Résumé Helmut Kaufmann

Personal Details

Austrian citizen (born 1967), holding a permanent C EU/EFTA permit for Switzerland. Ph.D. and M.Sc. in Computer Science (ETH) and Certified in Risk and Information Systems Control (ISACA). Native German speaker, full English professional proficiency, basic French language skills.

Professional Profile

C-level manager with wide-ranging experience in risk management within financial services organizations.

Extensive professional background in Technology and (Out)Sourcing Risk Management, Cyber and Information Security, and Data Protection as well as Data Centre Operations in local and complex global operating environments.

Enabler for the C-level to effectively and efficiently meet Board-level and shareholder expectations and remain within risk appetite by proactively identifying and addressing challenges and emerging risks. Proven history of designing simple yet cost-effective measures that fully meet the ever-growing landscape of legal and regulatory requirements.

Pofessional Objective

An executive management opportunity calling for hands-on leadership in close collaboration with the business lines.

Personality

  • Analytical in reviewing challenges and risks, strategic in defining approaches, focused in planning and persistent in implementation by directing teams and developing people.
  • Listening to stakeholders and getting the best out of each person for the benefit of the company.
  • Acting with integrity, driving critical but loyal interactions with all decision-making levels for the benefit of the company.
  • Appreciative of opportunities to resolve long-standing challenges and address risk on unfamiliar grounds, employing the ability to rapidly pick up required knowledge.
  • Cognizant of budgeting requirements (up to 100 mCHF annually).

Key Achievements

Established Risk Management for the World’s First Digital Asset Bank

Established risk management for a newly founded, Swiss-regulated financial services organization in the remit of digital ledger technology (DLT). This included policies, procedures, risk appetite statements, risk and control assessments, assurance, operational loss event management, and recurring reporting to senior management, the Board of Directors as well as the Swiss regulator.

Streamlined IT Risk and Control Management

Reduced number of key controls and associated assurance overhead by 60% while addressing a broader risk landscape of a historically-grown, global IT environment. Defined company-wide “IT Risk Appetite”, enabling effective prioritisation of global risk remediation activities. Streamlined “IT Risk Remediation” portfolio oversight, ensuring key risk are consistently addressed in time and budget.

Cost-Effective and Compliant Sourcing Risk Management

Established sourcing risk management framework in response to continuously evolving legal and regulatory requirements, especially risks in the cloud. Enabled management to reduce cost and increase quality through intra-group and external sourcing arrangements while adequately addressing risks in compliance with legal/regulatory requirements across the full sourcing life cycle. Streamlined processes and contract templates by 30% in size allowing for compressed outsourcing timelines.

Resilient Business Critical Systems

Identifiedsystems truly critical to the survival of a global financial organisation during extreme events, such as the financial crisis. Reducing initial number of systems by 80%, enabling management to drive and fund targeted programs and reduce expenditure for non-critical systems.

Effective Client Data Confidentiality and Privacy

Following a large-scale confidentiality breach, implemented technical and organizational security measures, enabling the institution to comply with Swiss banking secrecy regulations and confidentiality/privacy laws in line with client and shareholder expectations.

Increased Operational Stability

Re-engineeredIT Change Management processes and operating model, reducing outages after large changes, and increasing operational stability. Reduced operational spend by centralizing large-scale test environments.

Regulatory Compliance

As task force manager, drove documentation and assessment of the IT control environment, ensuring day one compliance with the Sarbanes Oxley Act across a large-scale IT organization. Subsequently, cut down overhead by 50%.

Employment History

Sygnum Bank AG

Risk & Compliance Management
2019 - 2021

Chief Risk Officer, Member of the Group Executive Board

Accountabilities

Enabled the organization to effectively manage its risks through implementation of an efficient risk management framework meeting regulatory expectations; as a second line function, independently identified, analysed, evaluated, managed and monitored strategic, operational, financial and reputational risks across the organization; managed interactions with internal and external auditors for non-financial audit matters; lead team of risk management specialists; member of the Business Acceptance Committee for client relationships with increased risks; active member of Sygnum’s Group Executive Board as well as the Audit & Risk Committee.

Achievements
  • Established the organisation’s risk management function.
  • In a very limited timeframe, successfully defined and introduced the organisation’s inaugural risk management framework, including guidelines, lean processes and tools for structed risk management and reporting in line with the respective regulatory requirements and a pre-requisite for obtaining the Swiss banking license.
  • Leveraged expertise from previous professional assignments for the immediate benefit of the organization, e.g., streamlined policies in the areas of business continuity management, significant outsourcing arrangements incl. assurance, information security, acceptable use and lean policy management in financial organizations subject to regulatory supervision and consolidation.
  • In close collaboration with the General Counsel, introduced standardized contracts for external service/software development arrangements, adequately addressing risk as well as Swiss banking secrecy, data privacy, confidentiality and intellectual property requirements.
  • Acted as the Chief Compliance Officer ad interim.

UBS Business Solutions AG

Group Technology
2016 - 2019

Program Manager “Technology Risk Management”

Accountabilities

Manage group-wide risk remediation program; lead team of risk, project and portfolio management specialists; active member of the Group Technology Risk Committee;manage program budget

Achievements
  • Inaugurated Technology's initial Risk Appetite Statement, enabling management to focus on material risks and providing targeted remediation investments.
  • Introduced scalable and cost-efficient approach to identify and document Technology’s historically grown control environment, reducing number of key controls by 60% while broadening landscape of covered risks.
  • Established “Continuous Control Monitoring”, furnishing management and stakeholders a timely view on the effectiveness of the control environment and allowing for pro-active remediation of emerging defects.
  • Improved global risk remediation portfolio oversight, ensuring programs continuously deliver on agreed risk reduction targets on time and in budget.

Zurich Insurance Company

Group Risk Management and Group Operations
2013 - 2016

Group Risk Officer Sourcing and Procurement

Accountabilities

Lead Group’s Sourcing Risk Management function; conduct risk assessments on the Group's strategy, large scale programs and sourcing arrangements with global impact; Risk Business Partner to Group functions including Operations as well as Legal & Compliance; active member of functional leadership teams, including the Group Chief Risk Officer’s Risk Management Leadership Team.

Achievements
  • Implemented unparalleled approach to identify, assess and manage sourcing/procurement risks, covering the significant risks across the full sourcing life cycle. Reduced contract templates by 30% in size, allowing for condensed outsourcing timelines while better addressing relevant risks.
  • Established Group’s Sourcing Risk Management function and built required capabilities, ensuring compliance with laws and regulations, such as FINMA’s Outsourcing Circular, EU’s Solvency II or GDPR.
  • Substantially reduced Solvency Capital Requirements (SCR) through improved management of sourcing risk.

Credit Suisse AG

Information Technology
2010 - 2013

Program Manager “Business Critical Systems”

Accountabilities

Manage group-wide risk remediation program; advise senior management on regulatory matters; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Group Executive Board, identifiedthe systems truly critical to the survival of the company during extreme events, such as the financial crisis, reducing initial number of systems by 80%.
  • Provided clarity regarding the current resilience capabilities of business critical systems, enabling senior IT and business executives to set remediation priorities and reduce unnecessary spend for non-critical systems.

Credit Suisse AG

Information Technology
2008 - 2010

Program Manager “Client Data Confidentiality”

Accountabilities

Manage region-wide risk remediation programs; advise senior IT management on regulatory matters and lead in responding to significant regulatory audits and inquiries; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Swiss Executive Board, designed and executed confidentiality assessments, comprehensively articulating the organization’s client confidentiality capabilities (people, processes and tools) and identifying areas of heightened risk requiring management attention.
  • Defined prioritised improvement measures and drove initial remediation programs, ensuring client data is protected in line with client expectations, the board’s risk appetite as well as legal and regulatory requirements.

Credit Suisse AG

Information Technology
2006 - 2008

Head IT Risk Private Banking and Regions Switzerland, Europe, Middle East & Africa

Accountabilities

Provide day-to-day Technology Risk Management services; Risk Business Partner to divisional and regional CIOs and active member of the respective executive management committees; lead teams across hierarchies; manage cost centre budget.

Achievements
  • Transformed a traditional “Information Security” function into a “Technology Risk Management” organisation, providing IT and divisional management with a 360 degree risk view.
  • Standardised IT risk and control assessments across the global organisation based on industry standards, allowing for increase assessment coverage due to reduced assessment timelines.
  • Changed the corporate risk culture, establishing risk as a value-adding activity on senior IT management’s agenda by positioning it as a business opportunity.

Lucerne University of Applied Sciences and Arts

2007 - today

Lecturer / Member of the board of “The School of Business” and “Institute of Business Information Management”

Accountabilities

Advise on strategy and curricula; lecture on “Information Security” and “Cultural Diversity”.

Achievements

Shaped the university’s curriculum and research focus, ensuring the institution fulfils its mandate as a University of AppliedSciences and Arts.

Credit Suisse AG

Information Technology
2004 - 2006

Project Manager “Sarbanes-Oxley”

Accountabilities

Lead Sarbanes-Oxley implementation task force; advise senior management on regulatory matters; lead team of subject matter experts and administrators; manage task force/project and cost centre budgets.

Achievements
  • On behalf of the CIO for Private Banking and Region Switzerland, rapidly mobilized and completed Sarbanes-Oxley Task Force, identifying and documenting the majority of relevant controls within a three week timeframe.
  • Operationalized lean “business as usual organization”, ensuring control defects are timely identified and remediated. For defects with a potentially material impact, defined implementation approach and obtained buy-in from internal and external stakeholders (including external audit), allowing for first year compliance with the Act.
  • Substantially contributed to the review of the SOX control objectives, resulting in a significant overhead cutback within IT.

Credit Suisse AG

Information Technology
2001 - 2004

Head IT Change Management

Accountabilities
  • Provide day-to-day IT Change Management services; active member of the Swiss Data Centre Management Executive Team; lead teams across hierarchies; manage cost centre budget.
Achievements
  • Introduced stringent IT Change Management process across the Swiss Data Centre, optimizing the number of annual release cycles and enforcing stricter testing of changes. This substantially reduced service outages and increased operational stability.
  • Defined and rigorously enforced rules for “emergency change procedures”, providing a key element for regulatory compliance with the “segregation of duties” requirements.
  • Consolidated central test environments, improving error detection rates and reducing operating expenses (headcount and investments).

UBS AG

Information Technology
1996 - 2001

Information Systems Specialist

Accountabilities

Develop IT architectures and operational standards; conduct architecture reviews; lead team of domain experts.

Achievements
  • Defined runtime architectures for UBS’ proprietary CORBA implementation, enabling a straightforward development of scalable solutions.
  • During SBG/SBV merger, developed the “Technical Architecture Blueprint”, subsequently implemented as part of the “Strategic Solutions Program”.
  • Defined and rolled out “Operability Standards”, ensuring introduced applications are fit for data centre operations.
  • Optimised processes based on ITIL, improving operational effectiveness and efficiency.

ETH Zurich

Department of Computer Science
1994 - 1996

Head Studies Administration

Accountabilities

Provide administrative services to students and faculty, such as admissions and appeals; supervise one administrative staff.

ETH Zurich

Institute for Information Systems – Database Research Group
1991 - 1996

Reasearch Assistant

Accountabilities

Conduct research on multimedia database systems; participate in teaching activities, such as lectures, exercises and industry courses.

Chief Risk Officer, Member of the Group Executive Board

Sygnum Bank AG, Risk & Compliance Management
2019 - 2021

Accountabilities

Enabled the organization to effectively manage its risks through implementation of an efficient risk management framework meeting regulatory expectations; as a second line function, independently identified, analysed, evaluated, managed and monitored strategic, operational, financial and reputational risks across the organization; managed interactions with internal and external auditors for non-financial audit matters; lead team of risk management specialists; member of the Business Acceptance Committee for client relationships with increased risks; active member of Sygnum’s Group Executive Board as well as the Audit & Risk Committee.

Achievements
  • Established the organisation’s risk management function.
  • In a very limited timeframe, successfully defined and introduced the organisation’s inaugural risk management framework, including guidelines, lean processes and tools for structed risk management and reporting in line with the respective regulatory requirements and a pre-requisite for obtaining the Swiss banking license.
  • Leveraged expertise from previous professional assignments for the immediate benefit of the organization, e.g., streamlined policies in the areas of business continuity management, significant outsourcing arrangements incl. assurance, information security, acceptable use and lean policy management in financial organizations subject to regulatory supervision and consolidation.
  • In close collaboration with the General Counsel, introduced standardized contracts for external service/software development arrangements, adequately addressing risk as well as Swiss banking secrecy, data privacy, confidentiality and intellectual property requirements.
  • Acted as the Chief Compliance Officer ad interim.

Program Manager “Technology Risk Management”

UBS Business Solutions AG, Group Technology
2016 - 2019

Accountabilities

Manage group-wide risk remediation program; lead team of risk, project and portfolio management specialists; active member of the Group Technology Risk Committee;manage program budget

Achievements
  • Inaugurated Technology's initial Risk Appetite Statement, enabling management to focus on material risks and providing targeted remediation investments.
  • Introduced scalable and cost-efficient approach to identify and document Technology’s historically grown control environment, reducing number of key controls by 60% while broadening landscape of covered risks.
  • Established “Continuous Control Monitoring”, furnishing management and stakeholders a timely view on the effectiveness of the control environment and allowing for pro-active remediation of emerging defects.
  • Improved global risk remediation portfolio oversight, ensuring programs continuously deliver on agreed risk reduction targets on time and in budget.

Group Risk Officer Sourcing and Procurement

Zurich Insurance Company, Group Risk Management and Group Operations
2013 - 2016

Accountabilities

Lead Group’s Sourcing Risk Management function; conduct risk assessments on the Group's strategy, large scale programs and sourcing arrangements with global impact; Risk Business Partner to Group functions including Operations as well as Legal & Compliance; active member of functional leadership teams, including the Group Chief Risk Officer’s Risk Management Leadership Team.

Achievements
  • Implemented unparalleled approach to identify, assess and manage sourcing/procurement risks, covering the significant risks across the full sourcing life cycle. Reduced contract templates by 30% in size, allowing for condensed outsourcing timelines while better addressing relevant risks.
  • Established Group’s Sourcing Risk Management function and built required capabilities, ensuring compliance with laws and regulations, such as FINMA’s Outsourcing Circular, EU’s Solvency II or GDPR.
  • Substantially reduced Solvency Capital Requirements (SCR) through improved management of sourcing risk.

Program Manager “Business Critical Systems”

Credit Suisse AG, Information Technology
2010 - 2013

Accountabilities

Manage group-wide risk remediation program; advise senior management on regulatory matters; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Group Executive Board, identifiedthe systems truly critical to the survival of the company during extreme events, such as the financial crisis, reducing initial number of systems by 80%.
  • Provided clarity regarding the current resilience capabilities of business critical systems, enabling senior IT and business executives to set remediation priorities and reduce unnecessary spend for non-critical systems.

Program Manager “Client Data Confidentiality”

Credit Suisse AG, Information Technology
2008 - 2010

Accountabilities

Manage region-wide risk remediation programs; advise senior IT management on regulatory matters and lead in responding to significant regulatory audits and inquiries; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Swiss Executive Board, designed and executed confidentiality assessments, comprehensively articulating the organization’s client confidentiality capabilities (people, processes and tools) and identifying areas of heightened risk requiring management attention.
  • Defined prioritised improvement measures and drove initial remediation programs, ensuring client data is protected in line with client expectations, the board’s risk appetite as well as legal and regulatory requirements.

Head IT Risk Private Banking and Regions Switzerland, Europe, Middle East & Africa

Credit Suisse AG, Information Technology
2006 - 2008

Accountabilities

Provide day-to-day Technology Risk Management services; Risk Business Partner to divisional and regional CIOs and active member of the respective executive management committees; lead teams across hierarchies; manage cost centre budget.

Achievements
  • Transformed a traditional “Information Security” function into a “Technology Risk Management” organisation, providing IT and divisional management with a 360 degree risk view.
  • Standardised IT risk and control assessments across the global organisation based on industry standards, allowing for increase assessment coverage due to reduced assessment timelines.
  • Changed the corporate risk culture, establishing risk as a value-adding activity on senior IT management’s agenda by positioning it as a business opportunity.

Lecturer / Member of the board of “The School of Business” and “Institute of Business Information Management”

Lucerne University of Applied Sciences and Arts
2007 - today

Accountabilities

Advise on strategy and curricula; lecture on “Information Security” and “Cultural Diversity”.

Achievements

Shaped the university’s curriculum and research focus, ensuring the institution fulfils its mandate as a University of AppliedSciences and Arts.


Project Manager “Sarbanes-Oxley”

Credit Suisse AG, Information Technology
2004 - 2006

Accountabilities

Lead Sarbanes-Oxley implementation task force; advise senior management on regulatory matters; lead team of subject matter experts and administrators; manage task force/project and cost centre budgets.

Achievements
  • On behalf of the CIO for Private Banking and Region Switzerland, rapidly mobilized and completed Sarbanes-Oxley Task Force, identifying and documenting the majority of relevant controls within a three week timeframe.
  • Operationalized lean “business as usual organization”, ensuring control defects are timely identified and remediated. For defects with a potentially material impact, defined implementation approach and obtained buy-in from internal and external stakeholders (including external audit), allowing for first year compliance with the Act.
  • Substantially contributed to the review of the SOX control objectives, resulting in a significant overhead cutback within IT.

Head IT Change Management

Credit Suisse AG, Information Technology
2001 - 2004

Accountabilities
  • Provide day-to-day IT Change Management services; active member of the Swiss Data Centre Management Executive Team; lead teams across hierarchies; manage cost centre budget.
Achievements
  • Introduced stringent IT Change Management process across the Swiss Data Centre, optimizing the number of annual release cycles and enforcing stricter testing of changes. This substantially reduced service outages and increased operational stability.
  • Defined and rigorously enforced rules for “emergency change procedures”, providing a key element for regulatory compliance with the “segregation of duties” requirements.
  • Consolidated central test environments, improving error detection rates and reducing operating expenses (headcount and investments).

Information Systems Specialist

UBS AG, Information Technology
1996 - 2001

Accountabilities

Develop IT architectures and operational standards; conduct architecture reviews; lead team of domain experts.

Achievements
  • Defined runtime architectures for UBS’ proprietary CORBA implementation, enabling a straightforward development of scalable solutions.
  • During SBG/SBV merger, developed the “Technical Architecture Blueprint”, subsequently implemented as part of the “Strategic Solutions Program”.
  • Defined and rolled out “Operability Standards”, ensuring introduced applications are fit for data centre operations.
  • Optimised processes based on ITIL, improving operational effectiveness and efficiency.

Head Studies Administration

ETH Zurich, Department of Computer Science
1994 - 1996

Accountabilities

Provide administrative services to students and faculty, such as admissions and appeals; supervise one administrative staff.


Reasearch Assistant

ETH Zurich, Institute for Information Systems – Database Research Group
1991 - 1996

Accountabilities

Conduct research on multimedia database systems; participate in teaching activities, such as lectures, exercises and industry courses.

Qualifications                     

Certified in Risk and Information Systems Control (CRISC) earned at the Information Systems Audit and Control Association (ISACA).

Dr. sc. techn. earned at the Swiss Federal Institute of Technology (ETH Zurich): Dissertation in the area of transaction-oriented management and retrieval of full text documents in multi-processor database environments.

Dipl.-Inf. Ing. earned at the Swiss Federal Institute of Technology (ETH Zurich): Master in computer science with major in information systems and numerical mathematics.

Professional Trainings

  • Mastering Technology Enterprises (IMD Lausanne)
  • Lean Sigma Black Belt (Credit Suisse Business School)
  • Senior Leadership Training (IMD Lausanne and UBS University)
  • Mastering Service Excellence (Zurich and Thunderbird School of Global Management)
  • RIVA Insurance Simulation (Zurich)
  • PRINCE2 Practitioner

Contact

Krähbüel 6, 6403 Küssnacht am Rigi, Switzerland, helmut.l.kaufmann@gmail.com, +41 78 832 53 50.

Résumé Helmut Kaufmann

Personal Details

Austrian citizen (born 1967), holding a permanent C EU/EFTA permit for Switzerland. Ph.D. and M.Sc. in Computer Science (ETH) and Certified in Risk and Information Systems Control (ISACA). Native German speaker, full English professional proficiency, basic French language skills.

Professional Profile

C-level manager with wide-ranging experience in risk management within financial services organizations.

Extensive professional background in Technology and (Out)Sourcing Risk Management, Cyber and Information Security, and Data Protection as well as Data Centre Operations in local and complex global operating environments.

Enabler for the C-level to effectively and efficiently meet Board-level and shareholder expectations and remain within risk appetite by proactively identifying and addressing challenges and emerging risks. Proven history of designing simple yet cost-effective measures that fully meet the ever-growing landscape of legal and regulatory requirements.

Pofessional Objective

An executive management opportunity calling for hands-on leadership in close collaboration with the business lines.

Personality

  • Analytical in reviewing challenges and risks, strategic in defining approaches, focused in planning and persistent in implementation by directing teams and developing people.
  • Listening to stakeholders and getting the best out of each person for the benefit of the company.
  • Acting with integrity, driving critical but loyal interactions with all decision-making levels for the benefit of the company.
  • Appreciative of opportunities to resolve long-standing challenges and address risk on unfamiliar grounds, employing the ability to rapidly pick up required knowledge.
  • Cognizant of budgeting requirements (up to 100 mCHF annually).

Key Achievements

Established Risk Management for the World’s First Digital Asset Bank

Established risk management for a newly founded, Swiss-regulated financial services organization in the remit of digital ledger technology (DLT). This included policies, procedures, risk appetite statements, risk and control assessments, assurance, operational loss event management, and recurring reporting to senior management, the Board of Directors as well as the Swiss regulator.

Streamlined IT Risk and Control Management

Reduced number of key controls and associated assurance overhead by 60% while addressing a broader risk landscape of a historically-grown, global IT environment. Defined company-wide “IT Risk Appetite”, enabling effective prioritisation of global risk remediation activities. Streamlined “IT Risk Remediation” portfolio oversight, ensuring key risk are consistently addressed in time and budget.

Cost-Effective and Compliant Sourcing Risk Management

Established sourcing risk management framework in response to continuously evolving legal and regulatory requirements, especially risks in the cloud. Enabled management to reduce cost and increase quality through intra-group and external sourcing arrangements while adequately addressing risks in compliance with legal/regulatory requirements across the full sourcing life cycle. Streamlined processes and contract templates by 30% in size allowing for compressed outsourcing timelines.

Resilient Business Critical Systems

Identifiedsystems truly critical to the survival of a global financial organisation during extreme events, such as the financial crisis. Reducing initial number of systems by 80%, enabling management to drive and fund targeted programs and reduce expenditure for non-critical systems.

Effective Client Data Confidentiality and Privacy

Following a large-scale confidentiality breach, implemented technical and organizational security measures, enabling the institution to comply with Swiss banking secrecy regulations and confidentiality/privacy laws in line with client and shareholder expectations.

Increased Operational Stability

Re-engineeredIT Change Management processes and operating model, reducing outages after large changes, and increasing operational stability. Reduced operational spend by centralizing large-scale test environments.

Regulatory Compliance

As task force manager, drove documentation and assessment of the IT control environment, ensuring day one compliance with the Sarbanes Oxley Act across a large-scale IT organization. Subsequently, cut down overhead by 50%.

Employment History

Sygnum Bank AG

Risk & Compliance Management
2019 - 2021

Chief Risk Officer, Member of the Group Executive Board

Accountabilities

Enabled the organization to effectively manage its risks through implementation of an efficient risk management framework meeting regulatory expectations; as a second line function, independently identified, analysed, evaluated, managed and monitored strategic, operational, financial and reputational risks across the organization; managed interactions with internal and external auditors for non-financial audit matters; lead team of risk management specialists; member of the Business Acceptance Committee for client relationships with increased risks; active member of Sygnum’s Group Executive Board as well as the Audit & Risk Committee.

Achievements
  • Established the organisation’s risk management function.
  • In a very limited timeframe, successfully defined and introduced the organisation’s inaugural risk management framework, including guidelines, lean processes and tools for structed risk management and reporting in line with the respective regulatory requirements and a pre-requisite for obtaining the Swiss banking license.
  • Leveraged expertise from previous professional assignments for the immediate benefit of the organization, e.g., streamlined policies in the areas of business continuity management, significant outsourcing arrangements incl. assurance, information security, acceptable use and lean policy management in financial organizations subject to regulatory supervision and consolidation.
  • In close collaboration with the General Counsel, introduced standardized contracts for external service/software development arrangements, adequately addressing risk as well as Swiss banking secrecy, data privacy, confidentiality and intellectual property requirements.
  • Acted as the Chief Compliance Officer ad interim.

UBS Business Solutions AG

Group Technology
2016 - 2019

Program Manager “Technology Risk Management”

Accountabilities

Manage group-wide risk remediation program; lead team of risk, project and portfolio management specialists; active member of the Group Technology Risk Committee;manage program budget

Achievements
  • Inaugurated Technology's initial Risk Appetite Statement, enabling management to focus on material risks and providing targeted remediation investments.
  • Introduced scalable and cost-efficient approach to identify and document Technology’s historically grown control environment, reducing number of key controls by 60% while broadening landscape of covered risks.
  • Established “Continuous Control Monitoring”, furnishing management and stakeholders a timely view on the effectiveness of the control environment and allowing for pro-active remediation of emerging defects.
  • Improved global risk remediation portfolio oversight, ensuring programs continuously deliver on agreed risk reduction targets on time and in budget.

Zurich Insurance Company

Group Risk Management and Group Operations
2013 - 2016

Group Risk Officer Sourcing and Procurement

Accountabilities

Lead Group’s Sourcing Risk Management function; conduct risk assessments on the Group's strategy, large scale programs and sourcing arrangements with global impact; Risk Business Partner to Group functions including Operations as well as Legal & Compliance; active member of functional leadership teams, including the Group Chief Risk Officer’s Risk Management Leadership Team.

Achievements
  • Implemented unparalleled approach to identify, assess and manage sourcing/procurement risks, covering the significant risks across the full sourcing life cycle. Reduced contract templates by 30% in size, allowing for condensed outsourcing timelines while better addressing relevant risks.
  • Established Group’s Sourcing Risk Management function and built required capabilities, ensuring compliance with laws and regulations, such as FINMA’s Outsourcing Circular, EU’s Solvency II or GDPR.
  • Substantially reduced Solvency Capital Requirements (SCR) through improved management of sourcing risk.

Credit Suisse AG

Information Technology
2010 - 2013

Program Manager “Business Critical Systems”

Accountabilities

Manage group-wide risk remediation program; advise senior management on regulatory matters; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Group Executive Board, identifiedthe systems truly critical to the survival of the company during extreme events, such as the financial crisis, reducing initial number of systems by 80%.
  • Provided clarity regarding the current resilience capabilities of business critical systems, enabling senior IT and business executives to set remediation priorities and reduce unnecessary spend for non-critical systems.

Credit Suisse AG

Information Technology
2008 - 2010

Program Manager “Client Data Confidentiality”

Accountabilities

Manage region-wide risk remediation programs; advise senior IT management on regulatory matters and lead in responding to significant regulatory audits and inquiries; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Swiss Executive Board, designed and executed confidentiality assessments, comprehensively articulating the organization’s client confidentiality capabilities (people, processes and tools) and identifying areas of heightened risk requiring management attention.
  • Defined prioritised improvement measures and drove initial remediation programs, ensuring client data is protected in line with client expectations, the board’s risk appetite as well as legal and regulatory requirements.

Credit Suisse AG

Information Technology
2006 - 2008

Head IT Risk Private Banking and Regions Switzerland, Europe, Middle East & Africa

Accountabilities

Provide day-to-day Technology Risk Management services; Risk Business Partner to divisional and regional CIOs and active member of the respective executive management committees; lead teams across hierarchies; manage cost centre budget.

Achievements
  • Transformed a traditional “Information Security” function into a “Technology Risk Management” organisation, providing IT and divisional management with a 360 degree risk view.
  • Standardised IT risk and control assessments across the global organisation based on industry standards, allowing for increase assessment coverage due to reduced assessment timelines.
  • Changed the corporate risk culture, establishing risk as a value-adding activity on senior IT management’s agenda by positioning it as a business opportunity.

Lucerne University of Applied Sciences and Arts

2007 - today

Lecturer / Member of the board of “The School of Business” and “Institute of Business Information Management”

Accountabilities

Advise on strategy and curricula; lecture on “Information Security” and “Cultural Diversity”.

Achievements

Shaped the university’s curriculum and research focus, ensuring the institution fulfils its mandate as a University of AppliedSciences and Arts.

Credit Suisse AG

Information Technology
2004 - 2006

Project Manager “Sarbanes-Oxley”

Accountabilities

Lead Sarbanes-Oxley implementation task force; advise senior management on regulatory matters; lead team of subject matter experts and administrators; manage task force/project and cost centre budgets.

Achievements
  • On behalf of the CIO for Private Banking and Region Switzerland, rapidly mobilized and completed Sarbanes-Oxley Task Force, identifying and documenting the majority of relevant controls within a three week timeframe.
  • Operationalized lean “business as usual organization”, ensuring control defects are timely identified and remediated. For defects with a potentially material impact, defined implementation approach and obtained buy-in from internal and external stakeholders (including external audit), allowing for first year compliance with the Act.
  • Substantially contributed to the review of the SOX control objectives, resulting in a significant overhead cutback within IT.

Credit Suisse AG

Information Technology
2001 - 2004

Head IT Change Management

Accountabilities
  • Provide day-to-day IT Change Management services; active member of the Swiss Data Centre Management Executive Team; lead teams across hierarchies; manage cost centre budget.
Achievements
  • Introduced stringent IT Change Management process across the Swiss Data Centre, optimizing the number of annual release cycles and enforcing stricter testing of changes. This substantially reduced service outages and increased operational stability.
  • Defined and rigorously enforced rules for “emergency change procedures”, providing a key element for regulatory compliance with the “segregation of duties” requirements.
  • Consolidated central test environments, improving error detection rates and reducing operating expenses (headcount and investments).

UBS AG

Information Technology
1996 - 2001

Information Systems Specialist

Accountabilities

Develop IT architectures and operational standards; conduct architecture reviews; lead team of domain experts.

Achievements
  • Defined runtime architectures for UBS’ proprietary CORBA implementation, enabling a straightforward development of scalable solutions.
  • During SBG/SBV merger, developed the “Technical Architecture Blueprint”, subsequently implemented as part of the “Strategic Solutions Program”.
  • Defined and rolled out “Operability Standards”, ensuring introduced applications are fit for data centre operations.
  • Optimised processes based on ITIL, improving operational effectiveness and efficiency.

ETH Zurich

Department of Computer Science
1994 - 1996

Head Studies Administration

Accountabilities

Provide administrative services to students and faculty, such as admissions and appeals; supervise one administrative staff.

ETH Zurich

Institute for Information Systems – Database Research Group
1991 - 1996

Reasearch Assistant

Accountabilities

Conduct research on multimedia database systems; participate in teaching activities, such as lectures, exercises and industry courses.

Chief Risk Officer, Member of the Group Executive Board

Sygnum Bank AG, Risk & Compliance Management
2019 - 2021

Accountabilities

Enabled the organization to effectively manage its risks through implementation of an efficient risk management framework meeting regulatory expectations; as a second line function, independently identified, analysed, evaluated, managed and monitored strategic, operational, financial and reputational risks across the organization; managed interactions with internal and external auditors for non-financial audit matters; lead team of risk management specialists; member of the Business Acceptance Committee for client relationships with increased risks; active member of Sygnum’s Group Executive Board as well as the Audit & Risk Committee.

Achievements
  • Established the organisation’s risk management function.
  • In a very limited timeframe, successfully defined and introduced the organisation’s inaugural risk management framework, including guidelines, lean processes and tools for structed risk management and reporting in line with the respective regulatory requirements and a pre-requisite for obtaining the Swiss banking license.
  • Leveraged expertise from previous professional assignments for the immediate benefit of the organization, e.g., streamlined policies in the areas of business continuity management, significant outsourcing arrangements incl. assurance, information security, acceptable use and lean policy management in financial organizations subject to regulatory supervision and consolidation.
  • In close collaboration with the General Counsel, introduced standardized contracts for external service/software development arrangements, adequately addressing risk as well as Swiss banking secrecy, data privacy, confidentiality and intellectual property requirements.
  • Acted as the Chief Compliance Officer ad interim.

Program Manager “Technology Risk Management”

UBS Business Solutions AG, Group Technology
2016 - 2019

Accountabilities

Manage group-wide risk remediation program; lead team of risk, project and portfolio management specialists; active member of the Group Technology Risk Committee;manage program budget

Achievements
  • Inaugurated Technology's initial Risk Appetite Statement, enabling management to focus on material risks and providing targeted remediation investments.
  • Introduced scalable and cost-efficient approach to identify and document Technology’s historically grown control environment, reducing number of key controls by 60% while broadening landscape of covered risks.
  • Established “Continuous Control Monitoring”, furnishing management and stakeholders a timely view on the effectiveness of the control environment and allowing for pro-active remediation of emerging defects.
  • Improved global risk remediation portfolio oversight, ensuring programs continuously deliver on agreed risk reduction targets on time and in budget.

Group Risk Officer Sourcing and Procurement

Zurich Insurance Company, Group Risk Management and Group Operations
2013 - 2016

Accountabilities

Lead Group’s Sourcing Risk Management function; conduct risk assessments on the Group's strategy, large scale programs and sourcing arrangements with global impact; Risk Business Partner to Group functions including Operations as well as Legal & Compliance; active member of functional leadership teams, including the Group Chief Risk Officer’s Risk Management Leadership Team.

Achievements
  • Implemented unparalleled approach to identify, assess and manage sourcing/procurement risks, covering the significant risks across the full sourcing life cycle. Reduced contract templates by 30% in size, allowing for condensed outsourcing timelines while better addressing relevant risks.
  • Established Group’s Sourcing Risk Management function and built required capabilities, ensuring compliance with laws and regulations, such as FINMA’s Outsourcing Circular, EU’s Solvency II or GDPR.
  • Substantially reduced Solvency Capital Requirements (SCR) through improved management of sourcing risk.

Program Manager “Business Critical Systems”

Credit Suisse AG, Information Technology
2010 - 2013

Accountabilities

Manage group-wide risk remediation program; advise senior management on regulatory matters; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Group Executive Board, identifiedthe systems truly critical to the survival of the company during extreme events, such as the financial crisis, reducing initial number of systems by 80%.
  • Provided clarity regarding the current resilience capabilities of business critical systems, enabling senior IT and business executives to set remediation priorities and reduce unnecessary spend for non-critical systems.

Program Manager “Client Data Confidentiality”

Credit Suisse AG, Information Technology
2008 - 2010

Accountabilities

Manage region-wide risk remediation programs; advise senior IT management on regulatory matters and lead in responding to significant regulatory audits and inquiries; lead team of project managers; manage cost centre and program budgets.

Achievements
  • On behalf of the Swiss Executive Board, designed and executed confidentiality assessments, comprehensively articulating the organization’s client confidentiality capabilities (people, processes and tools) and identifying areas of heightened risk requiring management attention.
  • Defined prioritised improvement measures and drove initial remediation programs, ensuring client data is protected in line with client expectations, the board’s risk appetite as well as legal and regulatory requirements.

Head IT Risk Private Banking and Regions Switzerland, Europe, Middle East & Africa

Credit Suisse AG, Information Technology
2006 - 2008

Accountabilities

Provide day-to-day Technology Risk Management services; Risk Business Partner to divisional and regional CIOs and active member of the respective executive management committees; lead teams across hierarchies; manage cost centre budget.

Achievements
  • Transformed a traditional “Information Security” function into a “Technology Risk Management” organisation, providing IT and divisional management with a 360 degree risk view.
  • Standardised IT risk and control assessments across the global organisation based on industry standards, allowing for increase assessment coverage due to reduced assessment timelines.
  • Changed the corporate risk culture, establishing risk as a value-adding activity on senior IT management’s agenda by positioning it as a business opportunity.

Lecturer / Member of the board of “The School of Business” and “Institute of Business Information Management”

Lucerne University of Applied Sciences and Arts
2007 - today

Accountabilities

Advise on strategy and curricula; lecture on “Information Security” and “Cultural Diversity”.

Achievements

Shaped the university’s curriculum and research focus, ensuring the institution fulfils its mandate as a University of AppliedSciences and Arts.


Project Manager “Sarbanes-Oxley”

Credit Suisse AG, Information Technology
2004 - 2006

Accountabilities

Lead Sarbanes-Oxley implementation task force; advise senior management on regulatory matters; lead team of subject matter experts and administrators; manage task force/project and cost centre budgets.

Achievements
  • On behalf of the CIO for Private Banking and Region Switzerland, rapidly mobilized and completed Sarbanes-Oxley Task Force, identifying and documenting the majority of relevant controls within a three week timeframe.
  • Operationalized lean “business as usual organization”, ensuring control defects are timely identified and remediated. For defects with a potentially material impact, defined implementation approach and obtained buy-in from internal and external stakeholders (including external audit), allowing for first year compliance with the Act.
  • Substantially contributed to the review of the SOX control objectives, resulting in a significant overhead cutback within IT.

Head IT Change Management

Credit Suisse AG, Information Technology
2001 - 2004

Accountabilities
  • Provide day-to-day IT Change Management services; active member of the Swiss Data Centre Management Executive Team; lead teams across hierarchies; manage cost centre budget.
Achievements
  • Introduced stringent IT Change Management process across the Swiss Data Centre, optimizing the number of annual release cycles and enforcing stricter testing of changes. This substantially reduced service outages and increased operational stability.
  • Defined and rigorously enforced rules for “emergency change procedures”, providing a key element for regulatory compliance with the “segregation of duties” requirements.
  • Consolidated central test environments, improving error detection rates and reducing operating expenses (headcount and investments).

Information Systems Specialist

UBS AG, Information Technology
1996 - 2001

Accountabilities

Develop IT architectures and operational standards; conduct architecture reviews; lead team of domain experts.

Achievements
  • Defined runtime architectures for UBS’ proprietary CORBA implementation, enabling a straightforward development of scalable solutions.
  • During SBG/SBV merger, developed the “Technical Architecture Blueprint”, subsequently implemented as part of the “Strategic Solutions Program”.
  • Defined and rolled out “Operability Standards”, ensuring introduced applications are fit for data centre operations.
  • Optimised processes based on ITIL, improving operational effectiveness and efficiency.

Head Studies Administration

ETH Zurich, Department of Computer Science
1994 - 1996

Accountabilities

Provide administrative services to students and faculty, such as admissions and appeals; supervise one administrative staff.


Reasearch Assistant

ETH Zurich, Institute for Information Systems – Database Research Group
1991 - 1996

Accountabilities

Conduct research on multimedia database systems; participate in teaching activities, such as lectures, exercises and industry courses.

Qualifications                     

Certified in Risk and Information Systems Control (CRISC) earned at the Information Systems Audit and Control Association (ISACA).

Dr. sc. techn. earned at the Swiss Federal Institute of Technology (ETH Zurich): Dissertation in the area of transaction-oriented management and retrieval of full text documents in multi-processor database environments.

Dipl.-Inf. Ing. earned at the Swiss Federal Institute of Technology (ETH Zurich): Master in computer science with major in information systems and numerical mathematics.

Professional Trainings

  • Mastering Technology Enterprises (IMD Lausanne)
  • Lean Sigma Black Belt (Credit Suisse Business School)
  • Senior Leadership Training (IMD Lausanne and UBS University)
  • Mastering Service Excellence (Zurich and Thunderbird School of Global Management)
  • RIVA Insurance Simulation (Zurich)
  • PRINCE2 Practitioner

Contact

Krähbüel 6, 6403 Küssnacht am Rigi, Switzerland, helmut.l.kaufmann@gmail.com, +41 78 832 53 50.