Jens Brennscheidt
Senior Cyber Security Consultant
Experience
Apr 2023 - Present
2 years 4 months Bochum, Germany
Senior Cyber Security Consultant
Brennscheidt IT Consulting
- ISMS consulting
- Interim management
- Conducting security analyses & audits
- BCM consulting
- Executive management
- Guiding system owners in creating IT security concepts, coordinating remediation of findings from various reviews and audits, and advising on implementing regulatory requirements for information security (project for a client in the banking sector, role: Senior Cyber Security Consultant (external), since 05/2023).
- Project management to close various audit gaps in IT security, conceptual development and implementation of an information security management system based on ISO/IEC 27001, and creation of ISMS documents and processes (project for a client in the fintech sector, role: Project Manager (external), 10/2023 - 02/2024).
Sep 2021 - Mar 2023
1 year 7 months Wuppertal, Germany
IT-GRC Manager
Barmenia Versicherungen
- Conceptual development and continuous improvement of IT GRC management
- Creating guidelines, providing methods and tools
- Advising on conceptual & operational implementation of regulatory requirements (e.g. VAIT, DORA)
- Conducting training on IT GRC topics (especially VAIT)
- Building an IT risk management system and IT governance framework
- As part of the project "Building an IT GRC framework according to VAIT requirements" (09/2021 - 01/2023): conceptual development and operationalization of processes, procedures and guidelines, and advising on implementing regulatory requirements (e.g. VAIT, DORA), training IT staff on IT compliance topics (e.g. VAIT requirements).
Jan 2020 - Aug 2021
8 months Bochum, Germany
Risk Manager
Volkswagen Infotainment GmbH
- Managing, optimizing and operationalizing the company-wide risk management process
- Structuring, operationalizing and continuously improving the internal control system (ICS)
- Planning and conducting risk workshops
- Coordinating, monitoring and tracking risk treatment measures
- Conducting effectiveness checks
- Setting up a company-wide internal control system (ICS)
- As part of the project "Advancing the risk management system and setting up an ICS" (01/2021 - 08/2021): managing, optimizing and operationalizing the company-wide risk management process and conceptualizing the company-wide ICS.
Oct 2017 - Dec 2020
3 years 3 months Duisburg, Germany
Head of IT Security and Risk Management | IT Security Officer
Polizei NRW (LZPD NRW)
- Leading and managing the sub-department and representing the department head
- Advising division and authority leadership on IT security issues
- Analyzing and assessing the IT security posture
- Integrating IT security into organization-wide workflows and processes
- Building and optimizing IT security management and existing processes
- Developing, adjusting, implementing and controlling IT security guidelines
- Central expertise unit for operational information security of the North Rhine-Westphalia police
- Member of the IT Security Commission (KomSi) of the IuK subcommittee (UA IuK) of Working Group II (AKII) of the Conference of Interior Ministers
- Leading an IS audit at another state police agency, including managing the audit process and team, participating in IT baseline assessments and quality assurance of audit results (project "Leading an IS audit based on IT baseline protection and internal committee requirements", period 01/2020 - 04/2020).
- Establishing quality management for security concepts of subordinate authorities, including defining a quality management process and coordinating and controlling QM measures for procedure-specific IT security concepts of all 49 subordinate authorities (project "Establishing quality management for IT security concepts", period 10/2017 - 06/2019).
- Project management for implementing the ISMS tool HiScout, including project control and management, and staff leadership for implementing HiScout and migrating data from GSTOOL to HiScout (project "Implementing the ISMS tool HiScout", period 01/2018 - 06/2020).
- Project management for adapting security concepts to BSI standards 200-X, including project control, coordination and management, and staff leadership for adapting security concepts for a state authority and its 49 subordinate authorities in the modernization of IT baseline protection (project "Adapting security concepts to BSI standards 200-X", period 10/2017 - 12/2020).
Oct 2014 - Sep 2017
3 years Düsseldorf, Germany
IT Security Manager
IKB Deutsche Industriebank AG
- Advising IT management on IT security topics
- Identifying and coordinating implementation of IT security requirements
- Managing IT providers in the IT security context
- Coordinating IT emergency management and conducting emergency tests
- Coordinating the risk management process for the IT area
- Operational Risk Manager for IT
- Project management for implementing network segmentation in the LAN, including project control (definition, organization, planning, monitoring and staff leadership) for segmenting the existing LAN into different network areas and security zones (project period 06/2017 - 09/2017).
- Requirements coordination and advising on implementing BAIT guidelines, including identifying BAIT requirements, conducting a gap analysis and coordinating and advising on implementation of measures (project period 07/2017 - 09/2017).
- Conducting protection needs assessment for the IT area, including coordinating the IT protection needs assessment and advising IT staff and managers on implementing the assessment (project period 03/2016 - 06/2016).
Apr 2012 - Sep 2014
2 years 6 months Essen, Germany
Senior Security Management Consultant
secunet Security Networks AG
- Developing customer-specific security concepts
- Conducting organizational security and risk analyses
- Implementing and auditing information security management systems
- Project management of security analyses in ISMS consulting and mobile security, including determining current security level and conducting gap analyses against information security standards and best practices, and advising on secure use of mobile devices (e.g. in a BYOD context) (project "Security analyses in ISMS consulting and mobile security", period 04/2012 - 09/2014).
- Project work on certification and accreditation of a provider according to ISO 27001 based on IT baseline protection, De-Mail law and BDSG, including conducting IT baseline protection checks and advising the client on implementing security requirements during certification and accreditation (project "Certification and accreditation of a De-Mail provider", period 04/2012 - 02/2013).
May 2008 - Mar 2012
3 years 11 months Quickborn, Germany
IT Security Specialist
comdirect bank AG
- Handling security issues
- Initiating and supporting IT security projects
- Conceptual development of the security infrastructure
- Regular member of the BdB phishing project group
- Deputy data protection officer
- Project management for introducing a web application firewall, including project control (organization, planning, monitoring, staff leadership) and ensuring IT security aspects in selecting and implementing a web application firewall (project period 05/2008 - 03/2012).
- Project work on introducing mobile TAN and 3D Secure (Verified by Visa), including assessing technical and process IT security aspects for mobile TAN in online banking and 3D Secure in online payment with credit card (project period 05/2008 - 03/2012).
Summary
For over 15 years I have been working in cyber security and related areas. My goal is to support my clients as a partner with targeted and tailored consulting services. As a former IT security officer I understand my clients’ challenges. From my experience as a Senior Consultant at a leading cyber security company I draw on different approaches and apply them individually.
- Diplomatic skills in conducting and presenting audit results
- Strong communication through audience-appropriate interaction at all levels
- Analytical skills in conducting and evaluating security analyses
- Experience in leading teams in line organization and projects
Languages
German
Native
Education
Lorem ipsum dolor sit amet
Diploma in Computer Science · Computer Science
Certifications & licenses
CISM
ISO 20000 Foundation
ISO 27001 Auditor
IT Baseline Protection Practitioner
Additional audit procedure competence for § 8a (3) BSIG
Similar Freelancers
Discover other experts with similar qualifications and experience