Federico (F.) Leefhelm
ISO/IEC 27001 Auditor
Experience
Oct 2023 - Jun 2024
9 months Germany
ISO - Senior Consultant Quality & Information Security
Gemeinsame Klassenlotterie der Länder
- Responsible for benchmarking and future implementation of ISO tool to centrally manage all management systems
- Responsible for implementing Quality Management System according to ISO 9001:2015
- Responsible for implementing Information Security Management System according to ISO 27001:2022
- Preparation and creation of measures to build and implement QMS and ISMS
- Recognition, assessment and handling of critical and potential attack scenarios
- Risk management, analysis, treatment, protection requirements and vulnerability analysis of IT infrastructure
Jul 2023 - Apr 2024
10 months Hamburg, Germany
ISO - Senior Consultant Cyber- & Information Security
Northland Power Europa GmbH
- Member of security team responsible for cyber & information security of wind turbines
- Responsible for creating documentation and measures for BSI IT-SiG 2.0 compliance
- Preparation and creation of measures to build and implement ISMS according to ISO 27001:2022
- Risk management, analysis, protection requirements and vulnerability analysis
- Created IT/OT emergency concepts, incident response processes & system recovery
Project terminated early due to sale of wind farms and company closure in Germany
Feb 2023 - Aug 2023
7 months Velbert, Germany
CISO ad Interim & Senior Management Consultant ISMS, BCM & IAM
Huf Hülsbeck & Fürst GmbH & Co. KG
- Led project to implement Business Continuity Management according to ISO 22301
- Defined project scope, created BCM policy, BIA, RIA and DRP
- Conducted first audit of Corporate Identity and Access Management process and identified many irregular processes
- Supported continuous improvement of TISAX and ISMS certification
BCM project not completed due to budget planning
Dec 2022 - Jul 2024
1 year 8 months Düsseldorf, Germany
ISO, Sr. Management Consultant and Sr. PMO
Universitätsklinikum Düsseldorf
- Works directly with and is personal Senior Management Consultant to the Head of IKMT department and leader of innovation projects
- Responsible for IT security across the entire IT department as ISO
- Creation, maintenance and improvement of ISMS policies and SOPs
- Training and awareness of IT staff in IT security, incident response processes and IT system recovery
- Creation and main contact for UKD's new IT strategy plus BIA and DRP for IT system recovery
- Preparations for introducing Business Continuity Management according to ISO 22301
- Created IT cyber security strategy and roadmap
- Created IT emergency concept, IT security concept, incident response and related supporting concepts
- Contributed to measures for BSI IT-SiG 2.0 compliance
- Development of security concept, PoC, evaluation and implementation of medical device monitoring security system
- Built Security Operations Center (SOC) with working concept for faster threat detection and response
- Built Security Information Event Management (SIEM) with Splunk
- Took over Senior PMO role from February 2023
- Responsible for controlling all IT-related projects (>2K projects)
- Created patch management security concept & processes
May 2022 - Dec 2022
8 months Munich, Germany
Senior Management Consultant BCM, Compliance & Information Security
Bitmarck Beratung GmbH
- Led project to implement Business Continuity Management according to ISO 22301 and BSI IT-GS Standard 200-4
- Defined project scope, created BCM policy, conducted BIA, RIA and created emergency concepts
- Created project Gantt chart and prepared documentation for ISO 22301 certification
BCM project not completed due to budget planning
May 2022 - Jul 2022
3 months Germany
CISO as a Service
EUROVIA Services GmbH
- Prepared and conducted awareness training for company and subsidiaries
- Reviewed penetration test results and created action plan to fix vulnerabilities
- Optimized IT processes to optimally support business processes
- Helped ensure availability of IT services
- Reviewed existing ISMS files for gap analysis and ISO 27001 implementation
Mar 2021 - Jun 2023
2 years 4 months Wilhelmshaven, Germany
Security Engineer, ISO, Senior Management Consultant Cyber- & Information Security
Thales Deutschland GmbH Naval
- Member of F126 team responsible for cyber & information security of new F126 ships for German Navy
- Lead implementation of Thales' largest information security innovation projects
- Risk management, analysis, protection requirements and vulnerability analysis
- Created and improved security policies and concepts for ship IT infrastructure
- Created security & emergency concepts considering ISO 27001, BSI guidelines and military standards
- Worked on security of Digital Communication Network, Ship Entry Point and Satellite Communication systems
- Consulted on conflicts between technical implementation and security requirements
- Applied ISO 27001, BSI and military IT security standards
- Participated in workshops with German Navy and other contractors
- Collaborated with security teams from France and Netherlands
Jun 2019 - Mar 2020
10 months Wiesbaden, Germany
ISO & Senior Management Consultant Compliance & Information Security
Bundeskriminalamt
- Responsible for certifying new cloud services platform against C5 standard
- GAP analysis and support for ISMS implementation according to ISO 27001
- Created and improved policies and SOPs for C5, ISMS & IT baseline security
- Created security and emergency concepts for IT operations and cloud services
- Collaborated with SOC team on threat landscape
- Conducted internal training and awareness sessions
- Project terminated early due to COVID-19 pandemic
Feb 2019 - Jul 2019
6 months Düsseldorf, Germany
CISO & Senior Management Consultant Compliance & Information Security
Dr. Glinz COViS GmbH
- Created security concepts for company and software products as CISO
- Conducted EU-GDPR pre-audit finding 90% compliance
- Implemented new proposals for IT security strategy development
- Introduced event handling concept and improved SOC
- Conducted security assessments to identify and fix vulnerabilities
- Developed new compliance services for customers
- Created new policies for cloud services
May 2018 - Dec 2019
8 months Mannheim, Germany
Lead Auditor & Sr. Management Consultant Compliance & Information Security
TÜV SÜD
- Conducted ISO 27001 audits for various customers
- Conducted EU-GDPR workshops and pre-audits
Apr 2018 - Jan 2019
10 months Walldorf, Germany
Lead Auditor & Sr. Management Consultant Compliance & Information Security
SAP AG
- International Lead Audit Manager for quality and information security standards
- Collaborated with compliance, audit and SOC teams worldwide
- Reviewed and improved cloud services security concepts
- Contributed to information security innovation projects
- SPOC between Cloud Network Delivery, users and compliance teams
- Managed compliance projects for data centers worldwide
Oct 2017 - Jun 2018
9 months Karlsruhe, Germany
Division Manager Compliance Services & Solutions
Makro Factory GmbH & Co. KG
- Built new compliance services division offering ISMS, BCM, IAM implementation
- Consulted on ISO 27001 and GDPR compliance
- Conducted seminars and workshops on ISMS implementation
- Performed information security audits
Feb 2016 - Jun 2018
2 years 5 months Karlsruhe, Germany
CISO & Senior Management Consultant Compliance Services & Solutions
Makro Factory GmbH & Co. KG
- Successfully implemented and certified ISMS (ISO 27001) and BCM (ISO 22301)
- Created IT emergency concepts and disaster recovery plans
- Conducted security assessments to identify vulnerabilities
- Completed implementation and certification in 14 months
- Delivered EU-GDPR & ISMS workshops for customers
- Provided ISO 27001 & 22301 consulting for customers
Nov 2015 - Jan 2016
3 months Düsseldorf, Germany
Senior Management Consultant Compliance & Information Security
Stadtsparkasse Düsseldorf
- Conducted banking security consulting regarding BaFin and MaRisk compliance
- Advised on network services outsourcing under banking regulations
- Adapted incident management for network provider change
Summary
Diplom-Ingenieur mit Schwerpunkt Wirtschaftsinformatik aus der TU Santiago (Chile, 1977-1982).
Im Rahmen meiner Erfahrung habe ich im Laufe der Jahre verschiedene Positionen in Deutschland, Chile und anderen lateinamerikanischen Ländern ausgeführt (CEO, CIO, COO, CTO, CISO, ISO, Senior PM, Senior PMO, usw.).
Meine Erfahrungen als CEO beinhalten die Gründung und Leitung eines eigenen Unternehmens als IT-Dienstleister, in dem ich über einen Zeitraum von 6 Jahren über 120 Ingenieure beschäftigen und große Projekte erfolgreich abschließen konnte.
Aufgrund meiner deutschen und chilenischen Staatsangehörigkeit lebte ich mit meiner Frau von April 1981 bis Ende Juni 1992 erstmals in der Bundesrepublik Deutschland. Anschließend gingen wir zurück nach Chile, wurden dort Eltern und kamen 23 Jahre später (Juni 2015) wieder nach Deutschland zurück.
Im Jahr 2016 begann ich meine Tätigkeit als ISO in einem IT-Dienstleistungsunternehmen in Karlsruhe und erlangte innerhalb von 14 Monaten eine Doppelzertifizierung in den Bereichen Information Security und Business Continuity Management, meine ersten ISO-Zertifizierungen in Deutschland. Neben diesen Tätigkeiten habe ich mich in der europäischen Grundverordnung des Datenschutzes (DSGVO) eingearbeitet.
Mein Unternehmergeist führte mich jedoch zurück in die Selbstständigkeit und seit 2018 wurde ich ein freiberuflicher Senior Management Consultant für Information Security und Business Continuity. Zu diesem Zweck wurde ich von einem anerkannten deutschen Unternehmen zum ISMS Lead Implementer und ISMS Lead Auditor zertifiziert, auch für Organisationen bzw. Institutionen im Bereich kritischer Infrastrukturen (KRITIS).
Languages
German
Native
Spanish
Native
English
Advanced
French
Advanced
Italian
Intermediate
...and 1 more
Education
Mar 1977 - Jun 1982