EMRE TUNCOGLU
Technology Risk & AI Governance Executive
CRISC
CISSP
TOGAF 9.1
CISA
CISM
ISO 27001 LA
PRINCE2
📍 London, UK
📧 contact@enftc.ai
🔗 linkedin.com/in/emretuncoglu
🌐 enftc.ai
Key Achievements
40% Audit Cost Reduction
Coordinated external audit efforts for UBS Group Technology, achieving significant cost savings
Regulatory Onboarding Restrictions Lifted
Successfully closed audit with no major findings for Capital.com, leading to removal of new client onboarding restrictions
800+ Assets Managed
Compliance framework across 4 global regions (US, UK, Switzerland, Singapore)
25+ Years Experience
Financial Services technology risk and compliance expertise
Executive Profile
Senior Technology Risk & Security Executive with 25 years in Financial Services. Expert in bridging regulatory frameworks (DORA, GDPR, FCA/PRA, EU AI Act) with modern technical architecture. Proven track record leading AI transformation in risk management, designing cost-effective control frameworks, and engaging C-Suite stakeholders to articulate technical risks.
Core Competencies
Regulatory Compliance
DORA, EU AI Act
BCBS 239, HKMA/MAS TRM
SOX, FCA/PRA
BCBS 239, HKMA/MAS TRM
SOX, FCA/PRA
Technical Architecture
AI/LLM Governance
Azure & GCP Security
DevSecOps, IAM/PAM
Azure & GCP Security
DevSecOps, IAM/PAM
Risk Management
Operational Resilience
Third-Party Risk (TPRM)
IT Audit, Control Frameworks
Third-Party Risk (TPRM)
IT Audit, Control Frameworks
Leadership
C-Suite Engagement
Audit Defense
Crisis Management
Audit Defense
Crisis Management
Education
BSc, Electrical & Electronics Engineering
Middle East Technical University (METU) • 2001
Select Clients
UBS • Lloyds Banking Group • Deloitte UK
Capital.com • Aviva Group • Bupa UK
Euroclear • KPMG • Financial Institutions
Professional Experience
E&F TECHNOLOGY CONSULTING
Dec 2014 – Present
Director / Principal Consultant
Capital.com (Sep 2024 – Dec 2025): Led AI-driven DORA compliance programme using RAG-model solution with Large Context Window LLMs. Closed audit with no major findings, enabling removal of onboarding restrictions.
Bupa UK (Nov 2023 – Feb 2024): Validated remediation of major technology risk to prevent recurrence.
Deloitte UK (Feb 2022 – Jul 2023): Cloud security architecture for Azure migration; defined cyber resilience strategies.
UBS (Jun 2020 – Sep 2021): Reduced audit costs by ~40%; managed MAS TRM and HKMA TPRM requirements.
Aviva Group (Mar 2020 – Jun 2020): Interim Global Head of Audit – CIO; defined IT Audit universe and multi-year plan.
UBS
Jan 2019 – Mar 2020
Security & Resilience Architect
Designed and implemented technology infrastructure compliance framework integrated into SDLC.
Enforced compliance across ~800 on-premise and MS Azure assets across US, UK, Switzerland, Singapore.
UBS • Group Internal Audit
Feb 2018 – Dec 2018
Technology Risk SME
Executed audits within Cyber Security Governance, Data Governance (BCBS 239), and Middleware.
Assessed "Cyber Security by Design" framework for secure development controls.
LLOYDS BANKING GROUP
Mar 2015 – Dec 2017
Internal Audit & Architecture SME
Delivered end-to-end audits of security architecture across Linux, Windows, IBM Mainframe, HPE Non-Stop.
Identified critical gaps in privileged access, event logging, and patch management.
Previous Experience
KPMG (UK) • Technology Risk Advisory • Oct 2013 – May 2014
EUROCLEAR GROUP (Belgium) • Senior Audit Manager • Aug 2008 – Jan 2013
DENIZBANK/DEXIA • Head of IT Risk & Controls • Jul 2005 – Jul 2008
TEKSTILBANK • IT Risk & Controls Officer • Oct 2004 – Jun 2005
PAMUKBANK • Senior IT Auditor • Apr 2001 – Oct 2004
Detailed Project Experience Appendix
CAPITAL.COM | Technology Risk & Regulatory Compliance SME
September 2024 – December 2025
London, UK
AI-Driven DORA Compliance Programme
Spearheaded DORA implementation using RAG-model solution with Large Context Window LLMs to automate policy uplift.
Automated 85% of compliance mapping
Regulatory Onboarding Restrictions Lifted
Successfully closed critical audit with no major findings after remediating long-standing Privileged Access Management (PAM) non-compliance.
✅ REMOVAL OF NEW CLIENT ONBOARDING RESTRICTIONS
✅ REMOVAL OF NEW CLIENT ONBOARDING RESTRICTIONS
UBS | Technology Risk & Security Architecture SME
June 2020 – September 2021
London, UK / Zurich, Switzerland
Audit Cost Optimization
Coordinated external audit efforts throughout Group Technology, implementing standardized audit response framework that reduced overall audit costs to UBS by ~40%.
Cloud Migration Risk Assessment
Performed risk assessments for file transfer technologies migrating to cloud (Azure, AWS), identifying 23 compliance gaps.
DELOITTE UK | Technology Risk & Architecture SME
February 2022 – July 2023
London, UK
Cloud Security Architecture Assessment
Conducted end-to-end security architecture and control assessments for a large insurance firm's migration to Microsoft Azure (2,500+ VMs).
Challenger Bank Resilience Programme
Defined data management strategies and cyber resilience scenario testing for a challenger bank, ensuring protection against insider threats.
Last Updated: January 2026 • London, United Kingdom • www.enftc.ai