Process and document management OPSEC area, Log4j measures
Drafted BSI 200-2 including DER 2.1 and DER 4.0, CVE/CVSS, WSUS
Team lead, disaster recovery plan, shutdown-restart planning, ITSM
Sep 2020 - Sep 2021
1 year 1 month
Hamburg, Germany
Senior Consultant Security (freelance)
Dataport
Project lead certification audit multi-tenant connection zone Hamburg, Bremen and state of Schleswig-Holstein according to IT baseline protection/TZ5/TZ15 (implementer)
Tender and selection of auditor
Created security concept A.1 to A.5 according to IT baseline protection, ISMS
Carried out GSCs including IT-BP HiScout/support pre-audit/main audit IV
Audit prep ISO 27001 IT baseline protection for ITSM operations/TQ3
Supported IT baseline protection GSC/RA using IT-BP HiScout
Support service management based on ITIL and BMC Remedy ITSM Suite 19.02
Training: ISACA Cyber Security Practitioner, ISACA German Chapter
Aug 2017 - Aug 2020
3 years 1 month
Germany
IT Security Manager
Cancom on line GmbH
a) Lead implementer for ISO 27001 IT baseline protection and KRITIS transport sector at State Office for Mobility Rhineland-Palatinate (LBM RP)
Created security concept (2018–2020) for LBM IT network including sales support, BP tool Infodas SAVe 5
Central LBM office network/SAP LBM
Highway tunnels and control centers
Networks and infrastructure
Established central ISMS: security incident management, patch management, internal audit, asset management, risk management, TOMs, internal SAP audit and more
Project approach according to BSI baseline protection (100/200-xx)/ISO 27001/KRITIS:
Structure analysis and protection needs/processes/assets, IT/OT
Modeling according to baseline protection including module B 5.13 SAP, baseline protection check
b) Created security and BCM concepts per BSI 100/200-xx for Berlin schools/Senate Administration Berlin, including ISMS policy, security and emergency concept LUSD (client and network management), emergency manual SenBJF, standard fallback procedures, processes, BIA
c) Audit prep ISO 27001 IT baseline protection in 2018 Cancom on line GmbH
Updated baseline protection check/risk analysis
Tool selection and rollout IT baseline protection tool verinice XP/data import
d) ISO 27001 group security CANCOM-SE: ISMS, access concept/AD CS
GRC tool, MaRisk, SOA, internal audits/prep audit in 2018
Training: PECB Certified ISO/IEC 27001 Lead Auditor (03/2019)
Additional audit competence §8a (3) BSIG IT security audits for KRITIS operators/Bitkom Akademie (with certificate 06/2019)
Sep 2016 - May 2017
9 months
Germany
Senior Consultant Information Security
secunet Security Networks AG
Security concept for SAP network SAP system DRV according to baseline protection, ISMS
Consolidation of baseline security check/actual vs target comparison
Additional security and risk analysis for the SAP application
Applying module B 5.13 SAP according to baseline protection
Consulting at Federal Office for Information Security (BSI) department 33 federal networks, ISMS and network security/Ü2
Consulting and revision document management and requirements management federal networks/IVBB
Support for DRV infrastructure project: kickoff, structure analysis, GSC
Training:
Certified data protection officer for companies/authorities - Kommunales Bildungswerk e.V. (11/2016 and 10/2019)
SAP audit – IBS Schreiber GmbH training (5 days/06/2017)
Feb 2015 - Aug 2016
1 year 7 months
Certified Ethical Hacker CEHv9
EC-Council / Firebrand Training
Penetration testing/vulnerability assessment, web and cybersecurity, cryptography and social engineering
Compliance management (COSO, COBIT), business continuity, operational security
Feb 2015 - Aug 2016
1 year 7 months
IT Security Manager (ISMS/ISO 27001)
TÜV Rheinland Akademie GmbH
Information security governance according to ISO/IEC 27001, 27002:2013 including security processes, ISMS, risk management
Aug 2010 - Jan 2015
4 years 6 months
Germany
Senior Project Manager / IT Security Manager in large projects (50%)
T-Systems International GmbH (TSI)
Project DAVOS/information network Berlin-Bonn (IVBB)/NdB, ITSM/data center
IT security management according to baseline protection in IVBB subprojects/baseline check and risk analysis, ITSM tool BMC Remedy, ISO 27001, TKG
Sep 2009 - Jan 2015
5 years 5 months
Germany
Senior Consultant IT Security and Process Management (50%)
T-Systems International GmbH (TSI)
Internal audits/check of 30 top projects in project monitoring according to TSI project management (PM) and software engineering (SE) standards, conducted ISO 27001 assessments, quality gates (reviews) in projects and services, information security and data protection according to TSI NOR/IRON standard, TKG, service management ITSM/ITIL, SLA, internal audits on projects like DB, DP, Fraport and others
Aug 2009 - Jul 2010
1 year
Germany
Program Manager Nearshore and Offshore Regulation (NOR)
T-Systems International GmbH (TSI)
Ensured IT security compliance in systems integration (SI)/Ü2
Implemented and supported requirements for Classified information protection (GBS), privacy (GPR) and legal (GLA)/TKG/team lead
Achieved NOR compliance in 102 SI applications including SAP BMS-IT (P02), implemented measures and partly brought back offshore capacities
May 2007 - Jul 2009
2 years 3 months
Germany
International Delivery Network (IDN) - Consulting (Near- and Offshoring)
T-Systems International GmbH (TSI)
IDN process rollout project management (PM) book/software engineering (SE) book in SI subsidiaries
IDN project monitoring for projects in France, Spain, Mexico and others
Jun 2000 - Apr 2007
6 years 11 months
Germany
Consultant Central Quality Assurance / ISO 9001
T-Systems / Gedas Deutschland GmbH
Support SAP service contract VW ITSM/SLA/service catalog based on ITIL
Proposal and project review board/document management ISO 9001
Process manager proposal review board and project monitoring: conducted process analysis and design/process modeling in ARIS
Sep 1999 - May 2000
9 months
Kassel, Germany
SAP Consultant Material Management (MM)
T-Systems / Gedas Deutschland GmbH
Project central spare parts logistics VW AG "Spare Parts 2000" (ET2000) Kassel
Worldwide shipping and support of SAP material master data and pricing (ALE)
Feb 1998 - Aug 1999
1 year 7 months
Shanghai, China
SAP Consultant Controlling (CO/subproject lead)
T-Systems / Gedas Deutschland GmbH
Project SAP implementation Shanghai Volkswagen
Introduced SAP CO module (cost center accounting, CO orders, product costing)
Aug 1988 - Jan 1998
9 years 6 months
Sound Engineer and Studio Musician
Freelance
Sep 1979 - Jul 1988
8 years 11 months
Berlin, Germany
Transport Technologist
Kabelwerk Oberspree Berlin
Developed material flow analyses and transport technologies
Languages
German
Native
English
Advanced
French
Elementary
Education
Sep 1975 - Jul 1979
Lorem ipsum dolor sit amet
Diploma Engineer Economist, specialized in logistics · Business Administration
Sep 1969 - Jul 1973
Gymnasium Güstrow
Abitur · Güstrow, Germany
Certifications & licenses
Certified Data Protection Officer for Companies/Authorities
Kommunales Bildungswerk e.V.
Additional audit competence §8a (3) BSIG IT security audits for KRITIS operators
Bitkom Akademie
PECB Certified ISO/IEC 27001 Lead Auditor
PECB
Certified Data Protection Officer for Companies/Authorities