Lead Audit Conformity & IT-SiKat

• Support in implementing the requirements of Section 8a of the BSI Act for critical infrastructures.
• Systematic preparation and management of internal and external audits, addressing previous deviations (HA, NA, VP).
• Implementation of the specific requirements of the IT security catalog.
• Development of training, creation of run books, and conducting assessments to ensure operational effectiveness.

• Implementation of a centralized log management system to meet KRITIS requirements in energy supply
• Responsibility as workstream lead for collecting, extracting, and aggregating log data from selected power plants
• Installation and configuration of security components such as the genua Cyber-Diode and SYSLOG to ensure logging

• Horizon scan: designing a trend analysis for IT emergency management using prelead

• Taking responsibility for setting up the project and managing delivery through to the finish line
• Analyzing program and project challenges and risks
• Defining an effective approach
• Restructuring and mobilizing colleagues and partner staff
• Supporting the newly organized cybersecurity department on its path to the next level of operational maturity (e.g., evolving into a customer-focused, standardized, and sustainable organization)

Audit support for the world's second-largest transport company. Evaluated and completed the information security policies and documentation framework for IDW and BSI audit standards.

• Supporting the 2nd line of defense in building and operating an information security management system (ISMS) according to ISO 27001
• Creating and maintaining policies, processes, and other governance documents (e.g., work instructions and manuals)
• Contributing to the information security strategy
• Assisting with information security risk management
• Implementing measures to eliminate/mitigate information security risks and deficiencies
• Preparing for the next §8a audit cycle (2023)
• Coordinating with business units to identify KRITIS-relevant assets
• Creating a scoping document for KRITIS-relevant assets
• Collecting and preparing evidence

Development and implementation of multiple BSI IT-Grundschutz projects for state ministries in North Rhine-Westphalia and for federal agencies.

• Project manager for the introduction and maintenance of a quality management system according to ISO 9001 for consulting, auditing, and training in information security, risk management, data protection, and BCM
• Transition manager for the transition of a 120-person team
• Key expert for OT security and general advisor on technical aspects of cybersecurity in the energy sector and other industries

• Support in requirements engineering and the technical implementation for the document management system OneDMS
• Management of organizational change to develop a cybersecurity interface (policy development, implementation of technical requirements, awareness training, ticket management, support for business projects regarding cybersecurity aspects and requirements)
• Management of internal and external audits as well as supplier audits according to ISO 27001, ISO 27002 and ISO 27019 (based on the IT security catalog)
• Support of the CISO, assessing protection needs and monitoring cybersecurity aspects for IT and OT

• Study on 'ISMS in the Energy Sector 2018'
• In-house implementation of GDPR and ITIL-oriented services

• Supported the Group CISO in the areas of governance, processes and awareness, incident management, strategic management, and technical issues in the energy sector

• Study on location management to close vacancies in industrial parks in the Lusatia energy region, commissioned by Vattenfall Europe Generation AG and the Lusatia-Spreewald Energy Region
• Market analysis of the Bavarian, Brandenburg, and Saxon tourism markets to derive suitable market entry strategies
• Fundraising for the event marking 20 years of Brandenburg University of Technology Cottbus
• Lectures on eBusiness, International Marketing, and market-oriented product development

Part of the Fraunhofer Institute for Material Flow and Logistics IML.

• Implementation of real-time location systems in complex industrial environments with ubisense
• Assessment of physical security at Sheremetyevo Cargo Airport, Moscow, Russia
• User support for the Fraunhofer Public Key Infrastructure
• Application development for a digital patient history for online and offline use by emergency services using .NET/C#/HTML and PRINCE2 (ADAC)
• Development and promotion of an EU-wide injury database (IDB)
• Event management for the "Night of Creative Minds" – a science roadshow
• Organizational and technical assistance at the related Chair of Industrial IT