You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Jan KonnerthJK

Jan Konnerth

Independent IT Audit & Governance Advisor

€900/day
Köln, DE
15+ years
Audit Preparation
Hands-on mentality
Regulatory Compliance
IT Audit
Governance, Risk & Compliance (GRC)

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Jan

I support organizations that need clarity, structure, and confidence when facing audits, regulatory requirements, or complex IT landscapes.

I am an experienced IT audit specialist, certified ISO 27001 Lead Auditor, ISO 20000 Lead Auditor, CISA (ISACA), and ITIL Expert across multiple generations (V2, V3, V4). My work combines deep audit expertise with hands-on process design and governance implementation.

I regularly help clients prepare for:

IT and compliance audits
ISO 27001 and ISO 20000 audits
Internal audits and management reviews
Governance and control assessments
Regulatory-driven IT reviews (DORA / NIS2 / etc.)

  • German

    Native or bilingual

  • English

    Fluent

Remote only
Primarily works remotely

Experience

  • Multiple Banking and Financial Service Provider
    External Auditor
    BANKING AND INSURANCE
    June 2016 - November 2024 (8 years and 5 months)
    Frankfurt am Main, Germany
    Employment Type: Project engagement on behalf of ChallengeIT GmbH

    DEUTSCHE BANK:
    • 2024: Technology roadmap audit and IT transformation audit; assessment of legacy systems and Microsoft platforms; regulatory validations for HKMA and FED
    • 2023: Cloud platform and enterprise architecture audits
    • 2022: International audits covering IT infrastructure and ITIL processes; cloud audits (Windows, O365, Google Cloud); vendor strategy; regulatory requirements (HKMA)
    • 2021: International audits focusing on IT infrastructure and ITIL processes (Asset & Configuration Management, Middleware)
    • 2020: International audits in Italy and Poland, including local regulatory requirements
    • 2018–2017:
    • Data center and physical security audits
    • Software development procedure audits (SDLC, open source, source code reviews)
    • Audits of ultra-low-latency environments
    • 2016: Application and infrastructure audits (regulators: ECB, FED, MAS), review of program governance frameworks and access management

    Focus: IT Audit, ISO 27001, ITIL Processes, Cloud & Infrastructure, Regulatory Audits

    DEUTSCHE BOERSE:
    • 2021: Compliance audit of the “B7 Buy-in Agent Platform” prior to go-live, Compliance audit and risk assessment (LeSS framework for software development), IT Operations audit
    FINANZ INFORMATIK PLUS:

    • 2024: IT audits focusing on user access management, Audits of order and billing processes, Planning, execution, and documentation of audits using standardized operational templates
    TOYOTA KREDITBANK:

    • 2024: Annual Sarbanes-Oxley (SOX) IT audit, Scope: SAP, non-SAP systems, IT operations, Creation of an audit matrix for documentation and stakeholder alignment
    IT Audit Sarbanes-Oxley Act Regulatory Compliance IT Service Management
  • Mercedes Benz Cars, Daimler Truck and Van
    IT Service Management Consulting, ISO 27001 Consulting and Audit preparation
    AUTOMOBILE
    October 2009 - December 2024 (15 years and 2 months)
    Köln, Germany
    Employment Type: Project engagement on behalf of ChallengeIT GmbH

    DAIMLER TRUCK AG:

    • 2024: Design of an ISO 27001 assessment questionnaire (Power App) for all European applications, Execution of ISO 27001 assessments, Introduction of a centralized SharePoint for application owners, Presentation of NIS2 requirements and process recommendations, Development of Power BI dashboards
    • 2009 - 2019 (multiple engagements): Design and operation of ITIL processes (Incident, Problem, Change, Release, Request, Demand), Setup of service management organizations, Reporting, ticket automation, demand and budget analysis, ISO 20000 assessments and expert reports, Outsourcing support and provider management
    IT Audit ISO 27001 Lead Auditor ITIL V4 IT Service Management
  • ChallengeIT
    IT Audit & Governance Specialist / Lead Auditor (ISO 27001 & ISO 20000) / CISA / ITIL Expert
    CONSULTING AND AUDITS
    March 2009 - December 2024 (15 years and 9 months)
    Köln, Germany
    Senior IT audit and governance specialist with long-term responsibility for planning, execution, and documentation of IT audits, compliance assessments, and ITIL process implementations across regulated and complex enterprise environments.

    Core responsibilities included:
    • IT and compliance audit preparation and execution (internal audit, ISO 27001, ISO 20000, ITGC, SOX)
    • Acting as lead auditor and subject matter expert in international audit teams
    • Design, optimization, and governance of ITIL processes across all disciplines
    • Development of risk & control frameworks, maturity models, and audit matrices
    • Creation of policies, procedures, KPIs, RACIs, and audit-ready documentation
    • Business continuity management (BCM) and business continuity plans (BCP)
    • Governance and compliance coaching for IT management and audit teams
    • Application risk profiling and control assessments across large application landscapes
    Enterprise-level ITIL expert (V2, V3, V4) with deep hands-on experience across all ITIL disciplines. Responsible for designing, implementing, governing, and auditing ITIL processes and policies in global organizations.

    Focus areas:
    • Incident, Problem, Change, Release & Request Management
    • Service Level, Event, Asset & Configuration Management
    • Capacity, Availability & Continuity Management
    • ITIL policies, procedures, operating models, and KPIs
    • Tool-supported implementations (ServiceNow, Jira, reporting platforms)
    • Audit-aligned ITIL process documentation
    Engagements covering: banking, financial services, energy, automotive, pharma, chemical industry, semiconductor industry, public sector, and KRITIS environments.
    IT Service Management IT Audit Business Continuity Management IT Governance On-the-job training

Recommendations

Be the first to recommend Jan

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • CISA
    Manufaktur IT
    2019
    Die CISA-Zertifizierung (Certified Information Systems Auditor) ist eine weltweit anerkannte Qualifikation für IT-Profis, die ihre Expertise in IT-Prüfung, -Sicherheit und -Governance nachweist und von der ISACA vergeben wird. Sie bestätigt die Fähigkeit, IT-Systeme und -Prozesse zu prüfen, zu steuern und zu überwachen, was zu vielfältigen Karrierechancen führt.
  • SCRUM for Agile Projectmanagement
    Maxpert
    2015
    Scrum ist ein agiles Framework für das Projektmanagement, das ursprünglich für die Softwareentwicklung konzipiert wurde, heute jedoch branchenübergreifend zur Bewältigung komplexer Probleme eingesetzt wird. Das Framework wird durch drei Säulen der Empirie gestützt: Transparenz, Überprüfung und Anpassung.
Check out Jan's education

Skill set

Sarbanes-Oxley Act
Risk Assessment & Mitigation
Audit simulation
Pre-Audit Coaching

Categories

  • Other