About Dmitrii
DORA & IT/GRC | BCM | Outsourcing (MaRisk EBA) | Information Security
I’m an independent DORA and IT/GRC programme lead helping banks and financial institutions achieve audit-ready outcomes fast. I deliver time-boxed engagements with regulator-style evidence across Operational Resilience, Outsourcing (MaRisk AT 9/EBA), BCM (MaRisk 7.3/ISO 22301) and Information Security (ISO 27001/ NIST).
Why me
I cover three roles at once: DORA Lead, Outsourcing Manager, BCM Manager; so you avoid hand-offs and delays. I’ve sat on each side (IT, Risk, Security), so I connect requirement -> control -> test -> evidence -> report without friction.
Services
- DORA compliance uplift
- Outsourcing management (MaRisk AT 9/EBA): register, contractual clauses, performance monitoring, exit strategies
- Business Continuity (ISO 22301): BIA, RTO/RPO, BCP, crisis playbooks, tabletop exercises
- IT Risk & Control: KRIs, test templates, monthly dashboards
- Regulatory reporting: board/CRO packs, audit responses, remediation tracking
Skills / Competencies
- DORA, Operational Resilience, ICT Risk, Incident & Continuity
- Outsourcing / Third-Party Risk (MaRisk AT 9, EBA)
- BCM / DR (ISO 22301), Crisis Management & Tabletop
- Information Security (ISO 27001), Policy & Controls
- IT Risk Management, KRIs, Control Testing, Evidence Management
- Programme/Project Leadership (PMP)
- Stakeholder & Audit Management (CIO/CRO/Regulator)
Additional Project Experience
>160 mid-terms and smaller projects on UpWork and Fiverr (99% - 5-star result).
Tools
Microsoft 365 (incl. VBA), Jira, Confluence, ServiceNow (CMDB, TPRM module), Fusion Risk, Castellan (ClearView), Everbridge, AWS, PowerBI
AI-Tools
ChatGPT, Microsoft Copilot, METIS AI
English
Fluent
Russian
Native or bilingual
German
Conversational
Can work on-site
Frankfurt am Main (up to 50km)
Experience
- Jefferies GmbHIT Risk & Compliance Senior ConsultantBANKING AND INSURANCEMarch 2025 - Today (1 year and 4 months)Frankfurt am Main, GermanyLeading Jefferies’ DORA-driven operational resilience programme by strengthening ICT risk governance, control design, and regulatory readiness across key technology and outsourcing domains. Partnering with senior stakeholders to translate regulatory requirements into pragmatic governance, reporting, and assurance processes suitable for a global investment banking environment.Key Achievements:
- Developed the Enterprise Register of Information (DORA Art. 28.3) to align with regulatory requirements
- Defined and embedded ICT Risk Appetite and tolerance levels aligned to the Global Operational Risk Framework, strengthening decision-making and risk acceptance governance
- Drove audit readiness by reviewing and re-drafting 50+ IT & Information Security policies, improving clarity, ownership, and control alignment
- Oversaw the Operational Resilience Testing Programme (including penetration testing) and tracked remediation to closure, strengthening control assurance and reducing open findings
- Aligned 10+ intra-group agreements with DORA regulatory standards.
- Enhanced executive-level decision-making with an enterprise ICT Risk Dashboard featuring KPIs/KRIs
- Blink Operations LimitedExternal Consultant (remote)DIGITAL AND ITJune 2024 - March 2025 (8 months)Tel Aviv, IsraelEngaged by a cybersecurity SaaS startup to stand up compliance across ISO 27001, HIPAA, GDPR and NIST CSF. Built an Information Security Management System (ISMS) with policy suite, risk assessment and treatment plan; implemented HIPAA administrative/technical safeguards; mapped personal-data flows with RoPA and DPIAs; defined IR/BC/DR playbooks; rolled out vendor risk and secure-SDLC controls; prepared auditor-ready evidence and customer security responses. Outcome: passed client security due diligence, closed audit gaps, and achieved certification readiness.
- VTB Bank (Europe) SEHead of Global Project Office and Central Outsourcing ManagementBANKING AND INSURANCEOctober 2019 - June 2024 (4 years and 8 months)Frankfurt Am Main Area, GermanyReported to the COO as budget holder, leading a global team of three across Frankfurt and Moscow, and running the Global Project Office to deliver consistent governance across the project portfolio. Managed incidents and vendor exits to minimise disruption and maintain operational continuity, and led organisation-wide DORA implementation across regulatory, outsourcing, and technology governance.Key Achievements:
- Led global GPO operations to ensure delivery governance across the project portfolio, improving transparency of milestones, risks, and executive reporting (€30M total portfolio budget)
- Strengthened protection of sensitive data and ICT services by embedding ISO 27001, ITIL, and BSI-aligned security practices into operational delivery and governance
- Maintained operational continuity and crisis responsiveness in line with MaRisk AT 7.3 / ISO 22301 / BCI, reducing disruption risk during incidents
- Enhanced corporate governance and compliance across GDPR and BDSG, clarifying accountabilities and evidence trails for audits and supervisory requests
- Directed procurement and outsourcing activities in line with MaRisk AT 9, EBA, and IDW 951 standards
Recommendations
Be the first to recommend Dmitrii
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's degreeNew Economic School2017
- Master's degreeBauman Moscow State Technical University2013
Certifications
- AI Ethics and Governance365 Careers2025
- AWS Certified Cloud PractitionerAmazon Web Services2024