Lucas Löcken

Consultant in Information Security, Data Protection and Business Continuity Management

Nordwalde, Germany
Experience
Jan 2020 - Present
5 years 7 months
Germany

Consultant in Information Security, Data Protection and Business Continuity Management

  • Advising and supporting the gathering of information security requirements: IT-SIG 2.0, KRITIS, TISAX, industry standards, ISO 27001, A-960/1.
  • Data protection officer and auditor.
  • Information security auditor.
  • Conducting employee training.
  • Updating risk analyses with risk treatment.
  • Designing information security concepts based on BSI IT baseline protection, KRITIS, ISO 27001, A-960/1 and TISAX.
  • Identifying information security requirements for IT systems, including WAN, LAN, clouds, and supporting their implementation.
  • Administering the ISMS with information security software Verinice and SAVe.
  • Integrating security concepts and processes into existing management systems according to ISO 9001 and ISO 27001.
  • Process management and modeling of information security processes according to ITIL.
  • Management consulting for integrating an ISMS into existing integrated management systems.
  • Advising on all data protection issues under GDPR and BDSG.
  • Planning and conducting data protection audits.
  • Designing risk management processes and methodologies according to ISO 27005, ISO 31000 and BSI 200-3.
  • Developing and setting up training programs for employees.
Jan 2020 - Present
5 years 7 months
Germany

Lecturer / Trainer for Information Security

  • Training future BSI IT baseline protection practitioners and consultants as well as ISOs and CISOs.
  • Based on BSI IT baseline protection and ISO 27001.
  • Conducting continued education measures.
  • Planning and running seminars, training sessions and webinars.
  • Teaching topics: BSI IT baseline protection, ITIL, ISO 27001, risk management, integrated management systems, business continuity management.
Jul 2017 - Dec 2023
6 years 6 months
Heilbronn, Germany

Chief Information Security Officer

  • Responsible for information security nationally and internationally.
  • Strategic consulting for the board and executives.
  • Adapting the national ISMS for international sites: India, USA, France, Poland, Italy.
  • Creating audit programs, planning and conducting audits.
  • Maintaining and continuously improving the ISMS.
  • Identifying information security requirements for IT systems and applications, supporting implementation, checking effectiveness and performance monitoring.
Oct 2015 - Dec 2023
8 years 3 months
Heilbronn, Germany

Data Protection Auditor

  • Responsible for data protection nationally and internationally.
  • Creating data protection concepts, impact assessments and protection needs analyses.
  • Conducting audits.
  • Updating technical and organizational measures.
  • Advising the board and executives on data protection law questions.
  • Data Protection Officer at all international sites.
  • Planning and conducting data protection audits.
  • Continuing the TOMs.
Aug 2014 - Dec 2023
9 years 5 months
Heilbronn, Germany

Data Protection Officer

  • Creating data protection concepts, impact assessments and protection needs analyses.
  • Conducting audits.
  • Updating technical and organizational measures.
  • Advising the board and executives on data protection law questions.
  • Creating data protection policies for access control.
  • Creating data protection policies for security zones.
  • Creating data protection policies for authorization concepts.
  • Creating data protection policies for role concepts.
  • Creating data protection policies for awareness training.
Oct 2013 - Jun 2017
3 years 9 months
Teublitz, Germany

Information Security Officer

  • Building an ISMS.
  • Setting up, implementing, operating and monitoring an ISMS based on BSI IT baseline protection, ISO 27001 and TISAX.
  • Creating various security concepts for networks, user permissions, emergency management plans, audit planning and execution.
  • Extending the scope to all national sites.
Jan 2013 - Jul 2013
7 months
Schüttorf, Germany

Consultant Information Security

  • Creating information security concepts based on ISO 27001 and BSI IT baseline protection, considering central service regulation A-960/1.
  • Building and implementing multiple ISMS based on BSI IT baseline protection and ISO 27001 and creating information security concepts according to A-960/1.
  • Gathering requirements through interviews and document reviews.
  • Writing policies, process descriptions, work instructions and operating procedures.
  • Monitoring the ISMS and performance checks.
  • Integrating security concepts and processes into the existing management system according to ISO 9001 and ISO 27001.
  • Managing information security processes according to ITIL.
Languages
German
Native
English
Advanced
Education

FH Düsseldorf

Computer Science · Düsseldorf, Germany

Certifications & licenses

Information Security Lead Auditor

TÜV

Information Security Officer

TÜV

Data Protection Auditor

TÜV

EFQM Foundation

EFQM

Data Protection Officer

TÜV

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions