Go to Website
  • en
  • de

Thoralf (S.) T.

Consultant Digital Operational Resilience Act (DORA)

Bad Vilbel, Germany

Experience

Apr 2023 - Jun 2023
3 months
Berlin, Germany

Consultant Digital Operational Resilience Act (DORA)

Swisslife Deutschland GmbH

  • Project language English
  • DORA gap analysis / mapping to CIS Control V7.0
  • Auditing CIS evidence of the SOC providers T-Systems Austria / Cancom GmbH
  • Mapping VAIT / ISO/IEC 27002 / CIS 7.0 requirements for IT realignment
  • Strategy for the German subsidiaries in threat intelligence and zero trust
  • Assessment of the IT network architecture
  • Review of SIEM evidence / reporting / incident management / security breaches
  • Review of IT asset management regarding ITSCM / BCM processes
  • Employee awareness measures / compliance training (focus on CEO fraud)
  • Consulting for the Chief Information Security Officer (CISO)
Oct 2022 - Apr 2023
7 months
Hoisdorf, Germany

Interims Information Security Officer (ISO)

BRUSS Sealing Systems GmbH

  • Support for the BRUSS group, TISAX re-certification
  • Defining the ISMS scope for the corporate group and international rollout
  • Creating an IT security concept with policies, process descriptions and technical security baselines (admin work instructions)
  • Expanding risk management according to ISO/IEC 27005
  • Location-based statements of applicability (SoA) per VDA ISA 5.1
  • Implementing the Sophos XDR platform for global network monitoring
  • Guidelines for document control and network documentation (Docusnap)
  • Employee awareness measures (training kit, phishing tests)
  • Reporting matrix / process flow for handling security incidents
  • Reviewing the cyber insurance policy, updating obligations
  • Conducting pen-tests with Nessus and PingCastle and building management reports
  • Preparing and running certification audits (group assessment)
  • Training internal ISO and building an ISMS coordinator structure
Mar 2022 - Sep 2022
7 months
Stuttgart, Germany

Business Continuity Manager

Landesbank Baden-Württemberg

  • DORA requirements for the BCM structure according to BSI Standard 200-4
  • Supporting the BCM project team in operationalizing resilient ICT systems and tools within the BCM target picture
  • Revising and improving BCM objectives and relevant documents (RL document review)
  • Streamlining PLK process clusters to increase BIA efficiency
  • Supporting the expansion of BCM reporting for foreign branches
  • Continuous monitoring of all ICT risk sources to set up safeguards and prevention measures and detect anomalies immediately
  • Introducing comprehensive business continuity policies and emergency recovery plans, including annual tests
  • Raising DORA know-how among project team, risk managers and outsourcing officers
  • Risk-based exercise and test plan over a multi-year cycle
Jun 2021 - Dec 2021
7 months
Munich, Germany

KRITIS Auditor BSIG §8a

ADAC Versicherungen AG

  • Supporting the CISO with audit preparation for DORA / IT Security Act KRITIS
  • Gap analysis of KRITIS documentation per ISO/IEC 27001 for the October 2021 audit
  • Fulfilling document requirements for the VAIT review in February 2022
  • Developing information security and BCM – creating policies, documentation and emergency concepts
  • Assisting the CISO / creating a target picture for the cyber security strategy
  • Drafting a crisis communication plan for ICT incidents with a reporting matrix
  • Liaising with IT teams and IDS provider Trend Micro (TippingPoint)
  • Adding risk assessments for ICT service providers
  • Reviewing the DMS IT contract management with fido
  • Reviewing compliance processes per IDW PS 980 ff.
  • Documenting VAIT / DORA requirements in IRIS
  • Running phishing training campaigns
Mar 2021 - Apr 2021
2 months
Hanover, Germany

KRITIS Auditor BSIG §8a

Finanz Informatik GmbH & Co. KG

  • Preparing for the BaFin assessment – document review
  • Reviewing security concepts, structure analyses and procedure descriptions using an internal checklist with a team of six auditors
  • Checking product docs for availability, authenticity, integrity and confidentiality of systems/rooms and third-party interfaces/dependencies (SLA)
Feb 2020 - Feb 2021
1 year 1 month
Wiesbaden, Germany

Interim Information Security Officer (ISO)

Bertelsmann AFS

  • Arvato Financial Solutions (RM AFS Bertelsmann/Experian)
  • Third-party audits BAIT/VAIT
  • Supporting the legal officer and compliance in BAIT / VAIT client audits
  • Gap analysis of Bertelsmann IT security policies and implementing Experian policies
  • ISO 27001 re-certification of Informa HIS GmbH
  • ISMS alignment of BAIT/VAIT client requirements with CMDB / SIEM
  • Assisting the Experian post-acquisition security audit (PASA)
  • Handling PASA findings across all six AFS companies
  • Auditing risk impact analyses in all six AFS companies
Jan 2020 - Mar 2020
3 months
Berlin, Germany

IT Security Manager / Lead Auditor ISO/IEC 27001

Berliner Luft Technik GmbH

  • Gap analysis and PDCA cycle of the ISMS
  • IT security inventory
  • Immediate measures after risk assessment using the BSI all-hazards approach (200-3)
  • Checking asset inventories and protection requirements
  • Network analysis and vulnerability report with NESSUS
  • Creating IT security policies and procedures (network security, patch, incident management, home office, MDM, emergency plan)
  • Reviewing the HISCOX cyber insurance and the emergency service provider HiSolution GmbH
  • Short GDPR audit: reviewing technical and organizational measures (TOM)
Dec 2019 - Dec 2021
2 years 1 month
Frankfurt am Main, Germany

External Data Protection Officer, Real Estate Management

Gateway Real Estate AG

  • Advising two public companies and one GmbH within a holding
  • GAP analyses of existing GDPR implementation
  • Creating data protection documentation by company size/legal form
  • Data protection training for staff and handling data subject requests
  • Phased rollout of key processes: AVV, VV, deletion concept
Aug 2019 - Dec 2019
5 months
Heilbad Heiligenstadt, Germany

Interim Information Security Officer (ISO)

Design in Form GmbH

  • Hands-on ISMS implementation for TISAX certification “Information Very High”
  • Gap analysis of existing ISMS and GDPR measures – network analysis with Nessus and report on critical findings
  • Creating the ISMS documentation and defining security zones
  • Introducing asset management, risk management and a measures catalog
  • Implementing IT controls from the VDA catalog to achieve maturity goals
  • Training internal ISO and running a pre-audit ISMS
  • Taking over external data protection officer tasks
Feb 2019 - Jun 2019
5 months
Leipzig, Germany

IT Security Manager / BAIT

Sparkasse Leipzig, S-Beteiligungsgesellschaft mbH

  • Adapting Sparkasse Leipzig’s information security concepts to meet MaRisk and BAIT
  • Aligning with the “Secure IT Operating Model, Financial Informatik variant” and matching BAIT requirements to internal IT security policies
  • Creating documents for risk management and BCM requirements: physical concepts, location, room factors, building
  • Business continuity emergency plans and operational concepts
  • Documents for change and release management; secure administration, system and network management
Jan 2019 - Apr 2019
4 months
Munich, Germany

KRITIS Auditor per § 8a BSIG

Flughafen München GmbH (MUC)

  • Reviewing and improving ISMS documents per BSI Standard 100-4
  • Checking ITIL / BSI Standard implementation of BCM and change management
  • Reviewing BCM and CM documentation and system manuals for Linux, Windows, macOS environments and CCTV
  • Verifying emergency scenarios and management per BSI Standard 100-4 and BS 25999 (aviation)
Jul 2018 - Jan 2019
7 months
Berlin, Germany

IT Security Manager

DomConsult Immobilien GmbH

  • Implementing ISMS measures per ISO/IEC 27001
  • Creating IT guidelines, policies and procedures
  • Meeting ISO control requirements
  • Developing business continuity standards (Business Impact Analysis)
  • Conducting Risk Impact Analysis and risk treatment plans
  • Advising on and deploying Symantec Endpoint Protection
Apr 2018 - Jun 2018
3 months
Berlin, Germany

IT Security Consultant

init AG

  • Conducting structure and protection needs analyses
  • Determining protection needs for database applications
  • Assigning protection needs categories per database based on availability analysis
  • Drawing conclusions for risk management
  • Securing networks through segmentation and data channels
Apr 2018 - May 2018
2 months
Berlin, Germany

Data Protection Advisor

Charité Berlin

  • Auditing data processing contracts (AV)
  • Assessing GDPR documentation standards of Charité Berlin’s service providers
  • Reviewing GDPR implementation using a checklist
  • Checking internal data flow policies (intranet, USB sticks)
  • Conducting short interviews with management and staff
  • Producing a list of deficiencies and an audit report
Mar 2017 - May 2018
1 year 3 months
Berlin, Germany

ISMS and Data Protection Trainer

Cyber Akademie Berlin

  • “ISMS Processes and ISMS Tools Compared”
  • “Risk Areas and Implementation Priorities of the EU GDPR”
  • “Live Phishing Campaigns for Employee Awareness”
Dec 2015 - Aug 2017
1 year 9 months
Hamburg, Germany

Perimeter Architect

NDA

  • Designing a passive ground detection system using HF detection cable
  • Creating a perimeter protection concept and deploying a detection system for complex outdoor sites
  • Developing an “Outer Perimeter” protection plan
  • Threat and vulnerability analysis in hilly outdoor areas
  • Civil and site planning for fiber optic mats
  • Installing 800 m detection line with 30 alarm zones (leakage coax cable tech)
  • Testing and trial run of the detection system
  • Writing security guidelines for IT integration
  • Creating an operations manual and training staff
Jan 2002 - Dec 2013
12 years

Managing Partner

Solutus Concept GmbH

Jan 2001 - Dec 2004
4 years

Freelance Architect

  • Perimeter protection and security construction

Languages

German
Native
English
Advanced

Education

Oct 1994 - Jun 2000

Technische Universität Berlin

Architecture · Berlin, Germany

Oct 1994 - Jun 2000

ETH Zürich

Architecture · Zürich, Switzerland

Certifications & licenses

Certified Information Security Manager (CISM)

Certified Network Security Specialist (CNSS)

Configuration Management Database Fundamentals (CMDB)

Service Now Training

KRITIS Auditor BSIG §8a

Business Continuity Manager ISO/IEC 22301

Information Security Officer (ISO) per VDA-ISA

IT Security Auditor ISO/IEC 27001

Data Protection Officer (DSB)

Information Security Officer (ISB)

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Björn B.

Auditor

View Profile
Henryk O.

Security Consultant

View Profile
Christian G.

DORA Implementation Project

View Profile
Nikolaus B.

ICT Risk Management and Information Security

View Profile
Christian H.

Lead Auditor

View Profile
Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Dirk M.

Project Lead

View Profile
Fabian F.

OT Security Champion Europe

View Profile
Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Volker J.

Interim CISO (Germany, Austria, US, APAC), Auditor

View Profile
Lucas L.

Consultant in Information Security, Data Protection and Business Continuity Management

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Maxim R.

Information Security Officer

View Profile
Jörg I.

external information security officer

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.