Nikolaus Betzler
Cyber Security Consultant
Experience
Nov 2024 - Present
4 months Frankfurt, Germany
HybridICT/IKT Risk Management and Information Security
B. Metzler Seel. Sohn & Co. LTD.
Independent development of guidelines, specifications and concepts for ICT risk management and information security
Provide advice to departments on ICT risk management and information security issues
Further development of the ICT Risk Management Framework, which governs the identification, assessment, and control of ICT risks
Evaluation of the Information Security Management System (ISMS), including adaptation to new challenges
Conducting risk analyses to identify and assess potential ICT risks and risks to the information security of the Metzler Group
Advising on the definition and implementation of measures to minimize risks and improve the resilience of ICT systems
Advice on ensuring compliance with relevant internal and external regulatory requirements (e.g. MaRisk, DORA, BAIT, BSI IT-Grundschutz, ISMS, ISO27001, ISO27005, BCM ISO 22301, ISO/IEC 42001)
Advice on internal and cross-departmental projects (SAP DORA compliance, Target2)
Apr 2024 - Sep 2024
6 months Berlin, Germany
Information Security Project Lead
Die Autobahn GmbH des Bundes
- Coordinate ISMS processes with the service provider
- Review and contribute to the development of the Network Management Platform Security Policy
- Advice/contact point for security issues of the client and the service provider
- Provide technical support for Info/IT Security and Data Protection testing processes
- Coordination of Info/IT Security, Data Protection processes
- Supporting the coupling of the SIEM systems of the client and the service provider
- Design and implement the coupling of emergency management systems
- Advising and participating in the implementation of information, IT security and data protection requirements
- Participation in audits and revisions based on the BSI IT baseline protection
Oct 2023 - Mar 2024
6 months Neuss, Germany
Cybersecurity Consultant
Bürgschaftsbank NRW GmbH
- Support in migrating from HiScout to ForumSuite
- ISMS, risk management, business continuity management, emergency management
- DORA- RTS/IST/Guidelines, GAP analysis, requirements
- BSI – IT-Grundschutz Compendium
- ISO/IEC 27001 / 27002 & ISO/IEC 22301
- Bank-specific target action catalog (BASI)
- Compliance Guidelines (LFO)
- Guide to the basics of IT regulation (LFI)
- Banking supervisory requirements for IT (BAIT)
- Capital management supervisory requirements for IT (KAIT)
- Insurance regulatory requirements for IT (VAIT)
- ISO 9001
- Industry-specific security standards (B3S)
Oct 2022 - Sep 2023
1 year Düsseldorf, Germany
Cloud Security Consultant
Uniper
- Identify and document gaps in the existing secure software development lifecycle
- Define a governance framework for a modern secure software development lifecycle (definition of policies, roles, and responsibilities) based on DevSecOps principles and considering the previously identified gaps
- Identify gaps in core tooling for DevSecOps activities and document these gaps in a gap analysis presentation
- Define and document selection criteria for additional tools to fill identified gaps. Selection criteria are based on industry-wide security standards
- Create a policy for the secure development of the lifecycle based on the defined cyber security framework
- Cloud Infrastructure Azure Enhancement, Tooling (SAST, DAST, IAST, IaC, OWASP, Mitre, CERT)
Jan 2021 - Sep 2022
9 months Heidelberg, Germany
IT Security Consulting & Project Lead
Becton Dickinson
- Development and implementation of the information security strategy according to ISO 27001
- Development of presentations and business cases as a basis for decisions
- Establishment of an ISMS according to ISO27001
- Management of consulting companies (PWC, DIOX, BDX, TGS, CBRE)
- Information security Incident management
- Communication and coordination with the internal cross-functional teams
- Development and further development of security concepts, participation in IT security concepts, guidelines, directives, procedural instructions, work instructions
- Maintaining external communication with stakeholders and authorities
- Implementation, maintenance, and further development of the cross-company risk management system regarding information security
- Consideration and evaluation of relevant legal and regulatory requirements regarding information security as well as implementation of business processes
- Audit management for information security based on the identified needs in the organization
- Raising awareness of information security requirements (externally and internally), e.g., by designing and implementing training programs
- Advice on information protection and IT security requirements
- Continuous improvement and monitoring of the ISMS system
Jul 2021 - Dec 2021
6 months Düsseldorf, Germany
IT Security Consulting & Information Security Manager
Deutsche Apotheker- und Ärztebank eG
- Consulting services in information security
- Monitoring and coordination of penetration tests
- Target/actual comparison (protection level survey)
- Comparison of the bank's internal specifications with the security measures of the IT service providers
- Evaluation of the results of identified weaknesses
- Responsible for the Phishing Awareness Campaign & SWIFT Audit
Jan 2020 - Jun 2021
6 months Düsseldorf, Germany
Security Consulting & Project Management
GEA Group AG
- SOC/SIEM - Security Operations Center Process/Tools (ISMS ISO/IEC 27k)
- Vulnerability Management & Threat Intelligence Processes/Tools (ISMS ISO/IEC 27k)
- Security Incident Response Framework & Management (ISMS ISO/IEC 27k) & Security Concepts
- Security Emergency & Crisis Management (ISMS ISO/IEC 27k)
- Business Continuity Management & Disaster Recovery (ISMS ISO/IEC 27k)
- Improve the security of the GEA IT landscape due to the Global Security Program (ISMS ISO/IEC 27k)
Apr 2020 - Dec 2020
9 months Eschborn, Germany
Cyber Security Consulting & Project Management
German Stock Exchange AG
- Information Security Documentation & Risk Assessments
- Risk analysis of information management systems
- Asset Management
- Structural analysis as well as protection needs analysis
Oct 2019 - Mar 2020
6 months Essen, Germany
Cyber Security Consulting & Project Management
Innogy SE
- Cyber Security Consulting / Technical
- Project Management - Cyber Security BSI, ISO27k, ITIL, BCM, SOC/SIEM
- Elimination of Security Findings, Cyber Threat Analysis, Security Objectives, Security Measures with SOC team
- MS Windows 10 Security Standard, CIS Windows 10 Benchmark, Security Profiles, best practice
- Patch Management and Remediation
- Windows 10 End Point Protection, Firewall, GPO, Secure Boot, Disk Encryption, Remote Access, VPN, Software distribution (SCCM)
Apr 2018 - Sep 2019
1 year 6 months Munich, Germany
Cyber Security Consulting & Project Management
Consors Finanz, BNP Paribas S.A. Branch Germany
- IT Cyber Security Consulting / Technical
- Project Management - Cyber Security according to NIST
- Elimination of Security Findings (F1-F5)
- Consulting resource planning, budget planning
- Role-Based Access Control (RBAC) / PAM/IAM - Identity Management System
- Documentation (ISO 20022, ISO 31000, ISO 27000, GDPR, BAIT, FW-Security, JIRA, PSD2, IAM, PAM, GRC)
Jan 2018 - Mar 2018
3 months Stuttgart, Germany
Project Management
Finanz Informatik Technology Service
- Consulting and project management around critical trading application (Prio1) of LBBW
- Management of the elimination of cyber security findings at LBBW
- Lead implementation
- Steering of technical teams in hardware replacement of clients & rollout of critical trading application at client LBBW with reporting to the Division Manager & CIO as well as to LBBW
- Role-Based Access Control (RBAC) / Identity Access Management
- Project goals 100% achieved within 3 months
Jul 2017 - Sep 2017
3 months Langenfeld, Germany
IT-Security Consultant & Multiproject Management ISM
Admeritia GmbH
- Consulting around GRC (Governance, Risk, Compliance, Finance and Controlling), GDPR, EU-DSGVO Introduction & implementation of ISMS, Risk as well as Business Continuity Management (BCM) in critical infrastructures
- Establishment of ISMS through the creation of security guidelines and the design of security and management processes. IT security concepts, audits, risk analysis and protection need assessments
- Consulting & support during certification by an accredited certification body
- Introduction IAM according to ISO/IEC 27552 & ISO/IEC WD 27552 & ISO/IEC 27001 & 27009
- Cyber Security Checks
- Preparation of guidelines, policies, procedures, implementation plans
- Creation of security concepts e.g., access control (users, applications, policies) incl. implementation
Aug 2016 - Jul 2017
1 year Stuttgart, Germany
Cyber Security Consulting & Project Management
State Bank of Baden-Wuerttemberg
- Technical management as well as creation of an implementation concept based on the existing overall concept in the project "Bloomberg LBC" for the implementation of the restructuring of Bloomberg's market data infrastructure with the goal of an audit-proof infrastructure
- Creation of an implementation concept based on the existing overall concept
- Preparation of an as-is analysis regarding the implementation of the restructuring of Bloomberg's market data infrastructure
- Concept creation of a role-based access control system (RBAC, DAC, MAC)
- Implementation concept Identity Management System
- Managing the remediation of security vulnerabilities for Bloomberg's market data infrastructure and creating an action plan
- Ensuring an audit-proof infrastructure in accordance with the predefined security specifications
- Creation and execution of tests on various Bloomberg connections on the terminal
- Creation of an analysis of the failed tests
Jan 2015 - Jul 2016
7 months Kiel, Germany
Interim Senior Application & Project Management
IB.SH - Investment Bank Schleswig-Holstein
- Interim Senior Application Management Treasury & Risk Management (Front-, Middle-, Back-Office)
- Project management introduction Bloomberg Professional
- Application support ATAQ Risk, Reuters, Moosmüller & Knauf
- IT Security Management, Identity & Access Management according to ITIL V3 (IAM)
- Incident-, Problem-, Request-, Release-, Security-, & Change-Management (Remedy) according to ITIL V3
- Weekly jour fixe with Treasury & Risk Management, Controlling, Regulatory Reporting, Credit departments
May 2010 - Dec 2015
5 years 8 months Düsseldorf, Germany
Senior Application & Project Management, Team Lead
EON Global Commodities
- Senior Application Management & Trading Floor Support, Team Lead Change Management
- Service Delivery Manager & Project Manager E. ON Ruhrgas Transition (1400 employees)
- IT Security Management, BCM Neuss, DR, KPI
- Senior Application Management, Deputy Team Lead (approx. forty employees)
- Responsible for the risk management system incl. evaluation with report to the department
- Software Integration, Configuration, Release, & Incident Lifecycle Management
Dec 2009 - Feb 2010
3 months Frankfurt, Germany
IT Consultant & Project Management
Commerzbank
- Creation of a Service catalog
- Strategic planning for the Open Source & Engineering department after coordination with 19 employees
Oct 2009 - Nov 2009
2 months Kiel, Germany
IT-Security & Application-Support
HSH Nordbank
- Conceptual design of access permissions in the application area of Kondor+
- Application support for HSH Nordbank as part of the Operational Stability & IT Security project
- Concept creation Identity & Access Management according to ITIL V3 (IAM)
- Creation of the implementation Manuals
Jul 2009 - Sep 2009
3 months Munich, Germany
IT Consultant & Application Support
CACEIS Bank Germany GmbH
- Integration WebSphere Application Server, WebSphere MQ Series, WebSphere Process Server
- QA Testing, Software Testing & Regression Testing, Defect Management with Quality Center
- Production assurance Treasury Enrichment System= TESYS and Identity & Access Management ITIL V3
- Support EAI operation (IBM WBI ICS)
- MQ Series in the context of TESYS, extension Unix Shell Scripts
Oct 2007 - Jun 2009
1 year 9 months Munich, Germany
IT Consultant & Application Support
HVB Information Services
- Integration with WebSphere Application Server, WebSphere MQ Series, WebSphere Process Server
- Support Unix & Applications, Packaging, Staging, Scripting, Citrix Management, Batch Processing
- QA Testing, Software Testing & Regression Testing, Production Assurance PLC, Support EAI Operations
- Defect Management with Mercury Quality Center, conversion from CVS to PVCS, later Sub Version
- Identity & Access Management, Change Management & Incident Management according to ITIL V3 (IAM)
Apr 2007 - Sep 2007
6 months Stuttgart, Germany
IT Consultant & Application Support
Landesbank Baden-Württemberg
- System and Application Support, Financial Markets, Calypso, Kondor+, Sophis Risque
- Windows & Unix system support / consulting / optimization, software packaging, scripting
- Identity & Access Management according to ITIL
- Project, change, incident management, identity & access management according to ITIL V3 in the retail environment
- Consulting of departments and development units in system issues, system planning and operational implementation
Jan 2005 - Mar 2007
1 year 3 months Munich, Germany
IT Consultant & Application Support
HypoVereinsbank Corp. & Markets
- Integration & 3rd level support for the trading room, VIP support for senior traders and department heads
- Software Programming & Packaging, Creation and Distribution with MS-SMS on Windows 2003, Windows 2000 & XP, Solaris Packaging, Reporting, Overnight, Scenario & Batch Processing
- QA Testing, Quality Management / Software & Regression Testing, Change Control Management
- RTD/RTS, EUREX, Xetra, Reuters, Sophis Risque
Dec 2004 - Nov 2005
1 year Frankfurt, Germany
IT Consultant & Application Support
Barclays Capital
- Planning, realization, and support for the front office & back office
- Support of the complete network infrastructure, telecommunication systems worldwide
- Regional support & support of all technical systems located in the house
- VIP Support & Interoffice Visit Support also on site abroad (Zurich, Paris, London)
Sep 2003 - Oct 2004
1 year 2 months Frankfurt, Germany
IT Consultant & Application Support
Landesbank Hesse Thuringia
- Planning, implementation, administration, and support for the entire trading platform
- Responsible for the support of the components Windows 2000 & XP, Reuters 3000 Xtra, Bloomberg, MS Office products various banking applications, Murex, Dealing 2000, Salamis, Ziris, Niku, Bond Pricing, SAP, Trade signal, Bondware
- Identity & Access Management
- Coordination of internal and external partners and employees
Jan 1999 - Aug 2003
3 years 8 months Munich, Germany
IT Security Consultant & Project Manager
GE Frankona Re
- Focus, responsibility for infrastructure distributed throughout Europe with over 70 servers, approx. 2000 Users
- IT Security Officer for Europe
- Responsible for the compliance with the Six Sigma processes
- Security Awareness Education
- Problem Manager for the IT outsourcing project "Helpdesk ERC-India"
- Responsible for overseeing the Disaster Recovery Center in Ireland, BCM, budget $3 million per year
Summary
Durch meine langjährige Tätigkeit in der IT-Branche seit 1996 beim Hersteller Digital Equipment und die gesammelten Erfahrungen bei verschiedenen Banken, Versicherungen, Energieversorger, Netzbetreiber und Medizintechnik mit Tätigkeiten im In- und Ausland konnte ich sowohl mein technisches Wissen als auch meine soziale Kompetenz erweitern.
Nicht zuletzt durch meine Projekterfahrungen in allen ITIL-Prozessbereichen und meine Erfahrung in der Führung von internen Mitarbeitern, externen Dienstleistern und Security Audits wurde besonders auf die Einhaltung der SLAs und OLAs geachtet und durch meine Expertise angepasst und verbessert.
Als Cybersecurity & Managing - Consultant konnte ich seit dem Jahr 2000 fundierte Erfahrungen in den Bereichen Cybersecurity, ISMS, NIST, BSI IT-Grundschutz, ISO27K, ISO/IEC 42001, DORA, NIS2, GDPR, GRC, Vulnerability Management, Risikoanalyse und Business Impact Analysis (BIA), BCM ISO 22301, AS ISO/IEC 42001, EU AI Act, GAP-Analysen, TISAX ® VDA/ISA 5/6 ISO27001 Lead Implementer & Auditor, DevSecOps-SLDC, DiGA, BfArM, ITSM, ITIL, IT-PM sammeln.
In vielen Kundenprojekten aus unterschiedlichen Branchen habe ich bei der Einführung von ISMS bzw. beim Aufbau und der Verbesserung erfolgreich mitgewirkt bis hin zur Zertifizierung bzw. beim Kunden moderiert und Workshops durchgeführt, wie auch als dedizierter Ansprechpartner für die Auditoren fungiert.
Die Erstellung von Informationssicherheitskonzepten und -richtlinien, Verfahrensanweisungen, Arbeitspaketen, Sicherheitsstandards, Notfallplänen, Risikobewertungen für Informations- und Kommunikationstechnologien (IKT) gehören ebenso zu meinen Stärken wie die Implementierung, Bewertung, GAP-Analysen, Verbesserung und Behebung von Sicherheitslücken.
Auch die Steuerung und Koordination von internen oder externen technischen Teams gehört aufgrund meiner langjährigen technischen Kenntnisse und der gemeinsamen Sprache immer wieder zu meinen Aufgaben. Der Aufbau und die Steuerung von Maßnahmen zur Security Awareness und Informationsklassifizierung gehören zu meinem Repertoire.
Konzeption, Projektarbeit und der Umgang mit externen Dienstleistern, Abteilungsleitern des Front-, Middle- & Backoffice sowie der Geschäftsleitung liegen mir sehr. Oftmals konnte ich bei verschiedenen Kunden einen VIP-Service für Senior Trader und Abteilungsleiter anbieten und direkt an die Geschäftsleitung berichten. Der Head of Treasury, das Meldewesen, das Back Office und das Risikomanagement schätzen meine Professionalität.
Meine schnelle Auffassungsgabe und die Fähigkeit, sehr konzentriert zu arbeiten, ermöglichen es mir immer wieder, mich sehr schnell in neue Systeme einzuarbeiten und mein Spektrum zu erweitern. Dennoch ist es mir möglich, mich schnell in die Tiefe verschiedenster Themen einzuarbeiten, wie man an den vielen Stationen in meinem Lebenslauf erkennen kann.
Projektleitung bei großen Transformationen, ITSM, Service Delivery und langjährige Erfahrung im Change-Management gehören ebenfalls zu meinem Repertoire.
Regelmäßige Weiterbildungen begleiten mich auf meinem Weg. Einsätze im internationalen Umfeld bereiten mir Freude.
Languages
German
Native
English
Advanced
Portuguese
Intermediate