Independently developing policies, specifications, and concepts for ICT risk management and information security
Advising business units on ICT risk management and information security issues
Advancing the ICT risk management framework governing identification, assessment, and control of ICT risks
Evaluating and adapting the information security management system (ISMS) to new challenges
Conducting risk analyses to identify and assess potential ICT risks and information security risks for the Metzler Group
Advising on the definition and implementation of measures to minimize risks and improve ICT systems resilience
Ensuring compliance with relevant internal and external regulatory requirements (e.g., MaRisk, DORA, BAIT, BSI IT-Grundschutz, ISMS, ISO 27001, ISO 42001, ISO 27005, BCM ISO 22301)
Consulting on internal and cross-departmental projects, including SAP DORA compliance and Target2 as well as §8a BSI Act
Apr 2024 - Sep 2024
6 months
Berlin, Germany
Subproject Manager Information Security (Freelancer)
Die Autobahn GmbH des Bundes
Aligning ISMS processes with the contractor (ISO 27001 & BSI IT-Grundschutz)
Verification and collaboration in creating the “Network Management Platform” security concept
Advisory and point of contact for motorway security-related topics
Reporting to executive and program management
Technical support for audit processes in the information/IT security and data protection departments
Aligning processes for information/IT security and data protection
Supporting the integration of SIEM systems between client and contractor
Designing and establishing the integration of emergency management systems
Advising and collaborating on implementing information, IT security, and data protection requirements
Participating in audits and reviews based on BSI IT-Grundschutz
Advising on the advancement of KRITIS measures
Preparing and supporting the §8a audit
Oct 2023 - Mar 2024
6 months
Neuss, Germany
Cybersecurity Consultant (Freelancer)
Bürgschaftsbank NRW GmbH
Supporting the migration from HiScout to ForumSuite (e.g., IS risk management tool)
ISMS, risk management, business continuity management, emergency management
Revising and improving the ISMS and BCM and ensuring audit-proof adjustments
Defining and implementing measures to remediate deficiencies and emergency plans
Advising on audit preparation
Reporting to department heads and executive management
Advising on DORA RTS/IST/guidelines, gap analysis
Advising on BSI IT-Grundschutz requirements and KRITIS audit (§8a BSI Act)
Advising on ISO/IEC 27001/27002 and ISO/IEC 22301
Creating a bank-specific target action catalog (BASI) and other guides (e.g., compliance, IT regulatory foundations)
Advising on BAIT, KAIT, VAIT, ISO 9001, and industry-specific security standards (B3S)
Oct 2022 - Sep 2023
1 year
Düsseldorf, Germany
Cloud Security Consultant (Freelancer)
Uniper
Identifying and documenting gaps in the existing secure software development lifecycle
Defining a governance framework for a modern secure software development lifecycle based on DevSecOps principles and identified gaps
Analyzing and documenting gaps in centralized tooling for DevSecOps activities
Defining and documenting selection criteria for tools to close identified gaps based on industry-wide security standards
Creating a company-wide policy for the secure development lifecycle based on ISO 27001/ISO 27002 and NIST