ISO – Senior Consultant Quality & Information Security

Daimler Truck Financial Services is moving from traditional data centers to the Azure cloud. As part of the Cloud Data Center project (CDC), DTFS is migrating traditional data centers in Europe (EMEA), Asia & South Africa (APAC), Canada, South, Central and North America (NAFTA) and transferring the service to the Azure cloud. DTFS supports the global sale of Daimler commercial vehicles through leasing, financing and insurance and, with a contract volume of €25.4 billion, is one of the world's largest financial service providers for commercial vehicles ([link]).

• Worked as Senior PMO and Senior Management Consultant with the Global IT Director and Head of Innovation Projects
• Collaborated as Senior PMO and Management Consultant with the international PM and PO teams (Project Management/Project Owner)
• Created a master plan based on MS Project for the CDC project, which allowed DTFS to have a clear overview and transparency over the project after one year
• The master plan provided management and teams with clear and accurate information on the status of the overall project and each subproject, both by region and by country
• Reports from the master plan enabled management and teams to take corrective actions to keep the project on time, on budget and on quality
• Regular reporting of project progress to the Global IT Director and PM teams
• Handed over the CDC master plan to the DTFS PM at the end of the contract period

• Northland Power is a developer, operator and owner of clean wind power plants
• Member of the security team, co-responsible for the cyber and information security of the wind power plants
• Responsible for creating all documentation and measures (policies, security concepts, cryptography, key management) to implement attack detection systems (SzA) according to BSI IT-SiG 2.0 and EnWG
• Prepared and developed measures (policies, SOPs, ISMS manual, BCM, IT emergency plans, IAM, backup & recovery, MDM, supplier, password, patch, asset & configuration, network management) to build an ISMS according to ISO 27001:2022
• Identified, assessed and treated critical and potential attack scenarios of the wind power plants in risk management
• Conducted risk analysis, risk treatment, determination of protection needs and vulnerability analysis of the IT/OT infrastructure
• Developed IT/OT emergency plans, incident response processes and rebuilding IT/OT systems as part of BCM (BIA, RIA & DRP)
• The project was terminated early as the wind turbines were sold and the company in Germany was closed

• The UKD is the largest hospital in the state capital and one of the most important medical centers in North Rhine-Westphalia.
• Operator of critical infrastructures (KRITIS according to §8a BSIG) with an ISMS certified to ISO 27001:2022.
• Works directly as Senior Management Consultant to the head of IKMT (CIO) and leader of the innovation projects.
• Responsible for the entire IT department in information security as ISO.
• Creation, maintenance, and improvement of ISMS policies and SOPs.
• Training and awareness for IT staff in IT security, incident response processes, and IT system recovery.
• Developed and main contact for the new IT strategy of UKD, including a BIA and DRP for IT system recovery.
• Preparations for the upcoming introduction of Business Continuity Management according to ISO 22301 for the IKMT department and UKD.
• Creation of an IT cyber security strategy and roadmap for implementing additional tools and solutions for UKD's cyber security.
• Development of an IT emergency plan (as part of the DRP), IT security concept, incident response, and related supporting concepts (data protection, antivirus, cryptography, configuration and hardening measures, asset & configuration management, patch management, roles & rights (IAM), IT emergency preparedness, etc.).
• Collaboration on the measures to make IDS (intrusion detection systems) compliant with BSI IT-SiG 2.0.
• Development of a security concept, conducting a proof of concept (PoC), evaluation and analysis up to procurement and implementation of a medical device monitoring security system.
• Building a Security Operations Center (SOC) with operating concept and definitions for preventive measures, threat detection, and incident response.
• Building a Security Information and Event Management (SIEM) with Splunk.
• Senior PMO of the department management since February 2023, responsible for overseeing all IT-related projects (>2K projects).
• Creation & management of Gantt charts for all IT-related projects (IT & medical, IT security, SAP, etc.).
• Development of a patch management security concept & processes and standard operating procedures (SOP).
• Participation in the continuous improvement process (CIP) of the certified ISMS in preparation for the first surveillance audit.
• Regular reporting of project progress to the department management and board.

• Prepared and delivered awareness training for the company and its subsidiaries.
• Reviewed penetration test (PenTest) results and created an action plan to address identified vulnerabilities.
• Optimized IT processes to support business operations.
• Contributed to ensuring IT service availability.
• Reviewed existing ISMS documents for an as-is assessment and gap analysis to implement an ISMS according to ISO 27001.

• Responsible for certifying (attesting) the new cloud services of the Police Service Platform (PSP) to the international C5 standard.
• Conducted a gap analysis and contributed to building and improving an ISMS according to ISO 27001, IT-Grundschutz, and the new BSI compendium.
• Developed and adapted policies and SOPs for the entire agency (BCM, BIA, RIA, DRP, IT emergency plans).
• Created and improved information security (SiKo) and IT emergency plans for IT operations and cloud services (IAM, backup & recovery, patch management, crypto & key management, asset & configuration management).
• Collaborated with the SOC team to update the threat landscape.
• Conducted internal training sessions, workshops, and awareness activities.
• BKA security clearance SÜ2.
• The project was terminated early due to the COVID-19 pandemic.

• Performing audits according to ISO 27001 for various clients.
• Conducting GDPR workshops and pre-audits for TÜV SÜD Munich and its clients.

• Planning, expansion, and setup of the new Compliance Services & Solutions division.
• Advising clients on implementing ISMS (ISO 27001), BCM (ISO 22301), IT baseline protection, and BaFin & MaRisk requirements.
• Successful implementation and dual certification of an ISMS (ISO 27001) and a BCM (ISO 22301) within 14 months.
• Achieving ISO 27017 / ISO 27018 certification for personal data protection as a cloud service provider (CSP).
• Conducting IT security assessments (penetration tests, vulnerability scans) and creating IT emergency plans.
• Conducting seminars, training sessions, and workshops on GDPR and information security.
• Performing information security audits according to ISO 27001, ISO 27006, and ISO 19011.

• Senior Project Manager, Business Analyst and Senior PMO as interim manager for banks, insurance, retail and industry.
• Technical roll out and change management for an international mining company during the introduction of new ERP systems.
• Strategic development of ITSCM, IT services and IT security as CISO ad interim.
• Implementation of ISMS according to ISO 27001 and BCM according to ISO 22301 in Chile, Argentina and Brazil.
• Business Development Manager ad interim for various IT companies.
• Business Analyst and interpreter for IT projects (Spanish/German/English).

• Responsible for the preparation, programming and security of wireless solutions for digital data collection in the 2011-2012 census.
• Conducting training sessions for external staff on digital data collection.
• Strategic development of ITSCM, IT services and IT security as well as management of all innovation projects.
• IT department restructuring and negotiations with management and the works council.
• Introduction of policies according to ISO 27001, ISO 22301, ITIL, COBIT and OECD.
• Establishment and introduction of the first SOC with a SIEM platform for automated threat lifecycle management (TLM).
• Implementation of PMO, development and project methodologies (PMI, CMMI, CMMN).
• Leading cross-country telecommunications network improvement (RFP).
• Interim personnel responsibility for more than 50 employees.

• Introduction of an electronic cash card (eWallet) using smart card technology as a banking subsidiary.
• Management of the technology platform for eWallet administration as an open innovation project.
• Licensing of the cash card with Mondex International (MasterCard).
• Establishment and leadership of an interbank committee for operations and technology topics.
• Development of the model for production, operation and settlement of electronic cash in cooperation with banking supervision and the central bank.
• Development of the financial model for investment and profit distribution considering money market stability.
• Interface (Business Analyst) between banks for project implementation.
• Personnel responsibility for more than 20 employees.

• Development, implementation, and management of all electronic banking products for the corporate sector.
• Development and rollout of e-commerce solutions for the bank.
• Consulting on the secure development of e-commerce and EDIFACT in Chile.

• Responsible for COMEX, Financial EDIFACT, and e-commerce for German and European banks.
• Responsible for the financial institutions sector at CeBIT.
• Development and roll-out of e-commerce at German banks.
• Member of European interbank committees in Frankfurt, Paris, and London.
• Leadership of an e-commerce project between commercial banks and the State Central Bank (LZB) in Frankfurt.