Cyber Security Consultant

Independent development of guidelines, specifications and concepts for ICT risk management and information security

Provide advice to departments on ICT risk management and information security issues

Further development of the ICT Risk Management Framework, which governs the identification, assessment, and control of ICT risks

Evaluation of the Information Security Management System (ISMS), including adaptation to new challenges

Conducting risk analyses to identify and assess potential ICT risks and risks to the information security of the Metzler Group

Advising on the definition and implementation of measures to minimize risks and improve the resilience of ICT systems

Advice on ensuring compliance with relevant internal and external regulatory requirements (e.g. MaRisk, DORA, BAIT, BSI IT-Grundschutz, ISMS, ISO27001, ISO27005, BCM ISO 22301, ISO/IEC 42001)

Advice on internal and cross-departmental projects (SAP DORA compliance, Target2)

• Support in migrating from HiScout to ForumSuite
• ISMS, risk management, business continuity management, emergency management
• DORA- RTS/IST/Guidelines, GAP analysis, requirements
• BSI – IT-Grundschutz Compendium
• ISO/IEC 27001 / 27002 & ISO/IEC 22301
• Bank-specific target action catalog (BASI)
• Compliance Guidelines (LFO)
• Guide to the basics of IT regulation (LFI)
• Banking supervisory requirements for IT (BAIT)
• Capital management supervisory requirements for IT (KAIT)
• Insurance regulatory requirements for IT (VAIT)
• ISO 9001
• Industry-specific security standards (B3S)

• Development and implementation of the information security strategy according to ISO 27001
• Development of presentations and business cases as a basis for decisions
• Establishment of an ISMS according to ISO27001
• Management of consulting companies (PWC, DIOX, BDX, TGS, CBRE)
• Information security Incident management
• Communication and coordination with the internal cross-functional teams
• Development and further development of security concepts, participation in IT security concepts, guidelines, directives, procedural instructions, work instructions
• Maintaining external communication with stakeholders and authorities
• Implementation, maintenance, and further development of the cross-company risk management system regarding information security
• Consideration and evaluation of relevant legal and regulatory requirements regarding information security as well as implementation of business processes
• Audit management for information security based on the identified needs in the organization
• Raising awareness of information security requirements (externally and internally), e.g., by designing and implementing training programs
• Advice on information protection and IT security requirements
• Continuous improvement and monitoring of the ISMS system

• SOC/SIEM - Security Operations Center Process/Tools (ISMS ISO/IEC 27k)
• Vulnerability Management & Threat Intelligence Processes/Tools (ISMS ISO/IEC 27k)
• Security Incident Response Framework & Management (ISMS ISO/IEC 27k) & Security Concepts
• Security Emergency & Crisis Management (ISMS ISO/IEC 27k)
• Business Continuity Management & Disaster Recovery (ISMS ISO/IEC 27k)
• Improve the security of the GEA IT landscape due to the Global Security Program (ISMS ISO/IEC 27k)

• Cyber Security Consulting / Technical
• Project Management - Cyber Security BSI, ISO27k, ITIL, BCM, SOC/SIEM
• Elimination of Security Findings, Cyber Threat Analysis, Security Objectives, Security Measures with SOC team
• MS Windows 10 Security Standard, CIS Windows 10 Benchmark, Security Profiles, best practice
• Patch Management and Remediation
• Windows 10 End Point Protection, Firewall, GPO, Secure Boot, Disk Encryption, Remote Access, VPN, Software distribution (SCCM)

• Consulting and project management around critical trading application (Prio1) of LBBW
• Management of the elimination of cyber security findings at LBBW
• Lead implementation
• Steering of technical teams in hardware replacement of clients & rollout of critical trading application at client LBBW with reporting to the Division Manager & CIO as well as to LBBW
• Role-Based Access Control (RBAC) / Identity Access Management
• Project goals 100% achieved within 3 months

• Technical management as well as creation of an implementation concept based on the existing overall concept in the project "Bloomberg LBC" for the implementation of the restructuring of Bloomberg's market data infrastructure with the goal of an audit-proof infrastructure
• Creation of an implementation concept based on the existing overall concept
• Preparation of an as-is analysis regarding the implementation of the restructuring of Bloomberg's market data infrastructure
• Concept creation of a role-based access control system (RBAC, DAC, MAC)
• Implementation concept Identity Management System
• Managing the remediation of security vulnerabilities for Bloomberg's market data infrastructure and creating an action plan
• Ensuring an audit-proof infrastructure in accordance with the predefined security specifications
• Creation and execution of tests on various Bloomberg connections on the terminal
• Creation of an analysis of the failed tests

• Senior Application Management & Trading Floor Support, Team Lead Change Management
• Service Delivery Manager & Project Manager E. ON Ruhrgas Transition (1400 employees)
• IT Security Management, BCM Neuss, DR, KPI
• Senior Application Management, Deputy Team Lead (approx. forty employees)
• Responsible for the risk management system incl. evaluation with report to the department
• Software Integration, Configuration, Release, & Incident Lifecycle Management

• Conceptual design of access permissions in the application area of Kondor+
• Application support for HSH Nordbank as part of the Operational Stability & IT Security project
• Concept creation Identity & Access Management according to ITIL V3 (IAM)
• Creation of the implementation Manuals

• Integration with WebSphere Application Server, WebSphere MQ Series, WebSphere Process Server
• Support Unix & Applications, Packaging, Staging, Scripting, Citrix Management, Batch Processing
• QA Testing, Software Testing & Regression Testing, Production Assurance PLC, Support EAI Operations
• Defect Management with Mercury Quality Center, conversion from CVS to PVCS, later Sub Version
• Identity & Access Management, Change Management & Incident Management according to ITIL V3 (IAM)

• Integration & 3rd level support for the trading room, VIP support for senior traders and department heads
• Software Programming & Packaging, Creation and Distribution with MS-SMS on Windows 2003, Windows 2000 & XP, Solaris Packaging, Reporting, Overnight, Scenario & Batch Processing
• QA Testing, Quality Management / Software & Regression Testing, Change Control Management
• RTD/RTS, EUREX, Xetra, Reuters, Sophis Risque

• Planning, implementation, administration, and support for the entire trading platform
• Responsible for the support of the components Windows 2000 & XP, Reuters 3000 Xtra, Bloomberg, MS Office products various banking applications, Murex, Dealing 2000, Salamis, Ziris, Niku, Bond Pricing, SAP, Trade signal, Bondware
• Identity & Access Management
• Coordination of internal and external partners and employees