Go to Website
  • en
  • de

Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

Dortmund, Germany

Experience

Oct 2022 - Jul 2024
1 year 10 months
Stuttgart, Germany

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

Creditplus Bank AG

  • Design of the information security process based on ITIL 4
  • Design of ITIL 4 incident and change management processes
  • Creation of information security policies for the bank
  • Support in internal audit findings project
  • Advising on building the bank’s internal control system (ICS)
  • Advising on ICS process setup
  • Advising and support on security architecture and risk analysis of the existing IT landscape including IT security architecture, data management, data compliance & physical security
  • Advising and project management on security concept for the bank’s assets
  • Advising and support in contracts with external service providers to meet regulatory (BAIT; MaRisk; DORA; NIS2; GDPR) and information security requirements
  • Support in planning and implementing a SOC/SIEM and risk management
  • Support for the spam mail team in analyzing and handling incidents
  • System environment and software: MS Office; Confluence
Jul 2022 - Feb 2023
8 months
Berlin, Germany

IT-Compliance / Building Internal Control System (ICS) / Audit Findings

Investitionsbank

  • Advising on building the bank’s internal control systems
  • Support in building the bank’s IT compliance department and reorganizing existing risk analysis (MaRisk)
  • Converting old procedure manuals to current operating guidelines
  • Advising on business process changes under regulatory requirements; recertification of permissions and concepts (BRK)
  • Advising on ICS process setup
  • Managing regulatory audit findings resolution with internal audit (BAIT)
  • Checking implementation of regulatory requirements by IT and physical security
  • Reviewing evidence and documentation as proof of implementation
  • As-is vs. should-be analysis of existing documentation and procedures
  • System environment and software: MS Office; Confluence
Apr 2022 - Jan 2023
10 months
Hamburg, Germany

Information Security / Building SOC / SIEM Team / ITIL Security Processes

Technikerkrankenkasse

  • Design of the information security process based on ITIL 4 in collaboration with risk management (MaRisk; risk analysis)
  • Design of ITIL 4 incident processes
  • Advising ITSCM on SOC introduction; preparing PoC based on VAIT
  • Security architecture; vulnerability and patch management
  • Evaluating appropriate measures as a basis for SOC level 1 analysis
  • System environment and software: MS Office; Confluence
Mar 2021 - Dec 2021
10 months
Berlin, Germany

Information Security / SOC Incident Management (L2 SOC Analyst) / SIEM / ITIL Security Processes / CMDB

Bundesministerium

  • Design of IT security and ISMS processes; building MITRE ATT&CK
  • Support in SOC/SIEM project to connect Azure Sentinel to the network infrastructure
  • Security architecture; vulnerability and patch management
  • Analysis and assessment of security alerts in MS 365, Defender for Identity and Azure
  • Planning and building a new CMDB
  • Planning data center physical security and access control
  • Leading the incident response team; MITRE ATT&CK analyses
  • Security awareness training for staff (interim / front-side)
  • System environment and software: MS Office; Confluence; SharePoint; Azure; MCAS; Defender; ServiceNow
Jan 2021 - Mar 2021
3 months
Bonn, Germany

Information Security, Governance & Transition (ISMS)

TCS GmbH / Postbank

  • Advising and explaining my past projects
  • Verifying regulatory correctness of data (data governance)
  • Advising on new key figures in the ISMS report for risk management (MaRisk; risk analysis)
  • Advising on PKI measures catalog
  • Advising on permission concepts
  • System environment and software: MS Office
Sep 2020 - Dec 2020
4 months
Innsbruck, Austria

Security Operations Center Outsourcing Projects (SOC / SIEM)

RMPI-Austria

  • Back-office RFP design for various SOC outsourcing projects
  • Creation of tender documents (RFP)
  • Back-office support
  • Presentation design: SOC tender including SIEM, EDR, vulnerability and patch management and APT/ATP
  • System environment and software: MS Office
Jul 2020 - Aug 2020
2 months
Düsseldorf, Germany

Support in Big Data Environment

Energie Versorger

  • Creating Bash scripts with Talend Open Studio to migrate Excel sheets and Oracle databases to Snowflake Data Lake
  • Exporting data to Excel for analysis as preparation and planning for a data management and data governance project
  • Preparing Talend Pipeline Designer
  • Correcting frontend forms for data entry using Bootstrap and Vue.js; environment Microsoft Azure
  • Project management of analysis for ISMS, SOC and SIEM introduction project preparation
  • Security architecture analysis
  • System environment and software: Talend Open Studio; Talend Pipeline Designer; Snowflake; Bootstrap; Vue.js; Oracle DB
Jan 2020 - May 2020
5 months
Bonn, Germany

Subproject Lead as Security Officer

Deutsche Bank | Technology, Data And Innovation (Postbank Systems AG)

  • IT security & compliance in over 15 projects to merge Postbank IT systems with Deutsche Bank systems based on regulatory requirements from banks and BaFin
  • Creation of security documents and relevant chapters in compliance documents (detailed design, permission concept, operations manual)
  • Assessing criticality of Postbank security test findings in the context of Deutsche Bank group
  • Defining protections to meet basic controls
  • Compliance evaluation with bank specialists and application owners
  • Analysis of applications and data centers (physical security) affected by both banks and creating security concepts
  • Aligning ISMS manuals between Deutsche Bank and Postbank
  • Aligning SOC and SIEM procedures between Deutsche Bank and Postbank
  • Reviewing use of MITRE ATT&CK
  • Checking compliance with legal requirements (BAIT; MaRisk; ITSiG; GDPR)
  • Comparing implemented measures with BSI technical guidelines
  • Handling and closing internal and external (BaFin) audit notes
  • Creating and evaluating risk analyses and reports based on Deutsche Bank risk grid
  • Supporting project management to follow new processes in the approach model (Pre-DeuBa)
  • Staff training on projects (interim)
  • System environment and software: Databases: Oracle, MS-SQL; OS: Windows, Linux, AIX; Software: SAP; SAS; Citrix Webex; HADOOP; Docker; VMware; ECM
Oct 2015 - Jan 2020
4 years 4 months
Bonn, Germany

Subproject Lead as Security Officer; Security Team Lead (PSB)

Postbank Systems AG

  • IT security; governance & compliance in over 150 projects for PCS and cyberthreat projects; initiating the security process
  • Process flow for creating ISMS security documents and planning security tests
  • Supporting SOC on MaSI in incident and event management (SIEM)
  • Assessing criticality of security test findings
  • Defining protections to meet basic controls
  • Advising and assisting on security assessments (BIA impact) with bank specialists
  • Setting advanced measures (risk-driven controls) from assessment results (BCM impact)
  • Advising on permission concepts (BRK)
  • Compliance evaluation with bank specialists and/or application owners
  • Analyzing applications and creating security concepts (BAIT)
  • Contributing to middleware platform security architecture
  • Advising on security awareness under “No Fear of Security”
  • Presentation “Security concept explained simply and quickly”
  • Supporting ISM and SOC in GDPR introduction
  • Handling and closing internal and external (BaFin) audit notes
  • Bridging process gaps between ISO 27001 ISMS and Scrum
  • Developing security strategies for big data projects to avoid data gaps (data governance); consolidating import/export methods and data into a “data lake”
  • Information security training for development and DB teams and internal document management
  • System environment and software: Databases: Oracle, MS-SQL, DB2; OS: Windows, Solaris, Unix, Linux, zOS; Software: BladeLogic; Remedy; ArcSight; Oracle WebLogic; Prometheus; Grafana; Tibco BWH; SAP; ABACUS; ADONIS; Audimex-ee; BrokerTec; LCH Markit; Thomson & Reuters; Bloomberg; Kondor; Prime; in-house Java developments
Jan 2015 - Jan 2020
5 years 1 month
Bonn, Germany

Conducting Security Self-Assessments in 35 Projects

Deutsche Post DHL AG

  • Defining assets
  • Advising on asset evaluation
  • Evaluating assets
  • Answering security questions as recommendations to business units
  • Aligning with business units for risk analysis
  • Preparing for security approval
  • Training business units on self-assessment
  • System environment and software: Databases: Oracle, Teradata, MS-SQL; OS: Windows, Solaris, Unix, Linux; Software: WebSphere; AquaLogic; BEA WebLogic; MS SharePoint; in-house developments
Nov 2014 - Mar 2015
5 months
Prague, Czech Republic

Private Cloud Implementation

DHL International

  • Structuring applications regarding IT security aspects
  • Threat modeling based on MS SDL
  • Aligning MS SDL model with ISMS in Excel
  • Creating security concept
  • Aligning with corporate security
  • Preparing security approval
  • System environment and software: Database: Oracle; OS: Windows; Software: VMware
Oct 2011 - Jan 2019
7 years 4 months
Bonn, Germany

IT Security & Compliance

Deutsche Post DHL AG

  • Conducting security self-assessments; creating STRIDE models and security concepts
  • Structuring applications regarding IT security aspects
  • Threat modeling using UML or MS SDL
  • Checking legal basics concerning the application
  • Developing nonfunctional security requirements
  • Identifying threats
  • Creating measures
  • Ensuring security standards
  • Creating and implementing security standards (ISMS)
  • Training staff on security standards
  • System environment and software: Databases: Oracle, Teradata, MS-SQL; OS: Windows, Solaris, Unix, Linux; Software: WebSphere; AquaLogic; BEA WebLogic; MS SharePoint; in-house developments
Jan 2006 - Oct 2011
5 years 10 months
Germany
Lorem ipsum dolor sit amet

Various SMEs

  • Implementing IT security standards
  • Reviewing and documenting IT systems
  • Creating e-commerce solutions
Jan 2005 - Mar 2005
3 months
Plettenberg, Germany
Lorem ipsum dolor sit amet

Vollmerhaus Oberflächentechnik GmbH

  • Software rollout
  • Security consulting
  • Implementing ISO/TS 16949 standard
Sep 2004 - Dec 2004
4 months
Mönchengladbach, Germany
Lorem ipsum dolor sit amet

Flughafen Mönchengladbach

  • Investigating and optimizing Oracle data
  • Security & IT consulting
  • Development
Mar 2002 - Aug 2004
2 years 6 months
Ratingen, Germany
Lorem ipsum dolor sit amet

AIM-Systems GmbH

  • Security & IT consulting
  • Development
  • Project management
  • Trainer
Dec 2001 - Feb 2002
3 months
Bochum, Germany

Trainer for HTML and JavaScript Courses

Agentur für Arbeit

Jul 2001 - Nov 2001
5 months
Cologne, Germany
Lorem ipsum dolor sit amet

Asstel Versicherungen

  • Security & IT consulting
  • As-is analysis of existing platform
  • Frontend form design
  • Usability optimization
  • IT security gap analysis
  • Recommending security strategies
May 2001 - Jun 2001
2 months
Bonn, Germany
Lorem ipsum dolor sit amet

T-Mobile

  • Security & IT consulting
  • Frontend design
  • Security requirements analysis
Aug 2000 - Apr 2001
9 months
Zürich, Switzerland

Subproject Management “Swiss Payment”; Responsible for MA Intranet

Vontobel Bank

  • Frontend concept and development meeting security requirements

Summary

  • Information Security Management
  • IT Governance (BAIT; VAIT; KAIT; MaRisk; DORA; NIS2; DGA; EU AI Act)
  • Compliance (ICS; Document & Data Management)
  • BSI IT-Grundschutz 200-x
  • ITIL4 / ISO 27000 series
  • ISO 31000 Risk Management (Identification; Analysis; Treatment; Risk Grid; Adoption Procedures)
  • Advising and creating policies, processes and security concepts, security architecture
  • ISO 22317 Business Impact Analysis (BIA); ISO 22301 Business Continuity Management (BCM)

Languages

German
Native
English
Advanced
French
Elementary
Dutch
Elementary

Certifications & licenses

CBAP

CISM

CISSP

IT Security Officer

TÜV

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Christian D.

Managing Director and Senior Consultant

View Profile
Stephan S.

IT-Security Manager

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Henryk O.

Security Consultant

View Profile
Björn B.

Auditor

View Profile
Christian G.

DORA Implementation Project

View Profile
Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Nikolaus B.

ICT Risk Management and Information Security

View Profile
Maxim R.

Information Security Officer

View Profile
Oliver F.

Senior IT Enterprise Security Architect | Bank Migration Project

View Profile
Fabian F.

OT Security Champion Europe

View Profile
Lucas L.

Consultant in Information Security, Data Protection and Business Continuity Management

View Profile
David B.

Acting Partner

View Profile
Andreas K.

Lead Auditor, ICT

View Profile
Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Gilbert L.

Cyber Security Expert

View Profile
Thomas U.

Senior Consultant / PM Infrastructure Services & Workplace Migration – Transport & Logistics, Passenger Transport

View Profile
Tobias G.

Head of IT D-A-CH (CIO)

View Profile
Alagi M.

Project Manager & IT Security Architect Logging & Monitoring for QRadar & Splunk, ISO 27001

View Profile
Volker J.

Interim CISO (Germany, Austria, US, APAC), Auditor

View Profile
Wolfgang S.

Continuous Improvement Manager / Quality Manager

View Profile
Jörg I.

external information security officer

View Profile
Thoralf T.

Consultant Digital Operational Resilience Act (DORA)

View Profile
Stephan H.

IT Security Consultant

View Profile
Christian H.

Lead Auditor

View Profile
Andreas F.

Project Manager & Portfolio Owner for Infrastructure (Automotive)

View Profile
Friederike B.

Information Security Manager

View Profile
Benno Z.

Freelance Data Protection Officer

View Profile
Dirk B.

Senior Consultant

View Profile
Samir S.

Project Manager in the Cybersecurity Department for 2 operational companies of the RWE Group

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.