StarAudit (Finance Sector)
Cloud, Security in Banks
How to prepare the internal audit processes of a bank for security-relevant aspects concerning the use of external services. Mr. Leitner, IT Auditor of a major banking group, is responsible for auditing and supporting the CISO and various business units on the topic of cyber threats and IT security. StarAudit helps with the assessment of new or existing service providers, and the StarAudit Controls can be used as a checklist for audits.
IT Auditor, Erste Group Bank AG (Vienna)
He is within Erste Group and Financial Industry for more than 10 years.
Stefan Leitner started his carrier at Siemens as a Software developer for communication systems. Parallel to his job he studied ‘Technical Project- and Process Management’ at FH Campus Vienna and afterwards ‘Information Management and IT Security’ at FH Technikum Vienna.
After a function as Security Management Process Manager (based on ISO/IEC 27001 standard) he was nominated as Security- and IT-Compliance Officer in Erste Group IT Daughter Company. Afterwards he was nominated Process Manager for the Internal Control System (according to COBIT framework). He was the single point of contact for all kind of audits including but not limited to IT Compliance Audits e.g. ISAE 3402 (former SAS70), Payment Card Industry Data Security Standard (PCI DSS), Internal-, Year End- and License Audits.
In scope of his audits are Erste Group units including daughter companies and subcontractors (3rd parties) mainly within EU. The audit chart includes all involved areas of Software Development Life Cycle and IT areas including internal and external outsourcing. Additional he supports ‘Year End Auditor' of the banks if IT related support is needed.
Stefan Leitner is member of ISACA Austria chapter and Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and ISO/IEC 27001 Foundation certified.
Since July 2017 he is accredited StarAudit Abassador, -Foundation Expert, -Professional and – Auditor.