Go to Website
  • en
  • de

Nikolaus B.

ICT Risk Management and Information Security

Langenfeld, Germany

Experience

Oct 2024 - Present
1 year

ICT Risk Management and Information Security

B. Metzler seel. Sohn & Co. AG

  • Independently developing guidelines, requirements, and concepts for ICT risk management and information security
  • Advising departments on ICT risk management and information security issues
  • Further developing the ICT risk management framework that governs identification, assessment, and control of ICT risks
  • Evaluating the information security management system (ISMS) including adjustments to new challenges
  • Conducting risk analyses to identify and assess potential ICT risks and risks to the information security of the Metzler Group
  • Advising on defining and implementing measures to minimize risks and improve resilience of ICT systems
  • Advising to ensure compliance with relevant internal and external regulatory requirements (e.g. MaRisk, DORA, BAIT, BSI IT-Grundschutz, ISMS, ISO 27001, ISO 42001, ISO 27005, BCM ISO 22301)
  • Consulting on internal and cross-functional projects, including SAP DORA compliance and Target2 as well as §8a BSI Act
Apr 2024 - Sep 2024
6 months
Berlin, Germany

Information Security Subproject Manager (Freelancer)

Die Autobahn GmbH des Bundes

  • Aligning ISMS processes with the contractor (ISO 27001 & BSI IT-Grundschutz)
  • Verifying and contributing to the creation of the security concept "Network Management Platform"
  • Consulting and point of contact for security-related topics of the Autobahn
  • Reporting to management and program management
  • Providing expert support for audit processes of the Info/IT security and data protection departments
  • Aligning processes for info/IT security and data protection
  • Supporting the integration of SIEM systems between client and contractor
  • Designing and establishing the integration of emergency management systems
  • Advising and contributing to the implementation of information, IT security, and data protection requirements
  • Participating in audits and reviews based on BSI IT-Grundschutz
  • Advising on the further development of KRITIS measures
  • Preparing and supporting the §8a audit
Oct 2023 - Mar 2024
6 months
Neuss, Germany

Cybersecurity Consultant (Freelancer)

Bürgschaftsbank NRW GmbH

  • Supporting the migration from HiScout to ForumSuite (including IS risk management tool)
  • ISMS, risk management, business continuity management, emergency management
  • Revising and improving the ISMS and BCM and adapting them for audit readiness
  • Defining and implementing measures to fix deficiencies and emergency plans
  • Advising on audit preparation
  • Reporting to department heads and management
  • Advising on DORA-RTS/IST/Guidelines, gap analysis
  • Advising on requirements under BSI IT-Grundschutz and KRITIS audit (§8a BSI Act)
  • Advising on ISO/IEC 27001/27002 and ISO/IEC 22301
  • Creating a bank-specific target measure catalogue (BASI) and other guidelines (e.g. compliance, IT regulatory fundamentals)
  • Advising on BAIT, KAIT, VAIT, ISO 9001 and industry-specific security standards (B3S)
Oct 2022 - Sep 2023
1 year
Düsseldorf, Germany

Cloud Security Consultant (Freelancer)

Uniper

  • Identifying and documenting gaps in the existing secure software development lifecycle
  • Defining a governance framework for a modern secure software development lifecycle based on DevSecOps principles and addressing identified gaps
  • Analyzing and documenting gaps in central tooling for DevSecOps activities
  • Defining and documenting selection criteria for tools to close identified gaps based on industry-wide security standards
  • Creating a company-wide policy for the secure development lifecycle based on ISO27001/ISO27002 and NIST
  • Improving Azure cloud infrastructure and tooling (SAST, DAST, IAST, IaC, OWASP, Mitre, CERT, CSA)
  • Advising on the further development of KRITIS measures
  • Serving as a point of contact for auditors
Jan 2022 - Sep 2022
9 months
Heidelberg, Germany

IT Security Consulting & Project Lead (Freelancer)

Becton Dickinson

  • Developing and implementing a certifiable information security strategy according to ISO 27001
  • Preparing presentations and business cases as a basis for decisions
  • Building a certifiable ISMS according to ISO27001 (BSI IT-Grundschutz/§8a BSI Act)
  • Managing consulting firms (PWC, DIOX, BDX, TGS, CBRE)
  • Managing information security incidents with reporting to executive management
  • Communicating and coordinating with internal cross-functional teams
  • Developing and updating security concepts and policies
  • Maintaining external communication with stakeholders and authorities
  • Implementing, maintaining, and improving the company-wide risk management system
  • Considering and assessing relevant legal and regulatory requirements
  • Audit management for information security
  • Raising awareness of information security requirements through training programs
  • Advising on information protection and IT security requirements
  • Continuous improvement and monitoring of the ISMS system

Summary

  • Development and implementation of information security strategies and concepts
  • Consulting in cybersecurity and IT security requirements
  • Audit and compliance management according to ISO 27001/IEC standards
  • Design and management of ISMS and BCM in critical infrastructures
  • Risk analyses and planning of measures for information security
  • Management of security incidents and reporting to management
  • Creation of guidelines, policies, and procedures
  • Training and raising awareness for IT security requirements

Languages

German
Native
English
Advanced
Portuguese
Intermediate

Education

Lorem ipsum dolor sit amet

Electrical engineering training

Certifications & licenses

Certified Chief Information Security Officer Professional

Certified Cyber Security Practitioner

Certified It-Projekt Management

Certified Lead Auditor Iso 27001

Certified Lead Implementer Iso 27001

Certified Microsoft System Engineer

Ciso.Prof – Certified Chief Information Security Officer Professional

Csp – Certified Cyber Security Practitioner

Mcp

Mcp

Microsoft Certified Systems Engineer (Mcse)

Tisax Vda Isa

Tisax Vda Isa Lead Auditor Iso 27001

Tisax Vda Isa Lead Implementer

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Dirk M.

Project Lead

View Profile
Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Oliver F.

Senior IT Enterprise Security Architect | Bank Migration Project

View Profile
Björn B.

Auditor

View Profile
Vladimir M.

Senior Security Analyst

View Profile
Henryk O.

Security Consultant

View Profile
Christian G.

DORA Implementation Project

View Profile
Stephan S.

IT-Security Manager

View Profile
Maxim R.

Information Security Officer

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Christian D.

Managing Director and Senior Consultant

View Profile
Fabian F.

OT Security Champion Europe

View Profile
Thomas U.

Senior Consultant / PM Infrastructure Services & Workplace Migration – Transport & Logistics, Passenger Transport

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.