Dmitrii

IT Risk & Compliance | DORA | IT Regulatory & Operational Resilience Senior Consultant

Jefferies GmbH • Full time

Mar 2025 - Present • 1 yr 2 mos

Leading Jefferies’ DORA-driven operational resilience programme by strengthening ICT risk governance, control design, and regulatory readiness across key technology and outsourcing domains. Partnering with senior stakeholders to translate regulatory requirements into pragmatic governance, reporting, and assurance processes suitable for a global investment banking environment. • Developed the Enterprise Register of Information (DORA Art. 28.3) to align with regulatory requirements. • Defined and embedded ICT Risk Appetite and tolerance levels aligned to the Global Operational Risk Framework, strengthening decision-making and risk acceptance governance. • Drove audit readiness by reviewing and re-drafting 50+ IT & Information Security policies, improving clarity, ownership, and control alignment. • Oversaw the Operational Resilience Testing Programme (including penetration testing) and tracked remediation to closure, strengthening control assurance and reducing open findings. • Aligned 10+ intra-group agreements with DORA regulatory standards. • Enhanced executive-level decision-making with an enterprise ICT Risk Dashboard featuring KPIs/KRIs.

Head of Global Project Office and Central Outsourcing Management

OWH SE I.L (form. VTB Bank Europe SE) • Full time

Nov 2019 - Jun 2024 • 4 yrs 7 mos

Reported to the COO as budget holder, leading a global team of three across Frankfurt and Moscow, and running the Global Project Office to deliver consistent governance across the project portfolio. Managed incidents and vendor exits to minimise disruption and maintain operational continuity, and led organisation-wide DORA implementation across regulatory, outsourcing, and technology governance. • Led global GPO operations to ensure delivery governance across the project portfolio, improving transparency of milestones, risks, and executive reporting (€30M total portfolio budget). • Directed procurement and outsourcing activities in line with MaRisk AT 9, EBA, and IDW 951 standards. • Strengthened protection of sensitive data and ICT services by embedding ISO 27001, ITIL, and BSI-aligned security practices into operational delivery and governance. • Maintained operational continuity and crisis responsiveness in line with MaRisk AT 7.3 / ISO 22301 / BCI, reducing disruption risk during incidents. • Enhanced corporate governance and compliance across GDPR and BDSG, clarifying accountabilities and evidence trails for audits and supervisory requests.