Nikolaus Betzler - ICT Risk Management and Information Security

Recommended expert

Langenfeld, Germany

Experience

Oct 2024 - Present

1 year 4 months

ICT Risk Management and Information Security

B. Metzler seel. Sohn & Co. AG

Independently developing policies, requirements and concepts for ICT risk management and information security
Advising departments on ICT risk management and information security issues
Enhancing the ICT risk management framework for identifying, assessing and controlling ICT risks
Evaluating the Information Security Management System (ISMS) and adapting it to new challenges
Conducting risk analyses to identify and assess potential ICT risks and information security risks for the Metzler Group
Advising on defining and implementing measures to minimize risk and improve ICT system resilience
Advising on ensuring compliance with relevant internal and external regulations (MaRisk, DORA, BAIT, BSI IT Baseline Protection, ISMS, ISO 27001, ISO 42001, ISO 27005, BCM ISO 22301)
Advising on internal and cross-functional projects (SAP DORA compliance, TARGET2, Section 8a BSI Act)

Apr 2024 - Sep 2024

6 months

Berlin, Germany

Subproject Manager Information Security

Die Autobahn GmbH des Bundes

Aligning ISMS processes with the contractor (ISO 27001 & BSI IT Baseline Protection)
Verifying and contributing to the development of the security concept for the "Network Management Platform"
Advising and serving as contact for security-related issues at Die Autobahn GmbH des Bundes
Reporting to management and program leadership
Supporting the audit processes of the Info/IT Security and Data Protection departments
Coordinating Info/IT security and data protection processes
Supporting the integration of the client's and contractor's SIEM systems
Designing and establishing the integration of incident management systems
Advising on and contributing to the implementation of information security, IT security and data protection requirements
Supporting audits and reviews based on BSI IT Baseline Protection, and preparing and assisting with Section 8a audits
Advising on the further development of KRITIS measures

Oct 2023 - Mar 2024

6 months

Neuss, Germany

Cybersecurity Consultant

Bürgschaftsbank NRW GmbH

Supporting the migration from HiScout to ForumSuite (IS risk management tool)
ISMS, risk management, business continuity management and incident management
Revising and improving the ISMS and BCM for auditability
Creating and defining measures to address deficiencies and emergency plans
Advising on audit preparation and reporting to department heads and executive management
Advising on DORA RTS/ITS guidelines and GAP analysis
Advising on requirements according to BSI IT Baseline Protection & KRITIS audit (Section 8a BSI Act) and NIS2
Advising on ISO/IEC 27001/27002 & ISO/IEC 22301
Developing a bank-specific target measures catalog (BASI) and LFO, LFI guidelines
Advising on BAIT, KAIT, VAIT, ISO 9001 and industry-specific security standards (B3S)

Oct 2022 - Sep 2023

1 year

Düsseldorf, Germany

Cloud Security Consultant

Uniper

Identifying and documenting gaps in the existing secure software development lifecycle
Defining a governance framework for a modern secure software development lifecycle based on DevSecOps principles
Identifying gaps in the central tooling for DevSecOps activities and documenting them in a gap analysis presentation
Defining and documenting selection criteria for additional tools to close identified gaps
Developing a company-wide secure development lifecycle policy based on ISO 27001/27002 and NIST
Improving the Azure cloud infrastructure and tooling (SAST, DAST, IAST, IaC, OWASP, Mitre, CERT, CSA)
Advising on the further development of KRITIS measures
Point of contact for auditors

Jan 2022 - Sep 2022

9 months

Heidelberg, Germany

IT Security Consulting & Project Lead

Becton Dickinson

Developing and implementing a certifiable information security strategy according to ISO 27001
Preparing presentations and business cases as decision-making tools
Establishing a certifiable ISMS under ISO 27001 (BSI IT Baseline Protection / Section 8a BSI Act)
Managing consulting firms (PwC, DIOX, BDX, TGS, CBRE)
Managing information security incidents and reporting to executive management
Communicating and coordinating with internal cross-functional teams
Developing and refining security concepts, guidelines, procedures and work instructions
Maintaining external communication with stakeholders and authorities
Implementing, maintaining and improving the company-wide risk management system
Assessing legal and regulatory requirements and integrating them into business processes
Managing audits and raising awareness for information security (external and internal)
Advising on information protection and IT security requirements
Continuously improving and monitoring the ISMS

Jul 2021 - Dec 2021

6 months

Düsseldorf, Germany

IT Security Consulting & Information Security Manager

Deutsche Apotheker- und Ärztebank eG

Consulting services in information security based on BSI IT-Grundschutz & ISO 27001
Support and coordination of penetration tests (BAIT, MaRisk)
Current vs. target state analysis (security level assessment)
Alignment of internal bank requirements with IT service providers' security measures
Analysis of identified vulnerabilities
Responsible for phishing awareness campaign and SWIFT audit
Reporting to senior management

Jan 2021 - Jun 2021

6 months

Düsseldorf, Germany

Security Consulting & Project Management

GEA Group AG

Establishment and operation of SOC/SIEM processes and tools according to ISMS ISO/IEC 27k
Implementation of vulnerability management and threat intelligence processes/tools
Establishment of a security incident response framework and emergency management
Business continuity management and disaster recovery according to ISMS ISO/IEC 27k
Reporting to senior management and program management
Improvement of IT landscape within the Global Security Program
Consulting on the further development of KRITIS measures (BSI IT-Grundschutz / §8a BSI Act)

Apr 2020 - Dec 2020

9 months

Eschborn, Germany

Cyber Security Consulting & Project Management

Deutsche Börse AG

Creation of information security documentation and risk assessments
Risk analysis of information and communication technologies (ICT)
Asset management
Improvement and further development according to BSI IT-Grundschutz / §8a BSI Act
Structural analysis and protection requirements analysis
Preparation of audit-relevant information for internal and external audits

Oct 2019 - Mar 2020

6 months

Essen, Germany

Cyber Security Consulting & Project Management

Innogy SE

Cyber security consulting and point of contact for business units
Project management for BSI, ISO 27k, ITIL, BCM, SOC/SIEM
Remediation of security findings, cyber threat analysis, security objectives and measures with the SOC team
Implementation of MS Windows 10 security standard, CIS benchmarks and security profiles
Patch management and remediation
Consulting on BSI IT-Grundschutz and §8a BSI Act
Implementation of endpoint protection, firewall, GPO, secure boot, disk encryption, remote access, VPN and software distribution (SCCM)

Apr 2018 - Sep 2019

1 year 6 months

Munich, Germany

Cyber Security Consulting & Project Management

Consors Finanz, BNP Paribas S.A. Niederlassung Deutschland

IT cyber security consulting
Project management according to NIST
Remediation of security findings (F1-F5)
Consulting on resource and budget planning
Implementation of role-based access control (RBAC), PAM/IAM
Documentation (ISO 20022, ISO 31000, ISO 27000, GDPR, BAIT, FW-Security, JIRA, PSD2, IAM, PAM, GRC)

Jan 2018 - Mar 2018

3 months

Stuttgart, Germany

Project Management

Finanz Informatik Technologie Service

Consulting and project management in the area of highly critical trading applications (Priority 1) for LBBW
Managing the remediation of cyber security findings at LBBW
Implementing measures based on BSI IT-Grundschutz (§8a BSI Act) and ISO 27001
Coordinating technical teams for hardware upgrades and rollout of critical trading applications, reporting to the division head & CIO
Introducing RBAC/Identity Access Management according to BSI IT-Grundschutz and ISO 27001

Jul 2017 - Sep 2017

3 months

Langenfeld, Germany

IT Security Consultant & ISM Multi-Project Management

Admeritia GmbH

Consulting in GRC, GDPR (EU regulation) for KRITIS (critical infrastructure) companies and support during §8a audits
Introducing and implementing ISMS, risk and business continuity management in critical infrastructures
Developing security policies/guidelines, designing security and management processes
Conducting audits, risk analyses, and protection requirement assessments
Advising on certification by accredited bodies
Implementing IAM according to ISO/IEC 27552, ISO/IEC 27001 & 27009
Creating guidelines, work instructions, implementation plans, and security concepts (access control)

Aug 2016 - Jul 2017

1 year

Stuttgart, Germany

Cyber Security Consulting & Project Management

Landesbank Baden-Württemberg

Subject-matter lead and implementation concept for restructuring the Bloomberg market data infrastructure (project "Bloomberg LBC")
Preparing as-is analyses and rollout plans
Developing a concept for a role-based access control system (RBAC, DAC, MAC)
Implementation concept for an identity management system
Advising on BSI IT-Grundschutz / §8a BSI Act
Point of contact for internal and external auditors
Managing the remediation of security vulnerabilities and creating action plans
Testing and analyzing various Bloomberg integrations

Jan 2016 - Jul 2016

7 months

Kiel, Germany

Interim Senior Application & Project Management

IB.SH - Investitionsbank Schleswig-Holstein

Interim Senior Application Management for Treasury & Risk Management (Front, Middle, Back Office)
Project lead for Bloomberg Professional implementation
Application support for ATAQ Risk, Reuters, Moosmüller & Knauf
Consulting on BSI IT-Grundschutz & §8a BSI Act, as well as IAM according to ITIL V3
Incident, problem, request, release, security & change management (Remedy) according to ISO 27001
Weekly status meetings with departments

May 2010 - Dec 2015

5 years 8 months

Düsseldorf, Germany

Senior Application & Project Management, Team Lead

EON Global Commodities

Senior application management & trading floor support
Team lead for change management
Service Delivery Manager & Project Manager for E.ON Ruhrgas transition (1400 employees)
IT security management, BCM, DR, KPI reporting
Deputy team lead (approx. 40 employees)
Responsible for the risk management system, including evaluation and reporting
Software integration, configuration, release & incident lifecycle management
Single point of contact for internal and external auditors

Dec 2009 - Feb 2010

3 months

Frankfurt, Germany

IT Consultant & Project Management

Commerzbank

Creating a service catalog
Planning the strategy for the Open Source & Engineering department in coordination with 19 team members

Oct 2009 - Nov 2009

2 months

Kiel, Germany

IT Security & Application Support

HSH Nordbank

Designing access permissions in the Kondor+ application area
Providing application support for the Operational Stability & IT Security project
Developing the Identity & Access Management concept according to ITIL V3
Creating introduction manuals

Jul 2009 - Sep 2009

3 months

Munich, Germany

IT Consultant & Application Support

CACEIS Bank Deutschland GmbH

Integrating WebSphere Application Server, MQ Series, and Process Server
QA testing, software and regression tests, and defect management with Quality Center
Ensuring production security for the Treasury Enrichment System (TESYS) and IAM according to ITIL V3
Supporting EAI operations (IBM WBI ICS)
Extending Unix shell scripts in an MQ context

Oct 2007 - Jun 2009

1 year 9 months

Munich, Germany

IT Consultant & Application Support

HVB Information Services

Integrating WebSphere Application Server, MQ Series, and Process Server
Supporting Unix applications, packaging, staging, scripting, Citrix management, and batch processing
QA testing, regression tests, and production support for SPS
Defect management with Mercury Quality Center
Migrating from CVS to PVCS and Subversion
IAM, change management, and incident management according to ITIL V3

Apr 2007 - Sep 2007

6 months

Stuttgart, Germany

IT Consultant & Application Support

Landesbank Baden-Württemberg

Providing system and application support for Financial Markets (Calypso, Kondor+, Sophis Risque)
Windows & Unix system administration, software packaging, and scripting
IAM according to ITIL V3, as well as project, change, and incident management
Advising business units on system-related issues

Jan 2006 - Mar 2007

1 year 3 months

Munich, Germany

IT Consultant & Application Support

HypoVereinsbank Corp. & Markets

Integration and 3rd-level support for the trading floor and VIP support
Software programming, packaging, and deployment (MS-SMS on Windows, Solaris)
Reporting, overnight, scenario & batch processing
QA testing and regression tests, as well as change control management
Support for RTD/RTS, EUREX, Xetra, Reuters, and Sophis Risque

Dec 2004 - Nov 2005

1 year

Frankfurt, Germany

IT Consultant & Application Support

Barclays Capital

Planning, implementation, and support for front office & back office
Support of global network infrastructure and telecommunications systems
VIP support and interoffice visit support on-site in Zurich, Paris, and London

Sep 2003 - Oct 2004

1 year 2 months

Frankfurt, Germany

IT Consultant & Application Support

Landesbank Hessen Thüringen

Planning, implementation, administration, and support for the entire trading platform
Support for Windows, Reuters, Bloomberg, MS Office, Murex, Salamis, Ziris, Niku, bond pricing, SAP, and other applications
IAM and coordination of internal and external partners

Jan 2000 - Aug 2003

3 years 8 months

Munich, Germany

IT Security Consultant & Project Manager

GE Frankona Re

Responsible for distributed infrastructure in Europe (70+ servers, 2000 users)
IT security officer for Europe
Compliance with Six Sigma processes
Security Awareness Education
Problem manager for the IT outsourcing project "Helpdesk ERC India"
Management of the disaster recovery center in Ireland (BCM, $3M budget per year)

Skills

Cybersecurity
Isms
Nist
Bsi It Baseline Protection
Section 8a Bsi Act
Iso/iec 2700x
Ai/ml Iso/iec 42001
Cis
Gdpr
Grc
Application Risk Assessments
Bcm Iso 22301
Tisax ® Vda/isa 5/6
Devsecops-sdlc
Nis2
Dora
Diga
Bfarm
Itsm
Itil
It Pm
Support For Section 8a Audit
Security Awareness
Penetration Testing
Vulnerability Management
Threat Analysis
Security Objectives
Security Measures
Security Policies
Security Concepts
Security Standards & Guidelines
Isms Iso 27001 Lead Implementer
Senior Application Management (Itsm, Itil)
Business Continuity
Disaster Recovery
It Operations
It Security
Auditing
It Project Management
Team Lead - Change Management
Team Lead - Service Delivery Management
Team Lead - Application Management
Agile Methods (Scrum)
Secure Cloud Infrastructure (Sdlc - Shift-left, Secdev Policy & Secdev Guidelines)
Azure
Ms365
Cloud Tooling
Sast
Dast
Iast
Iac
Owasp
Mitre
Cert
Secure Coding
Configuration Management
Release Management
Quality Management