Björn Bausch
External Data Protection Officer, Project Manager EU-GDPR
Experience
Apr 2024 - Present
11 monthsLorem ipsum dolor sit amet
Chemiekonzern
- Basisprüfung NIS-2 Betroffenheit
- Registrierung NIS-2
- Durchführung einer IST-Analyse
- Erstellung Pflichtenheft
- Kontrolle der Umsetzung der NIS-2 Konformität
- Etablierung des Meldewesens im Kontext NIS-2
- Risikoanalyse und Sicherheit für Informationssysteme
- Bewältigung von Sicherheitsvorfällen
- Aufrechterhaltung und Wiederherstellung, Backup-Management, Krisen-Management
- Sicherheit der Lieferkette, Sicherheit zwischen Einrichtungen, Dienstleister-Sicherheit
- Sicherheit in der Entwicklung, Beschaffung und Wartung, Management von Schwachstellen
- Bewertung der Effektivität von Cybersicherheit und Risiko-Management
- Schulungen Cybersicherheit und Cyberhygiene
- Kryptografie und Verschlüsselung
- Personalsicherheit, Zugriffskontrolle und Anlagen-Management
- Multi-Faktor Authentisierung und kontinuierliche Authentisierung
- Sichere Kommunikation (Sprach, Video- und Text)
- Sichere Notfallkommunikation
Jan 2018 - Present
7 years 2 monthsExternal Data Protection Officer, Project Manager EU-GDPR
Techem Group
Consulting activity to support a global energy corporation with 19 companies and 6,500 employees in implementing EU-GDPR:
- Project manager EU-GDPR
- External group data protection officer
- Management of kick-off workshops for respective project starts including definition of necessary preparations for subprojects
- Data protection management according to EU-GDPR
- Creation and implementation of various data protection concepts (e.g. deletion concepts, order data processing, IT guidelines, data breach etc.)
- Accompanying/conducting data protection audits as part of audit activities to be coordinated and controlled
- Consideration of GDPR, BDSG_neu TKG, TMG, IT Security Act
- Training and gathering internal requirements of the works council (Techem AT)
- Conducting various audits
- Preparation for ISO/IEC 27001 certification (information security) for Techem AT
Aug 2017 - Present
7 years 7 monthsCEO and External Data Protection Officer
b-pi sec GmbH
Management in Information Security Management and external data protection officer for various clients:
- Disciplinary and technical management
- Data protection
- Data protection projects
- Data protection management according to EU-GDPR
- Consideration of BDSG, TKG, TMG, IT Security Act
- Implementation of ISMS according to ISO 27001 and BSI basic protection
- Vulnerability management
- Forensic analysis
- IT security implementations
- Conducting status analyses in data protection and information security
- Expert activities
- Lecturer
- Consulting services on use of automation possibilities and AI including Machine Learning
May 2017 - Dec 2017
8 monthsExternal Consultant
KfW Bankengruppe
Consulting activity to support the banking group in IT Security Audits. In particular, supporting audit management in conducting IT Security Checks as part of the 2017 audit plan:
- Project preparation and project organization
- Support in conducting and following up IT Security Audit
- Management of kick-off workshops at respective project starts including definition of necessary preparations and audit activities
- Management of results presentation meetings and mediation between auditor and audited organizational unit in discussions on findings
- Accompanying/conducting data protection preliminary/on-site controls as part of audit activities to be coordinated and controlled
- Initiating risk analysis for findings found, plausibilization of measures to remedy findings
- Data protection management according to EU-GDPR
- Consideration of BDSG, BDSG_neu TKG, TMG, IT Security Act
Jan 2015 - Jan 2017
1 year 1 monthHead of Department
Cyber Security Consulting Firm
Setup and management of Digital Forensics & Cyber Security department and external data protection officer for various clients:
- Disciplinary and technical management
- Vulnerability management
- Forensic analysis
- IT security implementations
- Conducting status analyses
- Expert activities
- Data protection projects
- Data protection management according to EU-GDPR
- Consideration of BDSG, TKG, TMG, IT Security Act
- Implementation of ISMS according to ISO 27001 and BSI basic protection
- Lecturer
Dec 2015 - Jan 2019
3 years 2 monthsHead of Department
Association of European Experts and Assessors
Contributing to and building up current IT security topics and data protection projects:
- Head of department Data Protection & Compliance
- Data protection
- EU-GDPR, BDSG, TKG, TMG, IT Security Act
- Lecturer
- Forensics
- Regional manager RLP & NRW
- Seminar development
Mar 2010 - Dec 2015
5 years 10 monthsHead of IT
BBK Braun-Gillette Health Insurance
Overall responsibility for the IT department of a statutory health insurance:
- Migration of existing server landscape to new data center
- Creation of workflows
- Disciplinary and technical management
- System conversion
- IT security consideration
- Data protection management
- BDSG, TKG, TMG, IT Security Act
- Introduction of new backup solution
- Introduction of DMS using d.velop d.3
- Employee training
- Documentation
- Server system setup
- Introduction of BI using COGNOS
- Development of customer-specific analyses and evaluations
- Introduction of specific workflows
- Responsible for introducing nationwide CMS software specific to health insurance
- Development and documentation of authorization concepts for operating systems and business applications
- Technical and disciplinary team management
- Monitoring migration steps
- Escalation management
- Discussion of relocation options with goal of decision-making on sourcing options
- Discussion of cloud strategy
- Definition of interfaces, especially considering cloud/outsourcing strategies
Jul 2009 - Nov 2009
5 monthsNetwork Engineer Consultant
Syzygy Deutschland Media & Advertising Agency
Building a VMWare landscape including backup:
- Planning and implementing VMWare projects
- Team management
- ESX4 introduction and support of VMs
- Internal training
- Planning and organizing backup topics
- Introduction of Symantec Veritay Backup Exec 12.5
- Network planning and support
- Installation of various Windows servers and their support
- Support and maintenance of implemented customer systems
- Remote maintenance
- Discussion of relocation options with goal of decision-making on sourcing options
- Discussion of cloud strategy
- Definition of interfaces, especially considering cloud/outsourcing strategies
Mar 2008 - Mar 2009
1 year 1 monthManagement Consultant
IT Strategy Consulting
- Project management for:
- Implementation of complex IT solutions
- BlackBerry integrations
- Introduction of AVAYA telephone systems
- Migration of various Windows servers
- Introduction of modern video conferencing systems
- Introduction of modern backup solutions
- IT strategy and control at international real estate corporations
- IT strategy and control at international law firms
- Planning, coordination and implementation of customer-specific IT training
- Offer management, budget planning & controlling
- Control and disposition of internal and external service providers
- Planning, maintenance, care and migration of complex IT solutions
- Domain-spanning networking
- Implementation of BlackBerry servers
- Implementation and controlling of backup solutions
- Connection of modern ticket systems
- Maintenance of complex Microsoft environments
- Remote maintenance of complex Microsoft environments
- Installation of modern firewalls
- Setup of VPN access
- Discussion of relocation options with goal of decision-making on sourcing options
- Discussion of cloud strategy
- Definition of interfaces, especially considering cloud/outsourcing strategies
Sep 2005 - Mar 2008
2 years 7 monthsInterim IT Manager
Insurance Company
Planning and realignment of IT:
- Implementation of IT department in corporation
- Design of IT infrastructure
- Deployment and distribution of hardware and software
- Working time planning
- Work assignment planning
- Curriculum development
- Employee motivation
- Employee management
- Organization planning
- Presentation development
- Creation of system documentation
- Development, organization and implementation of user-specific seminars and training
- Discussion of relocation options with goal of decision-making on sourcing options
- Discussion of cloud strategy
- Definition of interfaces, especially considering cloud/outsourcing strategies
Sep 2001 - Jun 2005
3 years 10 monthsSenior Consultant
Deutsche Bahn AG
- Contributing to management, operation and further development of intranet and internet application OPEN
- Planning and configuration of information and telecommunications systems
- Setup, operation and administration of systems according to customer requirements
- Systematic limitation and elimination of system faults using modern expert and diagnostic systems
- User and system consulting
- Creation of system documentation
- Development and organization of user-specific seminars and training
- Implementation of user-specific seminars and training
- Design of complex qualification projects to achieve strategic corporate goals
- New business models and organizational forms for further education
- Integration of e-learning
- Criteria and methods for evaluation and controlling of further education
- Project management for introduction of evaluation module EvaSys
- Discussion of relocation options with goal of decision-making on sourcing options
- Discussion of cloud strategy
- Definition of interfaces, especially considering cloud/outsourcing strategies
Summary
Björn Bausch ist Inhaber eines Beratungshauses für Datenschutz, Informationssicherheit und Compliance. Zeitgleich ist er in den drei Kernkompetenzen absoluter Fachexperte.
Neben der Betreuung von Mandaten als externer Datenschutz- und Informationssicherheitsbeauftragter hält er regelmäßige Fachvorträge oder agiert immer wieder als Key-Note-Speaker.
Languages
German
Native
English
Advanced
Education
Dec 2015 - Jan 2019