You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Michael Georg SpellerMG

Michael Georg Speller

EU Regulatory Expertise: DORA, NIS2, AIAct, CRA

€1,200/day
St. Gallen, CH
15+ years
DORA
NIS2
AIAct
CRA
Audit Defense

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Michael Georg

DORA | NIS2 | AI-Act | CRA | IT-Audit Defense | Third-Party Risk Management (TPRM) | Compliance | ISO 27001 | BSI Grundschutz | Digital Operational Resilience Testing (DORT) | SBOM Strategies | GRC | ToM | sfO | Procedures | Measures | Policies | Processes | Operations | Tender Law | IKS

1. IT Regulation & IT Compliance
Focus Areas: Holistic implementation and auditing of DORA, NIS2, AI-Act (AI Regulation), Cyber Resilience Act (CRA), Data Act, SOX IT-GC (US)
Documentation: Creation of legally compliant Policies, ToMs, Process/Service Descriptions and SLAs - BIA, BCM
Special Knowledge: Blue Guide, Machinery Regulation, IDW EPS 528, CSSF 25/881 as well as EBA/EIOPA/ESMA Guidelines

2. Audit Prep, Management & Defense (High-End)
OSI Experience: Preparation and defense of On-Site Inspections (OSI) and audits by ECB, BaFin (§44 KWG), CSSF, FINMA and BSI
Audit Support: Management of IT annual audits (JAP), Remediation/Mitigation of Findings, avoidance of fines

3. Third-Party Risk Management (TPRM) & Cloud Governance
Supply Chain Security: Management of third-party risks, value chain analysis and implementation of SBOM (xBoM) strategies
Cloud Security: Compliance audit and due diligence for outsourcing projects to AWS, Azure, Google Cloud and Salesforce
Contract Design: Support in complex outsourcing negotiations and exit strategies

4. IT Risk Management & Resilience
Methodology: ERM, IRM, BIA, BCM and establishment of reporting lines according to regulatory requirements & international standards (NIST, ISO 2700x, ITIL, COBIT)
Testing: Conception and execution of resilience tests and scenario-based risk analyses, Legal Requirements

5. Project Support & Coaching
Interim Management: Proactive compliance support for IT projects (DevSecOps) and sparring partner for project managers
Awareness: Conducting management workshops / training programs to impart legal competence requirements

  • English

    Native or bilingual

  • German

    Native or bilingual

Can work on-site
St. Gallen (up to 50km)

Experience

  • GREY APE
    Interim Advisor EU IT Regulation Compliance: #NIS2, #DORA, #CRA
    October 2023 - Today (2 years and 8 months)
    I will help you comply with regulations including but not limited to NIS2, DORA, CRA, etc., and go beyond simply rephrasing the WHAT but help you with the HOW and WHY as only informed and reasoned decisions will last in the long term
  • FREELANCER
    Independent external ICT Risk Control Function
    November 2024 - Today (1 year and 7 months)
    I serve as an independent external (interim/virtual/fractional) IT Risk & Compliance Control Function in the form of a fully outsourced service or supporting and consulting existing functions as a complementary service
  • FREELANCER
    IT Audit Preparation and Defense
    July 2023 - Today (2 years and 11 months)
    2. Documentation & evidence
    • - Ensuring complete and up-to-date documentation (e.g. guidelines, SOPs, controls)
    • - Systematic archiving of relevant emails, contracts and protocols
    • - Proof of implementation and compliance with internal and regulatory requirements

    5. Follow-up & lessons learned
    • - Review of audit results and identification of areas for optimization
    • - Development and implementation of measures to close identified gaps
    • - Documentation and sharing of findings for future audits
    • - got no LMS but Intranet? got you covered...
Check out Michael Georg's experience

Recommendations

Be the first to recommend Michael Georg

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Project Management Foundations: Schedules Implementing the NIST Risk Management Framework Project Management Simplified Certified Information Systems Auditor (CISA) Exam Business Ethics
    Project Management Foundations: Schedules Implementing the NIST Risk Management Framework Project Management Simplified Certified Information Systems Auditor (CISA) Exam Business Ethics
  • Outsourcing Software Packaging and Distribution - RfQ
    LZPD
    2004
    Outsourcing Software Packaging and Distribution - RfQ
Check out Michael Georg's education

Skill set

DOR Strategy
ICT Risk Management Framework
ICT Risk Management
Audit Prep
Audit Remediation
Contract Negotiation
Corporate Governance
Compliance
SOX
Business Continuity and Disaster Recovery
Certified Regulatory Compliance Manager
Lawyer (University Degree)
IT Governance
Technical and Operational Measures
Regulatory Compliance
Security Requirements
Supply Chain Operations
SBOM
Internal Control System
Control Measures
Legal Agreements
Service Level Management
Incident Reporting
Contract Law
Value Chain
Risk Management
Third Party Risk Management
Lecturer
Control Objectives
Risk Analysis
Gap Analysis
International Standards
Graduate Engineer
Computer Scientist
MaRisk
BAIT
VAIT
EBA Guidelines
ENISA
EIOPA
EBA
ESMA
CSIRT
Business Continuity
Digital Asset Management

Categories