Andreas K.

Lead Auditor, ICT

Heidenheim an der Brenz, Germany

Experience

Mar 2023 - Present
2 years 6 months
Switzerland

Lead Auditor, ICT

Swiss Safety Center

  • Conducting pre-audits, certification audits, and assessments for ISO/IEC 27001:2013 and ISO/IEC 27001:2022, including the related sub-standards 27017, 27018, and 27701 as a privacy standard
  • Conducting pre-audits, certification audits, and assessments for ISO 9001 in the assigned EAC scopes
  • Managing the ICT standards of SSC as a product manager
Dec 2022 - Feb 2023
3 months
Switzerland

Chief Information Security Officer, CISO

localsearch / Swisscom Directories AG

  • Overall responsibility for information security across all business units and locations
  • Strategic development and operation of the information security management system, closely aligned with the current ISO27001 standard family
  • Creating and implementing security policies, and ensuring compliance as a governance function in the company
  • Identifying and classifying risk areas and deriving the required security level and protection needs
  • Defining and integrating standardized processes for capturing and evaluating risks into business processes, support functions, and IT service management processes
Jan 2017 - Nov 2022
5 years 11 months
Oberkochen, Germany

Director Data Protection

Carl Zeiss AG

  • Group Data Protection Officer for Carl Zeiss AG and the ZEISS Group (around 200 global legal entities)
  • Direct reports: 11 FTE
  • Functional reports: approx. 160 privacy coordinators worldwide
  • Overall responsibility for the global data protection management system across all business areas and locations
  • Developing and implementing policies, and ensuring compliance as a governance function across the entire company
  • Designing and rolling out an audit system for data protection valid at the process and line levels
  • Identifying and classifying risk areas and deriving the required data protection level and protection needs
  • Defining and integrating standardized processes to capture and evaluate risks in business processes
  • Integrating and embedding data protection requirements, with special focus on all end-customer markets
  • Designing and conducting data protection awareness measures
  • Risk assessment from a data protection perspective within projects (as part of the Project Management Office)
  • Recording, preparing, and tracking incidents relevant to data protection
  • Advising and consulting top management on risk mitigation, preventing data breaches, and ensuring compliance
  • Providing data protection consulting in program management for production digitization
  • Point of contact for all business groups and service companies on data protection matters
  • Leading group data protection and the global data protection coordinators
Aug 2014 - Dec 2016
2 years 5 months
Oberkochen, Germany

Head of Information Security

Carl Zeiss SMT GmbH

  • Overall responsibility for information security across all centralized corporate functions (production, IT, shopfloor IT, facility management) and locations
  • Strategic implementation of an overarching information security management system closely aligned with the current ISO27001 standard family
  • Developing and implementing security policies, and ensuring compliance as a governance function across the entire company
  • Designing and rolling out an audit system for information security valid at the process and line levels
  • Identifying and classifying risk areas and deriving the required security level and protection needs
  • Defining and integrating standardized processes for capturing and evaluating risks in business processes and IT service management processes
  • Integrating and embedding information classification, with special focus on all IP-related content (R&D, production, and strategic innovations)
  • Ensuring compliance with ISO27001 standards and measuring the overall state of information security
  • Evaluating strategic progress along an information security maturity model
  • Designing and conducting security awareness measures
  • Risk assessment from an information security perspective within projects (as part of the Project Management Office)
  • Recording, preparing, and tracking incidents relevant to information security, including forensics
  • Advising and consulting top management on risk mitigation in the product development process (preventing blocking patents, loss of know-how)
  • Providing information security consulting in program management for production digitization
  • Owner of the ISMS and maintaining the risk register in portfolio management of security-critical business processes
Jul 2011 - Jul 2014
3 years 1 month
Burgkunstadt, Germany

Head of Information Management

Baur Versand

  • Department head of service and operations
  • Direct reports: 26 FTE
  • Deputy IT Manager/CIO
  • Managing 1st and 2nd level end-user support
  • Managing 24/7 IT operations
  • Managing software development (e-business)
  • IT service management and IT governance
  • Budget, technical, and leadership responsibility (about 26 employees at 14 locations)
  • Implementing a new logistics and ERP system (MS Navision)
  • Consolidating subsidiaries (Unito, SPO, BFS)
  • Implementing order fulfillment for Amazon South Germany, Croatia, Czech Republic
  • Modernizing IT organization, technology, and processes
  • Enabling IT growth – target 1 billion in revenue
Jan 2007 - Jun 2011
4 years 6 months
Coburg, Germany

Chief Security Officer of the Brose Group

Brose Gruppe

  • Ensuring information security of all IT systems in the central function globally at all Brose Group locations regarding availability, confidentiality, and integrity of data and systems
  • Covering legal or customer-specific IT security requirements (e.g., customer audits) and systematically reducing identified risks (risk analysis and risk management)
  • Developing and implementing IT security policies for the entire group, with regular auditing
  • Supporting IT functions in designing internal IT processes (e.g., change management) and deriving protection requirements for IT systems and business processes (in collaboration with information owners)
  • Ensuring compliance with ISO27001 standards and measuring the overall state of IT security
  • Designing security awareness for both IT staff and users, as well as technical security review of projects (as part of the Project Management Office)
  • Secure connection and operation of external partners (joint ventures) or outsourced services
  • Early and comprehensive integration of production facilities and shop-floor IT into the overall IT security view, Industry 4.0
Jan 2004 - Dec 2006
3 years
Coburg, Germany

Team Leader IT Service – Administration (5.5 FTE), Deputy Department Head IT Service (19.5 FTE)

Brose Gruppe

Jun 2001 - Dec 2003
2 years 7 months
Ludwigsstadt, Germany

IT System Administrator

Sparkasse Kronach-Ludwigsstadt

  • Interrupted by civilian service
Jan 1998 - Jun 2000
2 years 6 months
Ludwigsstadt, Germany

IT System Administrator

Sparkasse Kronach-Ludwigsstadt

Sep 1995 - Mar 1998
2 years 7 months
Ludwigsstadt, Germany

Apprenticeship as a Bank Clerk

Sparkasse Kronach-Ludwigsstadt

Summary

  • Over 25 years of experience in IT management, IT project management, data protection, and information security
  • Diverse industry experience, especially in manufacturing (optoelectronics, automotive), retail/logistics, banking and insurance, as well as medical technology
  • COBIT5 with extensive experience in controlling and organizing IT departments
  • PRINCE2, very experienced in international project management

Languages

German
Native
English
Advanced

Education

Apr 2003 - Mar 2007
Lorem ipsum dolor sit amet

State-Certified IT Specialist (Technical School) · Technical Informatics

Sep 1995 - Mar 1998

Sparkasse Kronach-Ludwigsstadt

Bank Clerk · Ludwigsstadt, Germany

Certifications & licenses

Lead Auditor ISO27001

Data Protection Officer Certification (DGI)

ITIL Certified Expert (according to ITIL V3)

COBIT5

IT Design (according to ITIL V3)

IT Operations (according to ITIL V3)

IT Strategy (according to ITIL V3)

IT Transition (according to ITIL V3)

PRINCE2

ITIL v3 Foundation

Certified Data Privacy Manager

IAPP

Certified Data Privacy Solution Engineer

Certified Information Privacy Professional / Europe

IAPP

Certified Information Security Manager (CISM)

Lead Auditor ISO20000-1

Lead Auditor ISO9001

Certified Data Protection Officer (according to the Ulm Model)

UDIS

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions