Project Lead

• Defined security concepts for all relevant applications running on AWS cloud platform.
• Connected applications to BMW central SOC/Splunk.
• Regular Pen tests, IAST/SAST/DAST application scans.
• Ensured compliance with BMW regulations.

Achievements:

• Achieved over 95% Security KPI.
• Compliance KPI exceeded 90%.

• Conducted Cloud Vendor Assessments (CVA) based on DCSO defined security domains (NIST/ISO).

Achievements:

• Successfully completed over 10 assessments in 2022.
• Successfully completed over 10 assessments in 2023.

• Defined Information Security (IS) roadmap till 2025.
• Implemented ISMS according to ISO 27001, enriched with NIST-800 and NIST CSF controls.
• Set up worldwide IS organization and a 24/7 Incident Response Team.
• Conducted Business Impact Analysis and TCM/BCM concepts.
• Designed and implemented endpoint protection, data classification, and data loss prevention concepts.

Achievements:

• Approved Information Security (IS) strategy and policy.
• Published IS and GRC policies.
• Established IS awareness concepts and management cockpit with defined KPIs.
• Established MDR Security Operation Center and Security Incident Response Team.
• Implemented endpoint protection on over 8K endpoints with sentinel monitoring.
• Integrated data classification and data loss prevention into business processes.

• Conducted as-is analysis of existing IT infrastructure and services.
• Mapped business processes to IT services.
• Evaluated options for future IT strategy and organization.
• Proposed and defined IT strategy based on evaluations.

Achievements:

• Created as-is documentation and business processes.
• Reviewed business impact analysis.
• Defined IT strategy and handed over the rollout preparation to IT Manager.

• Aligned project pillars across Data Centre (DCC), Virtual Client (AVC), Global Mail (GM), AGN Network & AGN security services.
• Controlling overall project budgets.
• Coordinated execution between projects and local CIOs in APAC.

Achievements:

• Successful rollout of AGN, AGN security services, and GM in 2018.
• Rollout completion for AVC and DCC in 2019.

• Defined and implemented information security concepts based on BSI 100-x and ISO 27xxx.
• Created ISMS for over 20 locations/business units.
• Conducted audits and follow-ups.

Achievements:

• Delivered BSI 100-1/2 and ISO27xxx security concepts.
• Developed IT-emergency concepts based on BSI 100-4.
• Handover of ISMS to successor by end of tenure.

• Designed new DC concept with regulatory requirements for multiple countries.
• Conducted BIA with RTO/RPO.
• Controlled project costs, budget, milestones.

Achievements:

• Consolidated DC infrastructure from 6 to 2 data centers globally.
• Introduced DR concepts and reduced IT costs.

• Defined IT Governance policy according to CBRC, PBOC requirements, ISO38500, and COBIT5 standards.
• Aligned with BMW AG and BMW Bank.
• Prepared presentation for top management.

Achievements:

• Submitted and gained approval for IT Governance policy tailored for Chinese market.

• Created business proposals summarizing security requirements.
• Designed information protection/DLP concepts.

Achievements:

• Finalized DLP concepts and performed successful PoCs with diverse business cases.
• Handover included rollout preparations for operations.

• Held security workshops clarifying requirements.
• Provided information security directive/support for protected R&D engagement.

Achievements:

• Delivered comprehensive information security frameworks for Audi R&D's secure operations.