Nikolaus Betzler

ICT Risk Management and Information Security

Langenfeld, Germany

Experience

Oct 2024 - Present
10 months

ICT Risk Management and Information Security

B. Metzler seel. Sohn & Co. AG

  • Independently developing policies, specifications, and concepts for ICT risk management and information security
  • Advising business units on ICT risk management and information security issues
  • Advancing the ICT risk management framework governing identification, assessment, and control of ICT risks
  • Evaluating and adapting the information security management system (ISMS) to new challenges
  • Conducting risk analyses to identify and assess potential ICT risks and information security risks for the Metzler Group
  • Advising on the definition and implementation of measures to minimize risks and improve ICT systems resilience
  • Ensuring compliance with relevant internal and external regulatory requirements (e.g., MaRisk, DORA, BAIT, BSI IT-Grundschutz, ISMS, ISO 27001, ISO 42001, ISO 27005, BCM ISO 22301)
  • Consulting on internal and cross-departmental projects, including SAP DORA compliance and Target2 as well as §8a BSI Act
Apr 2024 - Sep 2024
6 months
Berlin, Germany

Subproject Manager Information Security (Freelancer)

Die Autobahn GmbH des Bundes

  • Aligning ISMS processes with the contractor (ISO 27001 & BSI IT-Grundschutz)
  • Verification and collaboration in creating the “Network Management Platform” security concept
  • Advisory and point of contact for motorway security-related topics
  • Reporting to executive and program management
  • Technical support for audit processes in the information/IT security and data protection departments
  • Aligning processes for information/IT security and data protection
  • Supporting the integration of SIEM systems between client and contractor
  • Designing and establishing the integration of emergency management systems
  • Advising and collaborating on implementing information, IT security, and data protection requirements
  • Participating in audits and reviews based on BSI IT-Grundschutz
  • Advising on the advancement of KRITIS measures
  • Preparing and supporting the §8a audit
Oct 2023 - Mar 2024
6 months
Neuss, Germany

Cybersecurity Consultant (Freelancer)

Bürgschaftsbank NRW GmbH

  • Supporting the migration from HiScout to ForumSuite (e.g., IS risk management tool)
  • ISMS, risk management, business continuity management, emergency management
  • Revising and improving the ISMS and BCM and ensuring audit-proof adjustments
  • Defining and implementing measures to remediate deficiencies and emergency plans
  • Advising on audit preparation
  • Reporting to department heads and executive management
  • Advising on DORA RTS/IST/guidelines, gap analysis
  • Advising on BSI IT-Grundschutz requirements and KRITIS audit (§8a BSI Act)
  • Advising on ISO/IEC 27001/27002 and ISO/IEC 22301
  • Creating a bank-specific target action catalog (BASI) and other guides (e.g., compliance, IT regulatory foundations)
  • Advising on BAIT, KAIT, VAIT, ISO 9001, and industry-specific security standards (B3S)
Oct 2022 - Sep 2023
1 year
Düsseldorf, Germany

Cloud Security Consultant (Freelancer)

Uniper

  • Identifying and documenting gaps in the existing secure software development lifecycle
  • Defining a governance framework for a modern secure software development lifecycle based on DevSecOps principles and identified gaps
  • Analyzing and documenting gaps in centralized tooling for DevSecOps activities
  • Defining and documenting selection criteria for tools to close identified gaps based on industry-wide security standards
  • Creating a company-wide policy for the secure development lifecycle based on ISO 27001/ISO 27002 and NIST
  • Enhancing Azure cloud infrastructure and tooling (SAST, DAST, IAST, IaC, OWASP, MITRE, CERT, CSA)
  • Advising on the advancement of KRITIS measures
  • Acting as a liaison for auditors
Jan 2021 - Sep 2022
9 months
Heidelberg, Germany

IT Security Consulting & Project Lead (Freelancer)

Becton Dickinson

  • Developing and implementing a certifiable information security strategy according to ISO 27001
  • Preparing presentations and business cases as decision-making basis
  • Establishing a certifiable ISMS according to ISO 27001 (BSI IT-Grundschutz/§8a BSI Act)
  • Managing consulting firms (PwC, DIOX, BDX, TGS, CBRE)
  • Managing information security incidents with reporting to executive management
  • Communicating and coordinating with internal cross-functional teams
  • Developing and refining security concepts and policies
  • Maintaining external communication with stakeholders and authorities
  • Implementing, maintaining, and enhancing the enterprise-wide risk management system
  • Considering and assessing relevant legal and regulatory requirements
  • Managing information security audits
  • Raising awareness for information security requirements through training programs
  • Advising on information protection and IT security requirements
  • Continuously improving and monitoring the ISMS system

Summary

  • Development and implementation of information security strategies and concepts
  • Advisory services in cybersecurity and IT security requirements
  • Audit and compliance management according to ISO 27001/IEC standards
  • Conceptualization and management of ISMS and BCM in critical infrastructures
  • Risk analyses and action planning for information security
  • Management of security incidents and reporting to executive management
  • Creation of guidelines, policies, and procedural instructions
  • Training and awareness for IT security requirements

Languages

German
Native
English
Advanced
Portuguese
Intermediate

Education

Lorem ipsum dolor sit amet

Electrotechnical Training

Certifications & licenses

Certified Chief Information Security Officer Professional

Certified Cyber Security Practitioner

Certified IT Project Management

Certified Lead Auditor ISO 27001

Certified Lead Implementer ISO 27001

Certified Microsoft Systems Engineer

CISO.Prof – Certified Chief Information Security Officer Professional

CSP – Certified Cyber Security Practitioner

MCP

MCP

Microsoft Certified Systems Engineer (MCSE)

TISAX VDA ISA

TISAX VDA ISA Lead Auditor ISO 27001

TISAX VDA ISA Lead Implementer