

2012 – Ongoing Director, RMPI Risk Management Professional International,
German and Austrian Division

http://rmpi-austria.co.at

Provide on-site and public classes on IT Risk Management, IT Governance, IT Auditing, COBIT 5/CGEIT, GRC (Governance, Risk & Compliance), Privacy Risks, Application Auditing, IT General Controls, certification training in CISA, CISM & CRISC; Hosting for Jay Ranade/ISACA New York Metro Chapter (Axioms, one line statements to enhance knowledge for their CISA, CISM, CRISC and CGEIT students).

2011/2012 – CISA (Certified Information Systems Auditor) &
& CISM (Certified Information Security Manager) Instructor

2011 – Consultancy Munich IT Asset Management, Compliance & Governance

2010 – 2011 Project Munich based Company for Swiss Customer
Machine to Machine Communication (Logistics Company)

2009 – Training and Coaching Risk Management, Governance, Compliance, Project & Program Management Methodologies (ISACA, PMI PMBOK, CISSP CBK, Prince2)

2008 – MA&D Financial Institution Switzerland

Harmonizing HR and legal department
SAP Systems Harmonization SAP BI & FI.

2007/2008 – European Institution in The Hague
various projects managed carrying the role of a Multi Project Manager

  • Technical infrastructure JBoss Portal
    • Release and Deployment Management
    • RDBMS (mySql, DB2)
  • Single Sign On SSO Rollout (Open LDAP, RACF, Kerberos)
  • Technical infrastructure Alfresco ECMS & Single Legal Source
    • RDBMS (mySql)
    • ETL and Data Integration processes (Single Legal Source)
    • Release and Deployment Management (Alfresco ECMS)
  • General Security Awareness program

2005/2006 – US Bank EMEA

  • Project Management new strategic frontend and backend application
    Pilot Portugal (Java Portal using iPlanet and Bea Weblogic, iCMS using Intervowen Team Site)

    • Release and Deployment Management (Weblogic, Team Site)
  • Belgium OTP (One Time password) & SSO for Barcelona, Spain.
    Consumer Banking
    Online Banking (Java Financial Portal)
    iPlanet, Websphere, Bea Weblogic, Oracle, Vasco Digipass, Eracomm

    • Release and Deployment Management (Weblogic, Oracle)
  • OCC Audit (today it would be managed by SEC)
    IT Security Expertise & Compliance
    Datacenter Consolidation
  • Remote Management: Development Center in Chennai, Singapore, LA and Management including the executive sponsor in London

2004 – Bank in Geneva

  • Project Coordination / Lead on Oracle (RDBMS) Security Rollout
    Project Management Internet Trading Engine iTrader

    • Release and Deployment Management (Weblogic, Oracle RDBMS)
  • Datacenter Move & Datacenter Consolidation
  • Apache, Bea Weblogic, Oracle (RDBMS), RSA
    Business Continuity & Disaster Recovery strategies for iTrader.

2003 – Datacenter (Financial Institution) Munich

  • License Management,
  • CMDB (Infrastructure Management/Change /Strategy/Automation)
  • Business Case development for License management optimization
  • SLA Management
  • Various Clients Financial Sector (eg. Helaba, Bayr. Landesbank, Sparkassenverbund)
  • RDBMS: Oracle, Sybase, db2/UDB
  • Operating Systems: Unix (Solaris, AIX, Linux)

2002 – Bank in Basel

  • Project Management BMC Patrol
  • Data Warehouse
  • Electronically Archive
  • “nachrichtenlose Konti” (not translatable)
  • Monitoring System,
  • Security Aspects, Risk Analysis, RCSA/CSA (Risk Control Self-Assessment)
    IT Compliance,
  • DLP (Data Loss Protection) Strategy & Implementation

2001 – Atraxis (Swissair & Sabena) Zürich Unique Airport Zurich Ops

  • Project Management CA Unicenter
  • Project Coordination Rollout axsFlightplanning for Belgium Sabena
    • RDBMS Oracle
    • Release and Deployment Management (Centura Team Developer)
  • Project Coordination Crew Management System for Air Littoral
    • RDBMS DB2 UDB
  • Remote Management: Development Center in Trivandrum/India
    • Release and Deployment Management
  • BAU Flight Navigation System axsFlightPlanning/SkyTrack
    • Release and Deployment Management
    • RDBMS (Oracle, DB2)
    • ETL and Data Integration processes (Flight Navigation Database Oracle, Weather data loading processes and more)
  • Stakeholder Management, Negotiate Issues between Airlines, Dispatch and IT
  • Problem & Incident Management

2000 – Merchandise Düsseldorf

  • Rollout MMS Store (AIX, RDBMS Oracle, Forms, Reports, OWAS)
    • Release and Deployment Management (OWAS)
  • Business Continuity & Disaster Recovery Strategies

1999 Bank Munich

Maternity Coverage (Interim) Compliance Desk & Compliance Database (RDBMS Oracle)
Investment Banking

1994- 1999 JES DatabaseService & NexTec Staudach & KEG

Programming Gupta Team Developer, Oracle Administration, Project Management (for several clients) In-house, fixed price projects