Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)
Dortmund, Germany
Experience
Oct 2022 - Jul 2024
1 year 10 months
Stuttgart, Germany
Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)
Creditplus Bank AG
Design of the information security process based on ITIL 4
Design of ITIL 4 incident and change management processes
Creation of information security policies for the bank
Support in internal audit findings project
Advising on building the bank’s internal control system (ICS)
Advising on ICS process setup
Advising and support on security architecture and risk analysis of the existing IT landscape including IT security architecture, data management, data compliance & physical security
Advising and project management on security concept for the bank’s assets
Advising and support in contracts with external service providers to meet regulatory (BAIT; MaRisk; DORA; NIS2; GDPR) and information security requirements
Support in planning and implementing a SOC/SIEM and risk management
Support for the spam mail team in analyzing and handling incidents
System environment and software: MS Office; Confluence
Jul 2022 - Feb 2023
8 months
Berlin, Germany
IT-Compliance / Building Internal Control System (ICS) / Audit Findings
Investitionsbank
Advising on building the bank’s internal control systems
Support in building the bank’s IT compliance department and reorganizing existing risk analysis (MaRisk)
Converting old procedure manuals to current operating guidelines
Advising on business process changes under regulatory requirements; recertification of permissions and concepts (BRK)
Advising on ICS process setup
Managing regulatory audit findings resolution with internal audit (BAIT)
Checking implementation of regulatory requirements by IT and physical security
Reviewing evidence and documentation as proof of implementation
As-is vs. should-be analysis of existing documentation and procedures
System environment and software: MS Office; Confluence
Apr 2022 - Jan 2023
10 months
Hamburg, Germany
Information Security / Building SOC / SIEM Team / ITIL Security Processes
Technikerkrankenkasse
Design of the information security process based on ITIL 4 in collaboration with risk management (MaRisk; risk analysis)
Design of ITIL 4 incident processes
Advising ITSCM on SOC introduction; preparing PoC based on VAIT
Security architecture; vulnerability and patch management
Evaluating appropriate measures as a basis for SOC level 1 analysis
System environment and software: MS Office; Confluence
Design of IT security and ISMS processes; building MITRE ATT&CK
Support in SOC/SIEM project to connect Azure Sentinel to the network infrastructure
Security architecture; vulnerability and patch management
Analysis and assessment of security alerts in MS 365, Defender for Identity and Azure
Planning and building a new CMDB
Planning data center physical security and access control
Leading the incident response team; MITRE ATT&CK analyses
Security awareness training for staff (interim / front-side)
System environment and software: MS Office; Confluence; SharePoint; Azure; MCAS; Defender; ServiceNow
Jan 2020 - Mar 2021
3 months
Bonn, Germany
Information Security, Governance & Transition (ISMS)
TCS GmbH / Postbank
Advising and explaining my past projects
Verifying regulatory correctness of data (data governance)
Advising on new key figures in the ISMS report for risk management (MaRisk; risk analysis)
Advising on PKI measures catalog
Advising on permission concepts
System environment and software: MS Office
Sep 2020 - Dec 2020
4 months
Innsbruck, Austria
Security Operations Center Outsourcing Projects (SOC / SIEM)
RMPI-Austria
Back-office RFP design for various SOC outsourcing projects
Creation of tender documents (RFP)
Back-office support
Presentation design: SOC tender including SIEM, EDR, vulnerability and patch management and APT/ATP
System environment and software: MS Office
Jul 2020 - Aug 2020
2 months
Düsseldorf, Germany
Support in Big Data Environment
Energie Versorger
Creating Bash scripts with Talend Open Studio to migrate Excel sheets and Oracle databases to Snowflake Data Lake
Exporting data to Excel for analysis as preparation and planning for a data management and data governance project
Preparing Talend Pipeline Designer
Correcting frontend forms for data entry using Bootstrap and Vue.js; environment Microsoft Azure
Project management of analysis for ISMS, SOC and SIEM introduction project preparation
Security architecture analysis
System environment and software: Talend Open Studio; Talend Pipeline Designer; Snowflake; Bootstrap; Vue.js; Oracle DB
Jan 2020 - May 2020
5 months
Bonn, Germany
Subproject Lead as Security Officer
Deutsche Bank | Technology, Data And Innovation (Postbank Systems AG)
IT security & compliance in over 15 projects to merge Postbank IT systems with Deutsche Bank systems based on regulatory requirements from banks and BaFin
Creation of security documents and relevant chapters in compliance documents (detailed design, permission concept, operations manual)
Assessing criticality of Postbank security test findings in the context of Deutsche Bank group
Defining protections to meet basic controls
Compliance evaluation with bank specialists and application owners
Analysis of applications and data centers (physical security) affected by both banks and creating security concepts
Aligning ISMS manuals between Deutsche Bank and Postbank
Aligning SOC and SIEM procedures between Deutsche Bank and Postbank
Reviewing use of MITRE ATT&CK
Checking compliance with legal requirements (BAIT; MaRisk; ITSiG; GDPR)
Comparing implemented measures with BSI technical guidelines
Handling and closing internal and external (BaFin) audit notes
Creating and evaluating risk analyses and reports based on Deutsche Bank risk grid
Supporting project management to follow new processes in the approach model (Pre-DeuBa)
Staff training on projects (interim)
System environment and software: Databases: Oracle, MS-SQL; OS: Windows, Linux, AIX; Software: SAP; SAS; Citrix Webex; HADOOP; Docker; VMware; ECM
Oct 2015 - Jan 2020
4 years 4 months
Bonn, Germany
Subproject Lead as Security Officer; Security Team Lead (PSB)
Postbank Systems AG
IT security; governance & compliance in over 150 projects for PCS and cyberthreat projects; initiating the security process
Process flow for creating ISMS security documents and planning security tests
Supporting SOC on MaSI in incident and event management (SIEM)
Assessing criticality of security test findings
Defining protections to meet basic controls
Advising and assisting on security assessments (BIA impact) with bank specialists
Setting advanced measures (risk-driven controls) from assessment results (BCM impact)
Advising on permission concepts (BRK)
Compliance evaluation with bank specialists and/or application owners
Analyzing applications and creating security concepts (BAIT)
Contributing to middleware platform security architecture
Advising on security awareness under “No Fear of Security”
Presentation “Security concept explained simply and quickly”
Supporting ISM and SOC in GDPR introduction
Handling and closing internal and external (BaFin) audit notes
Bridging process gaps between ISO 27001 ISMS and Scrum
Developing security strategies for big data projects to avoid data gaps (data governance); consolidating import/export methods and data into a “data lake”
Information security training for development and DB teams and internal document management