Michael Schwendemann - Compliance Consultant

Q: Where is Michael based?

Michael is based in Mainz, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Michael speak?

Michael speaks the following languages: German (Native), English (Advanced), Italian (Elementary) .

Q: How many years of experience does Michael have?

Michael has at least 36 years of experience. During this time, Michael has worked in at least 13 different roles and for 16 different companies . The average length of individual experience is 2 years and 2 months . Note that Michael may not have shared all experience and actually has more experience.

Q: What is Michael's latest experience?

Michael's most recent position is Compliance/TPRM setup at Haftpflichtkasse .

Q: What companies has Michael worked for in recent years?

In recent years, Michael has worked for Haftpflichtkasse , Bank-Verlag , Stuttgarter Versicherung , Zurich Insurance Europe AG , and Fondsdepotbank .

Q: Which industries is Michael most experienced in?

Michael is most experienced in industries like Banking and Finance , Information Technology , and Energy . Michael also has some experience in Insurance and Professional Services .

Q: Which business areas is Michael most experienced in?

Michael is most experienced in business areas like Information Technology , Project Management , and Finance . Michael also has some experience in Operations , Accounting , and Legal .

Q: Which industries has Michael worked in recently?

Michael has recently worked in industries like Banking and Finance , Information Technology , and Energy .

Q: Which business areas has Michael worked in recently?

Michael has recently worked in business areas like Audit , Project Management , and Information Technology .

Recommended expert

Mainz, Germany

Check rate

Experience

Jan 2026 - Present

5 months

Roßdorf, Germany

Hybrid

Compliance/TPRM setup

Haftpflichtkasse

Compliance department setup & DORA operationalization

Setup of a complete compliance organization according to DORA
Development and operationalization of SfO
Use of AI agents for automation:
Evaluation of due diligence questionnaires including risk classification
AI-supported contract analysis (DORA/MaRisk compliance)
Monitoring of external data sources (cyber incidents, news feeds)
Setup of a decentralized risk and action register
Creation of gap analyses and derivation of actions
Setup and maintenance of the outsourcing information register
Use of own TPRM frameworks, checklists and process models

Compliance department setup & DORA operationalization

Setup of a complete compliance organization according to DORA
Development and operationalization of SfO
Use of AI agents for automation:
Evaluation of due diligence questionnaires including risk classification
AI-supported contract analysis (DORA/MaRisk compliance)
Monitoring of external data sources (cyber incidents, news feeds)
Setup of a decentralized risk and action register
Creation of gap analyses and derivation of actions
Setup and maintenance of the outsourcing information register
Use of own TPRM frameworks, checklists and process models
Project controlling - presentation and structured measurement of achieved project goals within management reporting.

Sep 2024 - Jan 2026

1 year 5 months

Hybrid

Project Manager/Outsourcing Management

Bank-Verlag

Setup of outsourcing management
Creation of a new SfO strategy, policy and work instruction
Setup of the information outsourcing register and definition of critically important functions and critical providers
Creation of SLA definitions and KPIs
Setup of provider management and conducting external audits
Setup of conflict of interest register
Setup of due diligence and risk assessments
Creation of a cloud strategy and AI strategy
Setup of a data protection coordinator and creation of SfO for data protection
Conducting DPIA and data protection audits
Creation of TOMs, DPAs and maintenance of RoPA and RoPA-DPA

Sep 2024 - Dec 2024

4 months

Stuttgarter Versicherung

Creation of the information register
Contract extensions and definition of critically important functions and providers
Creation of strategy, policy and process description for third-party provider management
Implementation of third-party provider management
Setup of risk assessment processes and due diligence process
Role description 'third-party provider manager'
Contract reviews and additions of minimum contract content according to DORA
Creation of exit planning and exit strategy
Handling ICT incidents

Nov 2023 - May 2024

7 months

Compliance Consultant

Zurich Insurance Europe AG

Consulting on the setup of the property insurer in compliance with and implementation of VAIT/DORA requirements
Conducting a gap analysis and complete creation of the SfO
Creation of guidelines/policies for all areas of VAIT/DORA
Preparation for determining the information network
Creation of policies for IAM, information risk management, information security management and IDV
Creation of strategy, governance and policies for critical infrastructure as well as outsourcing of IT services and third-party provider management
Contract adjustments for outsourcing
Setup of risk reporting and control and/or mitigation of risks
Creation of IT emergency management and BCM policies with work instructions and process descriptions
Professional support in the setup of Artemeon as a central information register
Initial review of the outsourcing register and checking the completeness of the contract database with initial assessment
Implementation of a tool to record processes in outsourcing management
Creation of the information register, risk assessment and analysis as well as due diligence
Implementation of the SfO in the area of outsourcing provider management

Oct 2022 - Oct 2023

1 year 1 month

Project Lead, IAM Architect

Fondsdepotbank

Implementation and restart of an IAM software (ORG by FSP) with project monitoring and control (10 employees)
Stakeholder management at the C-level and creation of the implementation strategy
Creation of a new document framework and active implementation as a business analyst in the areas of IT emergency management, outsourcing of IT services, contract management and risk evaluation as well as information risk management
Definition of the information network and setup of the IDV process
Contract negotiations and tenders
Professional support for the setup of a central asset register in ServiceNow
Optimization and update of BCM due to DORA
Information security management, critical infrastructures, protection needs analysis, IT inventory, IT operations and operational information security
Coordination of technical implementation taking dependencies into account

Jan 2022 - Sep 2022

9 months

Business Analyst

ING Diba AG

Support with the migration to One Identity
Data migration from ServiceNow and Ramon to One Identity
Setting up roles and individual permissions
Support with HPU accounts and setting up IKS as well as monitoring in the area of IAM and IT operations

Dec 2021 - Mar 2022

4 months

Annual Financial Statement Auditor

PWC

Performing audit procedures as part of the annual financial statement
Auditing in the areas of IT strategy, IT governance, information risk management and information security management
Auditing operational information security, identity and access management as well as IT projects and application development
Auditing IT operations, outsourcing management, third-party sourcing and IDP

Oct 2021 - Oct 2024

3 years 1 month

Business Analyst

FI-TS

Supporting the completion of internal controls as part of the ECB program and updating the SfO to new processes and guidelines
Defining and aligning KPI reporting with stakeholders
Optimizing and documenting the access management processes as well as reviewing and updating the access management concepts
Controlling the completeness of connected components and their documentation as well as the integration in Garancy
Controlling SOD conflicts and monitoring the exception and documentation process for SOD conflicts
Supporting the introduction of new SOD requirements into the FI-TS structure based on industry association recommendations
Supporting external audits and special tasks
Implementing Garancy and integrating as well as extending the ITAB tool (LUY) into the access management processes
Supporting and preparing audits (WP, §44 KWG, internal audit, PS951, TÜV and data protection audits)
Implementing findings from the above audits

Apr 2021 - May 2021

2 months

Project Manager

International law firm Hengeler & Müller

Feasibility study for introducing an access management system
Creating the RfP and analyzing the role model to be implemented (RBAC or ABAC)
Deciding on ABAC

Nov 2020 - Mar 2021

5 months

IT Auditor for banks in Frankfurt

PWC

Performing audit procedures as part of the annual financial statement
Auditing in the areas of IT strategy, IT governance, information risk management and information security management
Auditing operational information security, identity and access management, as well as IT projects and application development
Auditing IT operations, outsourcing management, third-party sourcing and IDP

Jan 2020 - Sep 2021

1 year 9 months

Business Analyst

EEX Leipzig

Specification and implementation of a custom IAM solution in compliance with regulatory and supervisory requirements and with a high level of automation
Review and adjustment of authorization concepts for all relevant applications according to supervisory requirements (role model)
Implementation of an RBAC role model
Creation of guidelines for SoD and introduction of a monitoring process for SoD violations as well as establishment of processes to remediate or accept SoD violations
Agile project management using Scrum and Kanban
Updating the audit process and the SfO
Optimization and support of recertification, ordering, JML and SoD processes
Implementation, secure operation and continuous development of the IAM services
Integration of applications into the IAM landscape
Design, implementation and operation of interfaces to other systems
Identifying optimization needs regarding regulatory requirements and developing solution options for continuous improvement
Definition and implementation of the operating model with service providers
Basic work for the introduction of One Identity and data transfer from the legacy system
Assisting internal and external auditors during audits
Creation of the protection requirements analysis and BIA as well as deriving further resilience measures

Dec 2018 - Dec 2019

1 year 1 month

Stuttgart, Germany

Business Analyst / Sub-Project Lead

LBBW

Building a new authorization management system with the Garancy platform in the "Authorization Management IAM" project
Creating functional specifications for role and IT profile creation and customizing them
Definition of the enterprise role and preparation for the rollout of ER (modified RBAC-ABAC role model, variable decision matrix)
Specification of the "Joiner, Mover, Leaver" process and setup of the ordering process
Creation and quality assurance of authorization concepts
Establishment of a segregation of duties (SoD) check and resolution of SoD conflicts
Support in the area of recertifications
Data analysis of directory services to be integrated and analysis of connecting OSPlus, Kondor, LDAP, Profis, IDV, OU and project drives
Support with system integration and test execution
Analysis of ECB findings and development of an implementation plan to remediate the findings
Support for preparation for the ECB audit

Feb 2018 - Nov 2018

10 months

Bonn, Germany

IT Architect Treasury

Postbank System

Developing the new IT architecture for ES Treasury as part of Postbank's integration into the Deutsche Bank Group
Focus on architecture in ALM and issuance

Mar 2015 - Jan 2018

2 years 11 months

Frankfurt, Germany

Sub-Project Lead / Deputy Project Manager

DZBANK

Project for migrating credit card accounts from the former WGZ to DZBANK Frankfurt
Establishing risk management and dependency management for the migration project
Establishing the role of communications manager within the organization
Support in test management (Silk and Jira) and deputy project management
Contributing to migration concepts for SAP-BCA, SAP-CML, SAP-CMS, SAP-CYT and SAP-BP master data migration
Business definition of enhancement requirements in SAP-CYT
Conducting tests and go-live activities
Stakeholder management and preparation of steering committees
Part of the migration team: managing all tasks in the migration cockpit with a focus on SAP applications
Test manager: establishing and executing all test activities and reporting to the project lead

Jan 2000 - Dec 2015

16 years

Project Manager / Multi-Project Manager / Scrum Master

Deka Bank

Preparation of project proposals, project plans, project management, requirements and procurement management, as well as integration management
Budget requests and control, status reporting, resource management, process analysis, communication and stakeholder management
Dependency and risk management, implementation of regulatory requirements, and workshop facilitation
Methods used: Scrum and agile methodologies
Participation in projects for EMIR, Dodd-Frank, MiFID, MiFIR, FATCA, BCBS239, CRR, MaRisk, LQR, CRS, OPR, market risk, FX risk, stress testing, money market statistics, authorization concept, and other regulatory requirements
Introduction of a DWH, new payment system PTS, internet FX trading platform, new general and sub-ledger
Implementation of an automated margin hedge process integrating SAP-CML, SAP-CMS, and SAP-BCA
Implementation of SEPA requirements, customizing and integration of UBIX
Introduction of the new Covered Bond legislation, FX management, and lean management
Setup of new accounting and liquidity management integrating all SAP applications and Front Arena
Profit and loss calculation, risk management
Establishing internal control system (ICS) and KPIs, control handbook, training, and maturity assessment
Back-office/payment processing, fixing transactions, retail operations, reporting and integration with trading venues
Liaison with external auditors, BaFin and ECB
Implementation of an IAM management system (Omada Identity Suite) with requirements management, role concepts, functional specifications, considering regulatory requirements
Implementation concept, SoD, reconciliation, conflict resolution, and support for external audits
Support for process changes, application integration, workshops, and creation of an article catalog in OIS
Setup of requirements management (change requests) and support in creating authorization concepts
IT project management: directing rollouts and implementing optimization measures

Jan 1998 - Dec 2000

3 years

Business Analyst

DVG

Specialist concept for determining the requirements from the 6th KWG amendment in conjunction with the Berger & Schier application

Jan 1990 - Dec 1998

9 years

COO; CIO; Overall Program Manager; Head of Finance and Accounting

Banco di Napoli

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Banking and Finance, Information Technology, Energy, Insurance, and Professional Services.

Banking and Finance

Information Technology

Energy

Insurance

Professional Services

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Project Management, Finance, Operations, Accounting, and Legal.

Information Technology

Project Management

Finance

Operations

Accounting

Legal

Summary

I have spent years building and refining compliance strategies across financial and insurance sectors. My work involves developing outsourcing management and risk assessment processes, creating strategic guidelines for IT security and data protection, and designing IT architectures that meet regulatory demands.

I combine deep technical knowledge with practical project management experience to deliver robust systems for managing third-party risks, IAM, and audit reviews. I continuously drive improvements in regulatory compliance through clear policies and efficient process designs, ensuring reliable and secure operations.

Skills

Enterprise Project Manager; Multi-Project Manager; Project Manager; It Project Manager; Business Analyst; It Architect; Annual Financial Statement Auditor; It Auditor; Test Manager; Scrum Master
Financial Accounting; Year-End Closing (Proficient)
Securities Trading; Securities Settlement; Treasury
Regulatory Requirements; Supervisory Law; Marisk; Bait; Bsi; Psd2; Iso 20022; Iso 27001; Isae; Ps951
Access Management (Iam And Pam); Sod Processes; Authorization Concepts; Segregation Of Duties (Sod) And Sod Conflict Management
Wealth Management; Fx Risk Management; Interest Rate Risk; Market Risk; Stress Testing; Operational Risks; Liquidity Risk
Bcm; It Emergency Management; Liquidity Management
Outsourcing Management; Third-Party Provider Management; Outsourcing And Third-Party Registry; Provider Management; Setup And Operation Of Payment Systems
Data Protection; Dpia; Data Protection Audits; Toms; Dpas; Maintenance And Management Of Records Of Processing Activities (Ropa/Ropa-Dpa)
Rollout Planning; Central Coordination Of It Projects; It Project Management; Setup Of An Internal Control System (Ics); Development And Optimization Of Control Manuals And Control Matrices; Kpi Definition And Reporting
Business Process Analysis; Requirements Analysis; Business Analysis And Project Management; Creation Of Project Plans; Npp Processes
Annual Financial Statement Auditor; It Auditor; Support For Audits (E.G. Statutory Auditors, §44 Kwg, Internal Audit, Ps951, TÜV, Data Protection Audits); Implementation Of Audit Findings
Cyt; Compliance; Tenders; Contract Management; Contract Reviews; Creation Of Sla Definitions; Kpis; Exit Planning And Exit Strategy
Information Security Management; Information Risk Management; Critical Infrastructures; Protection Needs Analysis; It Inventory; It Operations; Operational Information Security
Iam Architecture; Implementation And Operation Of Iam Solutions (E.G. Garancy, One Identity, Omada Identity Suite, Org By Fsp); Integration Of Applications Into Iam Landscapes
Definition And Implementation Of Role Models (Rbac, Abac); Enterprise Roles; Joiner-Mover-Leaver Processes; Recertification Processes; Provisioning Processes; J-M-L Processes
Setup And Operation Of Asset And Information Registers; Information Network; Idv Processes; Monitoring And Reporting
Setup Of Risk Reporting And Risk Management As Well As Mitigation
Support In The Implementation Of Dwhs, Payment Systems, Fx Platforms, General And Subsidiary Ledgers, Margin Hedge Processes
Goal Orientation
Team Orientation
Promoting Motivation

Languages

German

Native

English

Advanced

Italian

Elementary

Education

Business Administration · Rendsburg, Germany

Apprenticeship as bank clerk · Bank clerk · Rüsselsheim, Germany

Certifications & licenses

BAIT

BSI

ISAE

ISO 20022

ISO27001

MaRisk

PS951

Statistics

Experience

Total positions 17

Experience in Banking and Finance 36 y

Avg length 2 y 5 m

Longest experience 15 y 11 m

Global Experience

Countries worked in 1 (Germany)

Primary country Germany

Expertise

Recent roles Compliance/TPRM setup, Project Manager/Outsourcing Management, Compliance Consultant

Main industries Banking and Finance, Information Technology, Energy

Main business areas Information Technology, Project Management, Finance

Qualifications

Certifications earned 7

Profile

Created

May 2025

Last Update

May 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Have questions? Find more information here.

Where is Michael based?

Michael is based in Mainz, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Michael speak?

Michael speaks the following languages: German (Native), English (Advanced), Italian (Elementary).

How many years of experience does Michael have?

Michael has at least 36 years of experience. During this time, Michael has worked in at least 13 different roles and for 16 different companies. The average length of individual experience is 2 years and 2 months. Note that Michael may not have shared all experience and actually has more experience.

What roles would Michael be best suited for?

Based on recent experience, Michael would be well-suited for roles such as: Compliance/TPRM setup, Project Manager/Outsourcing Management, Compliance Consultant.

What is Michael's latest experience?

Michael's most recent position is Compliance/TPRM setup at Haftpflichtkasse.

What companies has Michael worked for in recent years?

In recent years, Michael has worked for Haftpflichtkasse, Bank-Verlag, Stuttgarter Versicherung, Zurich Insurance Europe AG, and Fondsdepotbank.

Which industries is Michael most experienced in?

Michael is most experienced in industries like Banking and Finance, Information Technology, and Energy. Michael also has some experience in Insurance and Professional Services.

Which business areas is Michael most experienced in?

Michael is most experienced in business areas like Information Technology, Project Management, and Finance. Michael also has some experience in Operations, Accounting, and Legal.

Which industries has Michael worked in recently?

Michael has recently worked in industries like Banking and Finance, Information Technology, and Energy.

Which business areas has Michael worked in recently?

Michael has recently worked in business areas like Audit, Project Management, and Information Technology.

What is Michael's education?

Michael attended education in Business Administration.

Does Michael have any certificates?

Michael has 7 certificates. Among them, these include: BAIT, BSI, and ISAE.

What is the availability of Michael?

Michael will be available full-time from May 2026.

What is the rate of Michael?

Michael's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.