Lucas Löcken - Consultant in Information Security, Data Protection and Business Continuity Management

Nordwalde, Germany

Experience

Jan 2020 - Present

5 years 7 months

Germany

Advising and supporting the gathering of information security requirements: IT-SIG 2.0, KRITIS, TISAX, industry standards, ISO 27001, A-960/1.
Data protection officer and auditor.
Information security auditor.
Conducting employee training.
Updating risk analyses with risk treatment.
Designing information security concepts based on BSI IT baseline protection, KRITIS, ISO 27001, A-960/1 and TISAX.
Identifying information security requirements for IT systems, including WAN, LAN, clouds, and supporting their implementation.
Administering the ISMS with information security software Verinice and SAVe.
Integrating security concepts and processes into existing management systems according to ISO 9001 and ISO 27001.
Process management and modeling of information security processes according to ITIL.
Management consulting for integrating an ISMS into existing integrated management systems.
Advising on all data protection issues under GDPR and BDSG.
Planning and conducting data protection audits.
Designing risk management processes and methodologies according to ISO 27005, ISO 31000 and BSI 200-3.
Developing and setting up training programs for employees.

Jan 2020 - Present

5 years 7 months

Germany

Training future BSI IT baseline protection practitioners and consultants as well as ISOs and CISOs.
Based on BSI IT baseline protection and ISO 27001.
Conducting continued education measures.
Planning and running seminars, training sessions and webinars.
Teaching topics: BSI IT baseline protection, ITIL, ISO 27001, risk management, integrated management systems, business continuity management.

Jul 2017 - Dec 2023

6 years 6 months

Heilbronn, Germany

Responsible for information security nationally and internationally.
Strategic consulting for the board and executives.
Adapting the national ISMS for international sites: India, USA, France, Poland, Italy.
Creating audit programs, planning and conducting audits.
Maintaining and continuously improving the ISMS.
Identifying information security requirements for IT systems and applications, supporting implementation, checking effectiveness and performance monitoring.

Oct 2015 - Dec 2023

8 years 3 months

Heilbronn, Germany

Responsible for data protection nationally and internationally.
Creating data protection concepts, impact assessments and protection needs analyses.
Conducting audits.
Updating technical and organizational measures.
Advising the board and executives on data protection law questions.
Data Protection Officer at all international sites.
Planning and conducting data protection audits.
Continuing the TOMs.

Aug 2014 - Dec 2023

9 years 5 months

Heilbronn, Germany

Creating data protection concepts, impact assessments and protection needs analyses.
Conducting audits.
Updating technical and organizational measures.
Advising the board and executives on data protection law questions.
Creating data protection policies for access control.
Creating data protection policies for security zones.
Creating data protection policies for authorization concepts.
Creating data protection policies for role concepts.
Creating data protection policies for awareness training.

Oct 2013 - Jun 2017

3 years 9 months

Teublitz, Germany

Building an ISMS.
Setting up, implementing, operating and monitoring an ISMS based on BSI IT baseline protection, ISO 27001 and TISAX.
Creating various security concepts for networks, user permissions, emergency management plans, audit planning and execution.
Extending the scope to all national sites.

Jan 2013 - Jul 2013

7 months

Schüttorf, Germany

Creating information security concepts based on ISO 27001 and BSI IT baseline protection, considering central service regulation A-960/1.
Building and implementing multiple ISMS based on BSI IT baseline protection and ISO 27001 and creating information security concepts according to A-960/1.
Gathering requirements through interviews and document reviews.
Writing policies, process descriptions, work instructions and operating procedures.
Monitoring the ISMS and performance checks.
Integrating security concepts and processes into the existing management system according to ISO 9001 and ISO 27001.
Managing information security processes according to ITIL.