Steffen Minkmar

Heading the IT Security Unit at the European Investment Bank. Responsible for IT Security Architecture, IT Security Operations, and IT Security Monitoring.
Additionally, I am tasked to monitor IT regulatory aspects.

Senior Manager in EIB's newly created information security function. Conduct of IT risk assessments and security awareness campaigns. Contribution and management of information management and security projects (e.g. information classification tool selection and deployment).

Employed to strengthen EIB’s internal IT audit function. Responsible for conducting audits in the field of IT general controls and audit mamagement software support. Perform appraisals and audits of IT systems (“cradle-to-grave”, across all IT layers), business processes, and integrity of financial information in EIB. Coordinates and monitors the implementation of audit recommendations. Audit management system administrator (“TeamMate”).

Responsible for the development and implementation of an IT compliance monitoring program in the WBG to meet IT policy, business, and relevant legal and regulatory requirements. Charged to operate and expand WBG’s Continuous Control Monitoring framework to applicable IT control requirements, globally outsourced IT service operations, and to support WBG’s cybersecurity strategy. Developed a unified IT compliance framework, and spearheaded its implementation. Auditor-in-charge for a number of infrastructure and application reviews conducted by the IT Compliance team. Led an IT compliance operations team of five experts.

Joined ADB’s IT department to establish an effective information security function, and to setup and run ADB’s information and cybersecurity program. Overall responsibility for IT security governance and security architecture in ADB. In charge for implementing and reviewing IT security frameworks, IT process improvement projects, IT security awareness initiatives, IT security related communication, and IT security governance activities. Provided security leadership to ADB. Managed and successfully completed several high profile, high value security projects to elevate the maturity of ADB’s IT security operations. Conducted risk assessments with respect to information security, including risk treatment and reporting to management. Acted as interface to ADB’s internal and external audit functions for information security related matters. Led an information security team of eight in Manila, Philippines.

Hired to help strengthen ADB’s internal IT audit function. Performed a number of highly visible audits and compliance reviews in the areas of information technology and IT procurement. Conducted appraisals and audits of IT systems (“cradle-to-grave”, across all IT layers), business processes, and integrity of financial information in ADB, and coordinated and monitored implementation of audit recommendations. Representative of the Internal Audit Department to ADB’s business continuity efforts. Established an audit process that was aligned with Big 4 audit practices and Institute of Internal Audit (IIA) standards. Followed up on internal and external audit recommendations. Supported Director, Internal Audit in status reporting to ADB’s Audit Committee of the Board. Requested and implemented a state-of-the-art audit management tool (“TeamMate”) that helped ADB’s internal IT audit function to streamline its assurance activities and to improve efficiency and effectiveness.

Seconded to PwC’s Hong Kong office to help provide services in the fields of security planning and IT risk assessments to medium sized companies. Supervised IT audits related to the appropriateness and compliance of clients’ internal control systems with regulatory requirements. Performed IT General Controls reviews with particular focus on IT processes. Assessed and advised clients to implement auditable IT processes in the course of Sarbanes Oxley Act engagements.

Consulted clients in the implementation of COSO / COBIT framework, ISO17799 security requirements & IT processes, meeting BS15000 requirements. Provided consultancy services in implementing & optimizing IT processes following the ITIL framework (under the then applicable BS 15000 standard) under consideration of security requirements & other obligations (Sarbanes Oxley Act). Acted as subject matter expert for the standards ISO17799, BS15000, and the COSO / COBIT framework.