Profile photo

Marius Mihail Russo-Got

also known as Marius Russo

Expertise: Architecture · Cybersecurity · Cloud · GRC · Delivery · Agile / SAFe · Data Protection / GDPR · AI/AIOps · Quantum Strategy · Digital Workplace · Banking

English (C2), French (C1) · NATO Secret (valid until Aug 2027)

NATO/NCIA · UN · UNDP · UNOPS · FREELANCING · EU · EEAS · IBM · ALCATEL/NOKIA · MOTOROLA
01 · Banking & financial servicesRegulated platforms · continuity · control

Banking & financial services

Retained architecture mandates for regulated banking transformation. Most recent anchor: rationalisation of an 848-component portfolio at Société Générale group (BRD) reaching 10M+ customers, with 39% year-one savings sustained over three years.

Mandate type

Architecture of record on core banking, payments and SWIFT estates; control alignment to PCI DSS, ICFR/COSO, ISO 27001 and SOC 2; recovery of programmes that need to pass supervisory scrutiny. Engagement window typically 6–24 months against a CIO, CTO, CDO or programme sponsor.

Anchor reference

Société Générale group (BRD) — 848 components governed, 10M+ banking customers, 39% year-one savings sustained 3 years. Plus 23-bank portfolio (PIR2-IT 2024–Present) covering UNFCU, EIB, HSBC, BNP Paribas, Credit Suisse and others.

What I do

Four offers recur in regulated financial services. Each is scoped, time-boxed and ends in artefacts the institution owns.

  • Target-state architecture authority. Capability map, reference architecture, ADRs and exception governance across core, payments and channels. Decision lead-time typically reduced by ~50%.
  • Control alignment for regulated change. SWIFT CSP, PCI DSS, ICFR/COSO, ISO 27001 and SOC 2 mapped to platform decisions. Audit-grade evidence trail that supervisors can read directly.
  • Programme recovery under audit pressure. Control reset, decision governance and evidence discipline. Re-establishes the line of sight from regulator to platform.
  • Operating-model alignment. Business, application, data and technology domains brought into one portfolio backbone instead of fragmented project work.

Frameworks and standards applied

Methods are scoped, not decorative. Each mandate runs against a defined framework stack so decisions remain defensible to internal audit, external supervisors and donors.

  • Architecture & governance: TOGAF · COBIT · ArchiMate · ADRs · exception governance
  • Payments & banking: SWIFT CSP · PCI DSS · ISO 20022 · SEPA / SCT Inst
  • Risk, control & audit: ICFR / COSO · NIST CSF · SOC 2 · ISO 27001 · ISO 22301 · BCBS 239
  • European supervision: DORA · EBA guidelines · GDPR
  • Delivery: SAFe / Agile · PRINCE2 / PMI · ITIL
A4 infographic summarising banking transformation, risk, compliance, fund operations and modernisation.
Banking & financial services infographic — executive A4 visual for web, briefings and PDF capability packs. A4 · Premium high-tech briefing style
Scope detail · auto / manual scroll →
Core banking & payments

The institutional transaction backbone

Target-state architecture for the systems that carry accounts, payments, products and financial processing. Continuity first, change second.

Scope:
  • Core banking modernisation and target-state design
  • Payments architecture — ISO 20022, SEPA / SCT Inst, SWIFT estates under CSP
  • Migration pathways for legacy transaction platforms
  • Integration coherence across products, channels and customer data
Enterprise architecture & operating model

Portfolio-scale design, not project-by-project

Enterprise architecture linking business capabilities, platform estates and delivery roadmaps into one defensible transformation backbone.

Scope:
  • Capability maps and multi-year transformation roadmaps
  • Architecture governance for banking portfolios in the hundreds of components
  • Business / application / data / technology domain alignment
  • ADRs and exception governance with full audit trail
Cybersecurity, ERC & GRC

Controls that hold under supervision

Controls strong technically and defensible to internal audit, supervisors and rating agencies.

Scope:
  • Cybersecurity governance for regulated banking estates
  • ERC / GRC frameworks, control mapping, evidence discipline
  • Identity, segregation of duties, privileged-access models
  • Operational resilience aligned to DORA, ISO 22301, BCBS 239
Channels, trading & digital services

Customer-facing estates without uncontrolled complexity

Digital channels, specialist applications and market-facing components kept integrated, observable and inside the control envelope.

Scope:
  • Digital channels and alternative service architecture
  • Trading and specialist banking application governance
  • Front / middle / back-office secure integration
  • Customer-journey alignment with platform logic

Typical deliverables

Each mandate produces a defined artefact set the institution owns at handover.

  • Core banking target architectures and multi-year transformation roadmaps
  • Enterprise architecture blueprints across business, application, data and technology
  • Cybersecurity, ERC / GRC and control-governance packs aligned to supervisors
  • Channel, integration and operating-model designs with named interfaces
  • Resilience and recovery architecture — RTO / RPO tested, not asserted
  • ADRs and exception logs for every material design call
Measurable outcomes · auto scroll →
848
component banking portfolio governed (Société Générale · BRD)
10M+
banking customers reached via enterprise channels
39%
year-one savings sustained across three years
~50%
decision lead-time reduction via ADR / exception governance
23
banks served in current PIR2-IT portfolio
250K+
UNFCU members across 120+ countries (banking-grade controls)
15+
regulatory framework implementations supporting defensibility

Banking transformation passes scrutiny when platform modernisation, regulatory control and continuity are treated as one design problem — and when the architect of record owns the evidence trail end to end.

Relevant projects01 · Banking & financial services · 13 matching

Projects in this domain

Engagements filtered by primary domain from the full 270+ project record. Full detail and NDA-gated evidence packs available on request.

Banking · multi-client

23 international and Romanian banks — transformation & cybersecurity

Worldwide · 2024 – Present

Large-scale banking transformation and cybersecurity programmes — core-banking migrations, data-centre consolidation, cybersecurity modernisation. Named clients: UNFCU, EIB, Société Générale, HSBC, BNP Paribas, Credit Suisse.

23-bank portfolio

NDA — named in CV
UNFCU · Digital banking transformation

UNFCU — global cybersecurity & digital-banking transformation (250K+ members · 120+ countries)

UN Secretariat / OICT · 2016 – 2019

Global cybersecurity and digital-banking transformation programme for 250,000+ UNFCU members across 120+ countries. Portfolio of 300+ projects spanning cloud adoption, core-banking migration & modernisation and cybersecurity compliance.

Key activities

  • Architected hybrid multi-cloud (Azure / AWS / GCP) for mission-critical banking apps with Zero Trust, micro-segmentation, AES-256 / TLS 1.3
  • Product Owner for cybersecurity platforms (Palo Alto, CyberArk, CrowdStrike, DLP, SIEM)
  • 3rd-line engineering support for firewall, PAM and EDR; MTTR reduced by 55% via automation and incident playbooks
  • Migrated 80% of workloads to Azure / AWS hybrid cloud maintaining PCI DSS Level 1 compliance

Frameworks: ISO 27001 · PCI DSS Level 1 · NIST 800-53 · ISO 22301 · COBIT 5 · GDPR · SOC 2 · Zero Trust (NIST 800-207)

300+ projects · 250K+ members · 120+ countries

European Central Bank · Frankfurt

ECB cloud / digital architecture & cryptocurrency

Frankfurt, DE · Sep 2014 – Nov 2015 · 120 working days

Lead Solution Design team for modern cloud / digital and cryptocurrency architecture. Identify and document business flows, data exchanges, identity authorisation and security level. Integrations with European and governmental agencies. Updated Business Continuity Plan. Support ECB negotiations with EU, NATO, INTERPOL.

Société Générale (BRD) · VAUBAN

VAUBAN — IT PMO Head / IT Director, Banking Transformation

BRD Bank — Groupe Société Générale · Bucharest · May 2011 – Aug 2013 · Full-time

PMO effective operation, IT Strategic Planning and Banking Transformation Programme. Set-up Center for Secure Information Systems. Enterprise Architecture Strategy & Roadmap. Coordination with PMOs/CSICs in Croatia, France, Russia, Bulgaria, Moldova. New Core Banking — INFOSYS Finacle / Oracle Flexcube. Cards & alternative channels (Mobile/Internet Banking, WU@ATM, WU@POS, prepaid). 900+ servers, 550+ applications, 120+ audit recommendations closed (89%).

US$3.93M IT savings · US$2.88M vendor negotiations · US$63M budget · OPEX -44.2%

Transfond · Romanian inter-banking

Transfond — electronic payment & inter-banking compensation

Romania · 2008 – 2011

IT system for electronic payment (T24, Murex, TI+) and inter-banking compensation. Process design and compliance with international mechanisms. Data protection. PCI-DSS & ISO 27001 certification. 30T transactions/day. 99.9998% availability.

Multi-bank · Risk & Core Banking

ECB · EU · CE · ING · Citibank · JPM · Raiffeisen · Société Générale · CEC Bank

Multi-country · 2008 – 2011

IT Risk Analysis System (ISO 2700x). Solution design of new Core Banking. Cloud private/public PoC. Data centre relocation, HW/SW/MW/NW/SAN consolidation. Set-up Business Intelligence Competence Center (Data Architecture, Quality, Governance, BI & Executive Dashboard).

Raiffeisen Bank Romania

Raiffeisen — Risk & Card upgrade + CSIS

Romania · 2008 – 2011

Upgraded Risk Analysis System (Murex), Card System (Murex), RISC and x86 server infrastructure. Center for Secure Information Systems: SIEM, DB Security, ISMS & ISR, MDM, Managed Security Services. Process improvement (ITIL).

NDA — named in CV
Société Générale (Alcatel-era)

Société Générale — telecom & secure-banking network integration

Romania / EMEA · 2002 – 2006

Alcatel-era engagement with Groupe Société Générale: secure banking network integration, OSS/BSS modernisation and core-banking telecom infrastructure (predecessor to the later VAUBAN programme delivered as freelance 2011 – 2013).

Frameworks: ITIL v3 · COBIT · ISO 27001 · PCI DSS

NDA — named in CV
BCR (Banca Comercială Română)

BCR Bank — Alcatel-era core-banking & telecom network integration

Romania · 2002 – 2006

Alcatel-era BCR Bank engagement: core-banking telecom and network integration, secure-network projects across the European banking estate.

Frameworks: ITIL · ISO 27001 · PCI DSS · TOGAF

NDA — named in CV
BNR (Banca Națională a României)

BNR — National Bank of Romania — telecom & network

Romania · 2002 – 2006

Alcatel-era engagement with BNR (National Bank of Romania): telecom and secure-network integration for central-bank operations.

Frameworks: ITIL · ISO 27001 · TOGAF · Central-bank operational standards

NDA — named in CV
CEC Bank

CEC Bank — Alcatel-era telecom & network integration

Romania · 2002 – 2006

Alcatel-era CEC Bank engagement: telecom and secure-network integration for the Romanian state savings bank estate.

Frameworks: ITIL · ISO 27001 · TOGAF · PCI DSS

Banking · Citibank

Citibank — biometric security + Building Automation

Romania · 1996 – 2002

Biometric security systems and Building Automation System for Citibank.

Banking · BRD + BCR

BRD Bank · BCR Bank — security systems + BAS

Romania · 1996 – 2002

Security systems and Building Automation System for BRD Bank and BCR Bank.

View all projects →