Conducting pre-audits, certification audits, and assessments for ISO/IEC 27001:2013 and ISO/IEC 27001:2022, including the related sub-standards 27017, 27018, and 27701 as a privacy standard
Conducting pre-audits, certification audits, and assessments for ISO 9001 in the assigned EAC scopes
Managing the ICT standards of SSC as a product manager
Dec 2022 - Feb 2023
3 months
Switzerland
Chief Information Security Officer, CISO
localsearch / Swisscom Directories AG
Overall responsibility for information security across all business units and locations
Strategic development and operation of the information security management system, closely aligned with the current ISO27001 standard family
Creating and implementing security policies, and ensuring compliance as a governance function in the company
Identifying and classifying risk areas and deriving the required security level and protection needs
Defining and integrating standardized processes for capturing and evaluating risks into business processes, support functions, and IT service management processes
Jan 2017 - Nov 2022
5 years 11 months
Oberkochen, Germany
Director Data Protection
Carl Zeiss AG
Group Data Protection Officer for Carl Zeiss AG and the ZEISS Group (around 200 global legal entities)
Overall responsibility for the global data protection management system across all business areas and locations
Developing and implementing policies, and ensuring compliance as a governance function across the entire company
Designing and rolling out an audit system for data protection valid at the process and line levels
Identifying and classifying risk areas and deriving the required data protection level and protection needs
Defining and integrating standardized processes to capture and evaluate risks in business processes
Integrating and embedding data protection requirements, with special focus on all end-customer markets
Designing and conducting data protection awareness measures
Risk assessment from a data protection perspective within projects (as part of the Project Management Office)
Recording, preparing, and tracking incidents relevant to data protection
Advising and consulting top management on risk mitigation, preventing data breaches, and ensuring compliance
Providing data protection consulting in program management for production digitization
Point of contact for all business groups and service companies on data protection matters
Leading group data protection and the global data protection coordinators
Aug 2014 - Dec 2016
2 years 5 months
Oberkochen, Germany
Head of Information Security
Carl Zeiss SMT GmbH
Overall responsibility for information security across all centralized corporate functions (production, IT, shopfloor IT, facility management) and locations
Strategic implementation of an overarching information security management system closely aligned with the current ISO27001 standard family
Developing and implementing security policies, and ensuring compliance as a governance function across the entire company
Designing and rolling out an audit system for information security valid at the process and line levels
Identifying and classifying risk areas and deriving the required security level and protection needs
Defining and integrating standardized processes for capturing and evaluating risks in business processes and IT service management processes
Integrating and embedding information classification, with special focus on all IP-related content (R&D, production, and strategic innovations)
Ensuring compliance with ISO27001 standards and measuring the overall state of information security
Evaluating strategic progress along an information security maturity model
Designing and conducting security awareness measures
Risk assessment from an information security perspective within projects (as part of the Project Management Office)
Recording, preparing, and tracking incidents relevant to information security, including forensics
Advising and consulting top management on risk mitigation in the product development process (preventing blocking patents, loss of know-how)
Providing information security consulting in program management for production digitization
Owner of the ISMS and maintaining the risk register in portfolio management of security-critical business processes
Jul 2011 - Jul 2014
3 years 1 month
Burgkunstadt, Germany
Head of Information Management
Baur Versand
Department head of service and operations
Direct reports: 26 FTE
Deputy IT Manager/CIO
Managing 1st and 2nd level end-user support
Managing 24/7 IT operations
Managing software development (e-business)
IT service management and IT governance
Budget, technical, and leadership responsibility (about 26 employees at 14 locations)
Implementing a new logistics and ERP system (MS Navision)
Consolidating subsidiaries (Unito, SPO, BFS)
Implementing order fulfillment for Amazon South Germany, Croatia, Czech Republic
Modernizing IT organization, technology, and processes
Enabling IT growth – target 1 billion in revenue
Jan 2007 - Jun 2011
4 years 6 months
Coburg, Germany
Chief Security Officer of the Brose Group
Brose Gruppe
Ensuring information security of all IT systems in the central function globally at all Brose Group locations regarding availability, confidentiality, and integrity of data and systems
Covering legal or customer-specific IT security requirements (e.g., customer audits) and systematically reducing identified risks (risk analysis and risk management)
Developing and implementing IT security policies for the entire group, with regular auditing
Supporting IT functions in designing internal IT processes (e.g., change management) and deriving protection requirements for IT systems and business processes (in collaboration with information owners)
Ensuring compliance with ISO27001 standards and measuring the overall state of IT security
Designing security awareness for both IT staff and users, as well as technical security review of projects (as part of the Project Management Office)
Secure connection and operation of external partners (joint ventures) or outsourced services
Early and comprehensive integration of production facilities and shop-floor IT into the overall IT security view, Industry 4.0
Jan 2004 - Dec 2006
3 years
Coburg, Germany
Team Leader IT Service – Administration (5.5 FTE), Deputy Department Head IT Service (19.5 FTE)
Brose Gruppe
Jun 2001 - Dec 2003
2 years 7 months
Ludwigsstadt, Germany
IT System Administrator
Sparkasse Kronach-Ludwigsstadt
Interrupted by civilian service
Jan 1998 - Jun 2000
2 years 6 months
Ludwigsstadt, Germany
IT System Administrator
Sparkasse Kronach-Ludwigsstadt
Sep 1995 - Mar 1998
2 years 7 months
Ludwigsstadt, Germany
Apprenticeship as a Bank Clerk
Sparkasse Kronach-Ludwigsstadt
Summary
Over 25 years of experience in IT management, IT project management, data protection, and information security
Diverse industry experience, especially in manufacturing (optoelectronics, automotive), retail/logistics, banking and insurance, as well as medical technology
COBIT5 with extensive experience in controlling and organizing IT departments
PRINCE2, very experienced in international project management
Languages
German
Native
English
Advanced
Education
Apr 2003 - Mar 2007
Lorem ipsum dolor sit amet
State-Certified IT Specialist (Technical School) · Technical Informatics
Sep 1995 - Mar 1998
Sparkasse Kronach-Ludwigsstadt
Bank Clerk · Ludwigsstadt, Germany
Certifications & licenses
Lead Auditor ISO27001
Data Protection Officer Certification (DGI)
ITIL Certified Expert (according to ITIL V3)
COBIT5
IT Design (according to ITIL V3)
IT Operations (according to ITIL V3)
IT Strategy (according to ITIL V3)
IT Transition (according to ITIL V3)
PRINCE2
ITIL v3 Foundation
Certified Data Privacy Manager
IAPP
Certified Data Privacy Solution Engineer
Certified Information Privacy Professional / Europe
IAPP
Certified Information Security Manager (CISM)
Lead Auditor ISO20000-1
Lead Auditor ISO9001
Certified Data Protection Officer (according to the Ulm Model)