External Data Protection Officer, Project Manager EU-GDPR

• Basisprüfung NIS-2 Betroffenheit
• Registrierung NIS-2
• Durchführung einer IST-Analyse
• Erstellung Pflichtenheft
• Kontrolle der Umsetzung der NIS-2 Konformität
• Etablierung des Meldewesens im Kontext NIS-2
• Risikoanalyse und Sicherheit für Informationssysteme
• Bewältigung von Sicherheitsvorfällen
• Aufrechterhaltung und Wiederherstellung, Backup-Management, Krisen-Management
• Sicherheit der Lieferkette, Sicherheit zwischen Einrichtungen, Dienstleister-Sicherheit
• Sicherheit in der Entwicklung, Beschaffung und Wartung, Management von Schwachstellen
• Bewertung der Effektivität von Cybersicherheit und Risiko-Management
• Schulungen Cybersicherheit und Cyberhygiene
• Kryptografie und Verschlüsselung
• Personalsicherheit, Zugriffskontrolle und Anlagen-Management
• Multi-Faktor Authentisierung und kontinuierliche Authentisierung
• Sichere Kommunikation (Sprach, Video- und Text)
• Sichere Notfallkommunikation

Management in Information Security Management and external data protection officer for various clients:

• Disciplinary and technical management
• Data protection
• Data protection projects
• Data protection management according to EU-GDPR
• Consideration of BDSG, TKG, TMG, IT Security Act
• Implementation of ISMS according to ISO 27001 and BSI basic protection
• Vulnerability management
• Forensic analysis
• IT security implementations
• Conducting status analyses in data protection and information security
• Expert activities
• Lecturer
• Consulting services on use of automation possibilities and AI including Machine Learning

Setup and management of Digital Forensics & Cyber Security department and external data protection officer for various clients:

• Disciplinary and technical management
• Vulnerability management
• Forensic analysis
• IT security implementations
• Conducting status analyses
• Expert activities
• Data protection projects
• Data protection management according to EU-GDPR
• Consideration of BDSG, TKG, TMG, IT Security Act
• Implementation of ISMS according to ISO 27001 and BSI basic protection
• Lecturer

Overall responsibility for the IT department of a statutory health insurance:

• Migration of existing server landscape to new data center
• Creation of workflows
• Disciplinary and technical management
• System conversion
• IT security consideration
• Data protection management
• BDSG, TKG, TMG, IT Security Act
• Introduction of new backup solution
• Introduction of DMS using d.velop d.3
• Employee training
• Documentation
• Server system setup
• Introduction of BI using COGNOS
• Development of customer-specific analyses and evaluations
• Introduction of specific workflows
• Responsible for introducing nationwide CMS software specific to health insurance
• Development and documentation of authorization concepts for operating systems and business applications
• Technical and disciplinary team management
• Monitoring migration steps
• Escalation management
• Discussion of relocation options with goal of decision-making on sourcing options
• Discussion of cloud strategy
• Definition of interfaces, especially considering cloud/outsourcing strategies

• Project management for:
• Implementation of complex IT solutions
• BlackBerry integrations
• Introduction of AVAYA telephone systems
• Migration of various Windows servers
• Introduction of modern video conferencing systems
• Introduction of modern backup solutions
• IT strategy and control at international real estate corporations
• IT strategy and control at international law firms
• Planning, coordination and implementation of customer-specific IT training
• Offer management, budget planning & controlling
• Control and disposition of internal and external service providers
• Planning, maintenance, care and migration of complex IT solutions
• Domain-spanning networking
• Implementation of BlackBerry servers
• Implementation and controlling of backup solutions
• Connection of modern ticket systems
• Maintenance of complex Microsoft environments
• Remote maintenance of complex Microsoft environments
• Installation of modern firewalls
• Setup of VPN access
• Discussion of relocation options with goal of decision-making on sourcing options
• Discussion of cloud strategy
• Definition of interfaces, especially considering cloud/outsourcing strategies

• Contributing to management, operation and further development of intranet and internet application OPEN
• Planning and configuration of information and telecommunications systems
• Setup, operation and administration of systems according to customer requirements
• Systematic limitation and elimination of system faults using modern expert and diagnostic systems
• User and system consulting
• Creation of system documentation
• Development and organization of user-specific seminars and training
• Implementation of user-specific seminars and training
• Design of complex qualification projects to achieve strategic corporate goals
• New business models and organizational forms for further education
• Integration of e-learning
• Criteria and methods for evaluation and controlling of further education
• Project management for introduction of evaluation module EvaSys
• Discussion of relocation options with goal of decision-making on sourcing options
• Discussion of cloud strategy
• Definition of interfaces, especially considering cloud/outsourcing strategies