Nikolaus Betzler - ICT Risk Management and Information Security

Q: Where is Nikolaus based?

Nikolaus is based in Langenfeld, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Nikolaus speak?

Nikolaus speaks the following languages: German (Native), English (Advanced), Portuguese (Intermediate) .

Q: How many years of experience does Nikolaus have?

Nikolaus has at least 25 years of experience. During this time, Nikolaus has worked in at least 16 different roles and for 23 different companies . The average length of individual experience is 1 year and 1 month . Note that Nikolaus may not have shared all experience and actually has more experience.

Q: What is Nikolaus's latest experience?

Nikolaus's most recent position is ICT Risk Management and Information Security at B. Metzler seel. Sohn & Co. AG .

Q: What companies has Nikolaus worked for in recent years?

In recent years, Nikolaus has worked for B. Metzler seel. Sohn & Co. AG , Die Autobahn GmbH des Bundes , Bürgschaftsbank NRW GmbH , Uniper , and Becton Dickinson .

Q: Which industries is Nikolaus most experienced in?

Nikolaus is most experienced in industries like Banking and Finance , Energy , and Insurance . Nikolaus also has some experience in Healthcare , Pharmaceutical , and Government and Public Administration .

Q: Which business areas is Nikolaus most experienced in?

Nikolaus is most experienced in business areas like Information Technology (IT) , Project Management , and Quality Assurance (QA) . Nikolaus also has some experience in Audit and Strategy and Planning .

Q: Which industries has Nikolaus worked in recently?

Nikolaus has recently worked in industries like Banking and Finance , Energy , and Healthcare .

Q: Which business areas has Nikolaus worked in recently?

Nikolaus has recently worked in business areas like Information Technology (IT) , Project Management , and Audit .

Recommended expert

Langenfeld, Germany

Experience

Oct 2024 - Present

1 year 6 months

ICT Risk Management and Information Security

B. Metzler seel. Sohn & Co. AG

Independently develop policies, guidelines, and frameworks for ICT risk management and information security
Advise business units on ICT risk management and information security
Further develop the ICT risk management framework that governs the identification, assessment, and control of ICT risks
Evaluate the Information Security Management System (ISMS) and adjust it for new challenges
Conduct risk analyses to identify and assess potential ICT risks and information security risks for the Metzler Group
Advise on defining and implementing measures to reduce risks and improve the resilience of ICT systems
Advise on ensuring compliance with relevant internal and external regulatory requirements (MaRisk, DORA, BAIT, BSI IT baseline protection, ISMS, ISO 27001, ISO 42001, ISO 27005, BCM ISO 22301)
Advise on internal and cross-functional projects (SAP DORA compliance, Target2, Section 8a BSI Act)

Apr 2024 - Sep 2024

6 months

Berlin, Germany

Sub-project Manager Information Security

Die Autobahn GmbH des Bundes

Align ISMS processes with the contractor (ISO 27001 & BSI IT baseline protection)
Verify and contribute to the security concept for the "Network Management Platform"
Advise and serve as contact for security-related issues for the Autobahn
Report to management and program leadership
Support audit processes for the IT/Info Security and Data Protection departments
Align processes for IT/Info Security and Data Protection
Assist in integrating SIEM systems of client and contractor
Design and establish integration of emergency management systems
Advise and help implement information security, IT security, and data protection requirements
Participate in audits and reviews based on BSI IT baseline protection and prepare/support the Section 8a audit
Advise on the further development of CRITIS measures

Oct 2023 - Mar 2024

6 months

Neuss, Germany

Cybersecurity Consultant

Bürgschaftsbank NRW GmbH

Support the migration from HiScout to ForumSuite (IS risk management tool)
ISMS, risk management, business continuity management, and emergency management
Revise and improve the ISMS and BCM for audit readiness
Develop and define measures to fix deficiencies and emergency plans
Advise on audit preparation and report to department heads and management
Advise on DORA RTS/ITS/Guidelines and conduct gap analysis
Advise on requirements according to BSI IT baseline protection and CRITIS audit (Section 8a BSI Act) as well as NIS2
Advise on ISO/IEC 27001/27002 & ISO/IEC 22301
Create bank-specific target measure catalog (BASI) and LFO, LFI guidelines
Advise on BAIT, KAIT, VAIT, ISO 9001, and sector-specific security standards (B3S)

Oct 2022 - Sep 2023

1 year

Düsseldorf, Germany

Cloud Security Consultant

Uniper

Identify and document gaps in the existing secure software development lifecycle
Define a governance framework for a modern secure software development lifecycle based on DevSecOps principles
Identify gaps in central tooling for DevSecOps activities and document them in a gap analysis presentation
Define and document selection criteria for additional tools to close identified gaps
Develop a company-wide policy for the secure development lifecycle based on ISO 27001/27002 and NIST
Improve Azure cloud infrastructure and tooling (SAST, DAST, IAST, IaC, OWASP, Mitre, CERT, CSA)
Advise on the further development of CRITIS measures
Act as contact for auditors

Jan 2022 - Sep 2022

9 months

Heidelberg, Germany

IT Security Consulting & Project Lead

Becton Dickinson

Develop and implement a certifiable information security strategy according to ISO 27001
Prepare presentations and business cases as decision support
Build a certifiable ISMS based on ISO 27001 (BSI IT baseline protection / Section 8a BSI Act)
Manage consulting firms (PWC, DIOX, BDX, TGS, CBRE)
Handle information security incidents and report to management
Communicate and coordinate with internal cross-functional teams
Develop and update security concepts, guidelines, procedures, and work instructions
Maintain external communication with stakeholders and authorities
Implement, maintain, and improve the enterprise-wide risk management system
Assess legal and regulatory requirements and integrate them into business processes
Manage audits and raise information security awareness (external and internal)
Advise on data protection and IT security requirements
Continuously improve and monitor the ISMS system

Jul 2021 - Dec 2021

6 months

Düsseldorf, Germany

IT Security Consulting & Information Security Manager

Deutsche Apotheker- und Ärztebank eG

Advisory services in information security according to BSI IT-Grundschutz & ISO 27001
Overseeing and coordinating penetration tests (BAIT, MaRisk)
Gap analysis (security level assessment)
Aligning bank-internal requirements with IT service providers' security measures
Analyzing identified vulnerabilities
Responsible for the phishing awareness campaign and SWIFT audit
Reporting to management

Jan 2021 - Jun 2021

6 months

Düsseldorf, Germany

Security Consulting & Project Management

GEA Group AG

Setting up and running SOC/SIEM processes and tools based on ISMS ISO/IEC 27k
Introducing vulnerability management and threat intelligence processes/tools
Establishing a security incident response framework and emergency management
Business continuity management and disaster recovery according to ISMS ISO/IEC 27k
Reporting to executive and program management
Improving the IT landscape as part of the Global Security Program
Advising on the development of critical infrastructure measures (BSI IT-Grundschutz / §8a BSI Act)

Apr 2020 - Dec 2020

9 months

Eschborn, Germany

Cyber Security Consulting & Project Management

Deutsche Börse AG

Creating information security documentation and risk assessments
Risk analysis of information and communication technologies (ICT)
Asset management
Improvement and further development according to BSI IT-Grundschutz / §8a BSI Act
Structural analysis and protection needs assessment
Preparing audit-relevant information for internal and external audits

Oct 2019 - Mar 2020

6 months

Essen, Germany

Cyber Security Consulting & Project Management

Innogy SE

Cyber security consulting and point of contact for business units
Project management for BSI, ISO 27k, ITIL, BCM, SOC/SIEM
Remediation of security findings, cyber threat analysis, security objectives, and measures with the SOC team
Introducing MS Windows 10 security standard, CIS benchmark, and security profiles
Patch management and remediation
Advising on BSI IT-Grundschutz and §8a BSI Act
Implementing endpoint protection, firewall, GPO, secure boot, disk encryption, remote access, VPN, and software distribution (SCCM)

Apr 2018 - Sep 2019

1 year 6 months

Munich, Germany

Cyber Security Consulting & Project Management

Consors Finanz, BNP Paribas S.A. Niederlassung Deutschland

IT cyber security consulting
Project management according to NIST
Remediation of security findings (F1-F5)
Advising on resource and budget planning
Implementing role-based access control (RBAC), PAM/IAM
Documentation (ISO 20022, ISO 31000, ISO 27000, GDPR, BAIT, firewall security, JIRA, PSD2, IAM, PAM, GRC)

Jan 2018 - Mar 2018

3 months

Stuttgart, Germany

Project Management

Finanz Informatik Technologie Service

Consulting and project management for highly critical trading applications (Priority 1) at LBBW
Managing the remediation of cyber security findings at LBBW
Implementing measures according to BSI IT baseline protection (§8a BSI Act) and ISO 27001
Managing technical teams for hardware replacement and rollout of critical trading applications with reporting to the division head & CIO
Introducing RBAC/Identity Access Management according to BSI IT baseline protection and ISO 27001

Jul 2017 - Sep 2017

3 months

Langenfeld, Germany

IT Security Consultant & Multi-Project ISM Management

Admeritia GmbH

Consulting in GRC, GDPR and EU GDPR for KRITIS companies and support during §8a audits
Setting up and implementing ISMS, risk and business continuity management in critical infrastructures
Creating security policies and guidelines, designing security and management processes
Conducting audits, risk analyses and protection needs assessments
Advising on certification by accredited bodies
Introducing IAM according to ISO/IEC 27552 & ISO/IEC 27001 & 27009
Developing guidelines, procedures, implementation plans and security concepts (access control)

Aug 2016 - Jul 2017

1 year

Stuttgart, Germany

Cyber Security Consulting & Project Management

Landesbank Baden-Württemberg

Technical leadership and implementation concept for restructuring the Bloomberg market data infrastructure (project "Bloomberg LBC")
Developing as-is analyses and rollout plans
Designing a role-based access control system (RBAC, DAC, MAC)
Implementation concept for an identity management system
Consulting on BSI IT baseline protection / §8a BSI Act
Point of contact for internal and external auditors
Overseeing the remediation of security vulnerabilities and creating action plans
Testing and analyzing various Bloomberg connections

Jan 2016 - Jul 2016

7 months

Kiel, Germany

Interim Senior Application & Project Management

IB.SH - Investitionsbank Schleswig-Holstein

Interim Senior Application Management for Treasury & Risk Management (Front, Middle, Back Office)
Project lead for Bloomberg Professional implementation
Application support for ATAQ Risk, Reuters, Moosmüller & Knauf
Consulting on BSI IT baseline protection & §8a BSI Act as well as IAM according to ITIL V3
Incident, problem, request, release, security & change management (Remedy) according to ISO 27001
Weekly status meetings with departments

May 2010 - Dec 2015

5 years 8 months

Düsseldorf, Germany

Senior Application & Project Management, Team Lead

EON Global Commodities

Senior Application Management & Trading Floor Support
Team Lead Change Management
Service Delivery Manager & Project Manager for E.ON Ruhrgas transition (1400 employees)
IT security management, BCM, DR, KPI reporting
Deputy team lead (approx. 40 employees)
Responsible for the risk management system including evaluation and reporting
Software integration, configuration, release & incident lifecycle management
Single point of contact for internal and external auditors

Dec 2009 - Feb 2010

3 months

Frankfurt, Germany

IT Consultant & Project Management

Commerzbank

Creation of a service catalog
Strategy planning for the Open Source & Engineering department after coordination with 19 employees

Oct 2009 - Nov 2009

2 months

Kiel, Germany

IT Security & Application Support

HSH Nordbank

Design of access permissions in the application area of Kondor+
Application support in the operational stability & IT security project
Development of Identity & Access Management concept according to ITIL V3
Creation of introductory manuals

Jul 2009 - Sep 2009

3 months

Munich, Germany

IT Consultant & Application Support

CACEIS Bank Deutschland GmbH

Integration of WebSphere Application Server, MQ Series and Process Server
QA testing, software and regression tests, defect management with Quality Center
Production support for Treasury Enrichment System (TESYS) and IAM according to ITIL V3
Support of the EAI operation (IBM WBI ICS)
Extension of Unix shell scripts in the MQ context

Oct 2007 - Jun 2009

1 year 9 months

Munich, Germany

IT Consultant & Application Support

HVB Information Services

Integration of WebSphere Application Server, MQ Series and Process Server
Support for Unix applications, packaging, staging, scripting, Citrix management and batch processing
QA testing, regression tests and production support for SPS
Defect management with Mercury Quality Center
Migration from CVS to PVCS and Subversion
IAM, change management & incident management according to ITIL V3

Apr 2007 - Sep 2007

6 months

Stuttgart, Germany

IT Consultant & Application Support

Landesbank Baden-Württemberg

System and application support for Financial Markets (Calypso, Kondor+, Sophis Risque)
Windows & Unix system support, software packaging and scripting
IAM according to ITIL V3 as well as project, change and incident management
Consulting business units on system issues

Jan 2006 - Mar 2007

1 year 3 months

Munich, Germany

IT Consultant & Application Support

HypoVereinsbank Corp. & Markets

Integration and 3rd level support for the trading floor and VIP support
Software programming, packaging and deployment (MS-SMS on Windows, Solaris)
Reporting, overnight, scenario & batch processing
QA testing and regression testing, as well as change control management
Support for RTD/RTS, EUREX, Xetra, Reuters and Sophis Risque

Dec 2004 - Nov 2005

1 year

Frankfurt, Germany

IT Consultant & Application Support

Barclays Capital

Planning, implementation and support for front office & back office
Support of the global network infrastructure and telecommunications systems
VIP support and interoffice visit support on site in Zurich, Paris and London

Sep 2003 - Oct 2004

1 year 2 months

Frankfurt, Germany

IT Consultant & Application Support

Landesbank Hessen Thüringen

Planning, implementation, administration and support for the entire trading platform
Management of Windows, Reuters, Bloomberg, MS Office, Murex, Salamis, Ziris, Niku, Bond Pricing, SAP and other applications
IAM and coordination of internal and external partners

Jan 2000 - Aug 2003

3 years 8 months

Munich, Germany

IT Security Consultant & Project Manager

GE Frankona Re

Responsibility for distributed infrastructure in Europe (70+ servers, 2,000 users)
IT security officer for Europe
Adherence to Six Sigma processes
Security awareness education
Problem manager for the IT outsourcing project "Helpdesk ERC India"
Management of the disaster recovery center in Ireland (BCM, 3 million $ annual budget)

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Banking and Finance (12 years), Energy (7 years), Insurance (3.5 years), Government and Administration (0.5 years), Healthcare (0.5 years), and Pharmaceutical (0.5 years).

Banking and Finance

Energy

Insurance

Government and Administration

Healthcare

Pharmaceutical

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (25.5 years), Project Management (16 years), Quality Assurance (9 years), and Audit (1.5 years).

Information Technology

Project Management

Quality Assurance

Audit

Skills

Cybersecurity
Isms
Nist
Bsi It Baseline Protection
Section 8a Bsi Act
Iso/iec 2700x
Ai Iso/iec 42001
Cis
Gdpr
Grc
Application Risk Assessments
Bcm Iso 22301
Tisax® Vda/isa 5/6
Devsecops Sdlc
Nis2
Dora
Diga
Bfarm
Itsm
Itil
It-pm
Support For The Section 8a Audit
Security Awareness
Penetration Testing
Vulnerability Management
Threat Analysis
Security Objectives
Security Measures
Security Policies
Security Concepts
Security Standards & Guidelines
Isms Iso 27001 Lead Implementer
Senior Application Management (Itsm, Itil)
Business Continuity
Disaster Recovery
It Operations
It Security
Auditing
It Project Management
Team Lead - Change Management
Team Lead - Service Delivery Management
Team Lead - Application Management
Agile Methods (Scrum)
Secure Cloud Infrastructure (Sdlc – Shift-left, Secdev Policy & Secdev Guidelines)
Azure
Ms365
Cloud Tooling
Sast
Dast
Iast
Iac
Owasp
Mitre
Cert
Secure Coding
Configuration Management
Release Management
Quality Management

Languages

German

Native

English

Advanced

Portuguese

Intermediate

Education

Training in Electrical Engineering

Certifications & licenses

Certified CISO.Prof – Chief Information Security Officer Professional

Certified CSP - Cyber Security Practitioner

Certified IT Project Management

Certified Lead Implementer & Lead Auditor ISO 27001 (+TISAX® VDA ISA)

Certified Microsoft System Engineer

MCP

Profile

Created

January 2025

Last Update

January 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Nikolaus based?

Nikolaus is based in Langenfeld, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Nikolaus speak?

Nikolaus speaks the following languages: German (Native), English (Advanced), Portuguese (Intermediate).

How many years of experience does Nikolaus have?

Nikolaus has at least 25 years of experience. During this time, Nikolaus has worked in at least 16 different roles and for 23 different companies. The average length of individual experience is 1 year and 1 month. Note that Nikolaus may not have shared all experience and actually has more experience.

What roles would Nikolaus be best suited for?

Based on recent experience, Nikolaus would be well-suited for roles such as: ICT Risk Management and Information Security, Sub-project Manager Information Security, Cybersecurity Consultant.

What is Nikolaus's latest experience?

Nikolaus's most recent position is ICT Risk Management and Information Security at B. Metzler seel. Sohn & Co. AG.

What companies has Nikolaus worked for in recent years?

In recent years, Nikolaus has worked for B. Metzler seel. Sohn & Co. AG, Die Autobahn GmbH des Bundes, Bürgschaftsbank NRW GmbH, Uniper, and Becton Dickinson.

Which industries is Nikolaus most experienced in?

Nikolaus is most experienced in industries like Banking and Finance, Energy, and Insurance. Nikolaus also has some experience in Healthcare, Pharmaceutical, and Government and Public Administration.

Which business areas is Nikolaus most experienced in?

Nikolaus is most experienced in business areas like Information Technology (IT), Project Management, and Quality Assurance (QA). Nikolaus also has some experience in Audit and Strategy and Planning.

Which industries has Nikolaus worked in recently?

Nikolaus has recently worked in industries like Banking and Finance, Energy, and Healthcare.

Which business areas has Nikolaus worked in recently?

Nikolaus has recently worked in business areas like Information Technology (IT), Project Management, and Audit.

What is Nikolaus's education?

Nikolaus attended education in Training in Electrical Engineering.

Does Nikolaus have any certificates?

Nikolaus has 6 certificates. Among them, these include: Certified CISO.Prof – Chief Information Security Officer Professional, Certified CSP - Cyber Security Practitioner, and Certified IT Project Management.

What is the availability of Nikolaus?

Nikolaus will be available full-time from April 2026.

What is the rate of Nikolaus?

Nikolaus's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.