Daniel J. - Information Security Consultant

Mülheim an der Ruhr, Germany

Experience

Feb 2025 - Present

7 months

Extended quality assurance of documents, processes and required evidence in preparation for the KRITIS audit 2025.
Reviewing and commenting on all relevant documents.
Advising authors and document owners on questions and during the creation process.
Supporting departments with IT security inquiries.
Tools/Frameworks: MS Office, SharePoint, Jira, Confluence, ISO27001/ff., NIS-2 (EU 2022/2555), B3S (GKV-PV), BSIG / IT-SIG 2.0, BSI-KritisV, BSI-C5, BSI Grundschutz (200-2, 200-4), ServiceNow, RCE (EU 2022/2557), SGB, DSGVO

Nov 2024 - Present

10 months

Participation in the DORA project within the Operational IT Security subproject to implement regulatory requirements.
Creating the protection needs analysis and the information network.
Drafting technical instructions for the information network and protection needs assessment.
Modeling the target data model and architecture in a high-level view.
Collaborating on and optimizing process design for incident management and ICT incident management.
Preparing manuals and instructions.
Aligning and defining processes in ICT incident management.
Tools/Frameworks: MS Office, SharePoint, ISO27001/ff., DORA (EU 2022/2554), BAIT, BSI Grundschutz, RiMaGo, SBIT, PSD2, ZAG

Jul 2024 - Present

1 year 2 months

Supporting the migration "bOnline KRITIS Readiness 2025" to a new AWS target architecture.
Conducting interviews with stakeholders and adjacent teams.
Facilitating workshops and advising project teams on information security.
Analyzing and testing the effectiveness of current processes, controls, documentation and work methods.
Revising and creating policies, frameworks and documents.
Improving processes for detecting and handling security incidents.
Supporting IT security inquiries.
Tools/Frameworks: MS Office, SharePoint, Jira, Confluence, ISO27001/ff., NIS-2 (EU 2022/2555), B3S (GKV-PV), BSIG / IT-SIG 2.0, BSI-KritisV, BSI-C5, BSI Grundschutz (200-2, 200-4), ServiceNow, KRITIS-DachG / RCE (EU 2022/2557), SGB, DSGVO

Apr 2024 - Oct 2024

7 months

Identifying controls in the Asset Management unit that were evaluated inefficiently and defining measures to close the gaps.
Identifying and reviewing interfaces with other departments and teams.
Communicating with internal stakeholders and conducting interviews and workshops with adjacent teams.
Analyzing and testing the effectiveness of current processes, controls, documentation and work methods.
Documenting and presenting identified measures to address detected gaps.
Tools/Frameworks: MS Office, SharePoint, ISO27001/ff., ISO27019, IEC62443, IEC62351, IT-SiG, NIS-2 (EU 2022/2555), KRITIS, NIST, BDEW Whitepaper, BNetzA, BSI-C5, BSI Grundschutz (200-4)

Nov 2023 - Dec 2023

2 months

Preparing the migration and decommissioning of old Linux server environments for a corporate group with 70 locations in 8 countries.
Communicating with internal stakeholders, preparing status reports and presentations.
Coordinating and governing external contractors as well as escalation management.
Creating time and budget plans and rollout plans for use cases.
Defining a target environment for archiving and the data hub.
Determining and agreeing on access controls and authorization, integrating into the existing PAM system.
Tools: MS Office, SharePoint, Jira, ServiceNow