Eric Konan

Multi-state bank · GDPR, NIS2, DORA, Basel III · IT Vulnerabilities, IT Audits, Internal Control

▪ IT risk management across the entire IT system: identification and qualification of security and obsolescence vulnerabilities (IT4IT, INFRA, Applications), maintenance of action plans with tracking of deadlines, costs, and timelines. Reduction of the vulnerability stock from 75,000 to less than 15,000.

▪ Preparation and facilitation of 50+ monthly vulnerability Steerco meetings for the Executive Committee and the Risk Department, over 4 years; production of the quarterly Security Dashboard (16+ committees).

▪ Monitoring of IT audits, Swift audits, and CAC recommendations; 13+ control campaigns managed.

▪ Security incident management: 30+ monthly committees, Root Cause Analysis, remediation plans validated with IT4IT, INFRA, and Applications teams.

▪ Administration of 1,300+ remote access authorizations (RSA tokens) and monitoring of 500+ mobiles via Microsoft Intune.

▪ Application of GDPR, NIS2, and DORA requirements to banking IT processes; updating risk matrices and processing registers in conjunction with the DPO.

▪ Supervision of privileged access management (PAM) and internal control procedures.

Tools: VARONIS · QUALYS · SharePoint · Excel · Power BI

200+ IT projects · Basel III, Banking Internal Control

▪ Management of the quality and execution of a portfolio of 200+ IT projects within a strict regulatory framework (Basel III); monthly KPI/KRI reporting to the Executive Committee and the Risk Department.

▪ Complete financial management: monthly invoicing, charge reconciliation, annual budget campaigns, IT workload planning (30,000+ person-days).

▪ Preparation and facilitation of regulatory steering committees; interface between IT teams, business units, the Risk Department, and Internal Audit.

▪ Automation of monitoring reports (Excel, SharePoint); contribution to internal due diligence and audit preparations.

Tools: CA Clarity PPM · SAP Business Object · MS SharePoint · Excel · Power BI

Payment & Financial Services · PCI-DSS, PSD2 · 50+ projects · 50,000+ person-days

▪ Cross-functional management of the project portfolio in a PCI-DSS/PSD2 environment: monitoring of budget commitments, schedules, non-compliance risks, and remediation plans.

▪ Production of weekly KPI dashboards; facilitation of regulatory governance bodies and interface with auditors.

▪ Mapping of payment processes and data flows; development of risk matrices and regulatory documentation.

Tools: MS Project · Excel · SharePoint · PowerPoint