Thoralf (S.) T.

Consultant Digital Operational Resilience Act (DORA)

Avatar placeholder
Bad Vilbel, Germany

Experience

Apr 2023 - Jun 2023
3 months

Consultant Digital Operational Resilience Act (DORA)

Swisslife Deutschland GmbH

  • Auditing CIS evidence of the SOC providers T-Systems Austria and Cancom GmbH
  • Mapping of VAIT, ISO:IEC 27002 and CIS 7.0 requirements for IT realignment strategy of the German subsidiaries in threat intelligence and zero trust
  • Review of SIEM evidence, reporting, incident management and security breaches
  • Review of the IT asset management regarding ITSCM and BCM processes
  • Employee sensitization and compliance training focused on CEO fraud
  • Consulting the Chief Information Security Officer
Oct 2022 - Apr 2023
7 months

Interim Information Security Officer (ISO)

BRUSS Sealing Systems GmbH

  • Definition of the ISMS scope for the corporate group and international rollout
  • Creation of the IT security concept with policies, process descriptions and technical security baselines
  • Extension of risk management according to ISO:IEC 27005
  • Location-specific statements of applicability according to VDA ISA 5.1
  • Implementation of the Sophos XDR platform for global network monitoring
  • Specifications for document control and network documentation (Docusnap)
  • Employee sensitization measures including training kit and phishing tests
  • Definition of the incident reporting matrix and process flow for security incidents
  • Review and update of cyber insurance policy obligations
  • Execution of penetration tests with Nessus and PingCastle and development of management reports
  • Preparation and execution of certification audits (group assessment)
  • Training of the internal ISO and establishment of an ISMS coordinator structure
Mar 2022 - Sep 2022
7 months

Business Continuity Manager

Landesbank Baden-Württemberg

  • Revision and improvement of BCM statement of fitness objectives
  • Streamlining of process clusters to increase BIA efficiency
  • Support for expanding BCM reporting in foreign branches
  • Continuous monitoring of ICT risk sources to establish protection and prevention measures and detect anomalies promptly
  • Introduction of comprehensive business continuity policies and emergency and recovery plans with annual testing
  • Enhancement of DORA knowledge for project team, risk managers and outsourcing officers
  • Risk-based exercise and test plan within a multi-year cycle
Jun 2021 - Dec 2021
7 months

KRITIS Auditor BSIG §8a

ADAC Versicherungen AG

  • GAP analysis of KRITIS documentation according to ISO:IEC 27001 for the October 2021 audit
  • Fulfillment of document requirements for the VAIT review in February 2022
  • Development of an information security and business continuity management system including policies, documentation and emergency concepts
  • Support for the CISO and development of a target cybersecurity strategy
  • Development of a crisis communication plan for ICT-related incidents with an incident reporting matrix
  • Interface to IT teams and IDS provider Trend Micro (TippingPoint)
  • Addition of risk assessments for ICT service providers
  • Review of DMS IT contract management with fido
  • Examination of compliance processes according to IDW PS 980 ff.
  • Documentation of VAIT and DORA requirements in IRIS
  • Phishing training campaigns
Mar 2021 - Apr 2021
2 months

KRITIS Auditor BSIG §8a

Finanz Informatik GmbH & Co. KG

  • Review of security concepts, structural analyses and process descriptions according to an internal checklist in a team of seven auditors
  • Examination of product documentation for availability, authenticity, integrity and confidentiality requirements of systems and premises and interfaces or dependencies to third parties (SLA)
Feb 2020 - Feb 2021
1 year 1 month

Interim Information Security Officer (ISO)

Bertelsmann AFS

  • Support for the legal officer and compliance team in BAIT and VAIT customer audits
  • GAP analysis of Bertelsmann IT security policies and introduction of Experian policies
  • ISO 27001 re-certification of Informa HIS GmbH
  • Alignment of ISMS with BAIT and VAIT customer requirements using CMDB and SIEM
  • Support for the Experian post-acquisition security audit (PASA)
  • Remediation of PASA findings across six AFS entities
  • Audit of risk impact analysis across six AFS entities
Jan 2020 - Mar 2020
3 months

IT Security Manager / Lead Auditor ISO:IEC 27001

Berliner Luft Technik GmbH

  • Inventory of IT security measures
  • Immediate actions based on risk assessment following the BSI all-hazards approach
  • Review of asset inventories and protection needs
  • Network analysis and vulnerability report using Nessus
  • Creation of IT security guidelines and procedures covering network security, patch management, incident management, home office, MDM and emergency planning
  • Review of HISCOX cyber insurance policy and emergency service provider HiSolution GmbH
  • GDPR short audit of technical and organizational measures (TOM)
Dec 2019 - Dec 2021
2 years 1 month

External Data Protection Officer

Gateway Real Estate AG

  • GAP analyses of existing GDPR implementation
  • Creation of data protection documentation according to company size and legal form
  • Data protection training for employees and handling of data subject requests
  • Step-by-step implementation of relevant processes such as DPAs, ROPAs and data deletion concepts
Aug 2019 - Dec 2019
5 months

Interim Information Security Officer (ISO)

Design in Form GmbH

  • Practical implementation of ISMS TISAX certification with information level "very high"
  • GAP analysis of existing ISMS and GDPR measures
  • Network analysis with Nessus and reporting of critical findings
  • Creation of ISMS documentation and establishment of security zones
  • Introduction of asset management, risk management and a catalog of measures
  • Implementation of IT controls from the VDA catalog to achieve the required maturity level
  • Training of the internal ISO and conducting a pre-audit
  • Assumption of external data protection officer responsibilities
Feb 2019 - Jun 2019
5 months

IT Security Manager / BAIT

Sparkasse Leipzig, S-Beteiligungsgesellschaft mbH

  • Adaptation of the information security concept "Secure IT Operation, Financial Informatik variant" and alignment of BAIT requirements with internal IT security policies
  • Documentation for risk management and BCM requirements including physical concepts, location and building factors
  • Development of business continuity emergency plans and operational procedures
  • Documentation for change and release management
  • Documentation for secure administration, system and network management
Jan 2019 - Apr 2019
4 months

Critical Infrastructure Auditor under §8a BSIG

Flughafen München GmbH

  • Review and improvement of ISMS documentation according to BSI Standard 100-4
  • Control of ITIL and BSI standard implementation for BCM and change management
  • Review of BCM and change management documentation and system manuals for Linux, Windows, Mac OS and CCTV environments
  • Verification of emergency scenarios and emergency management according to BSI Standard 100-4 and BS 25999
Jul 2018 - Jan 2019
7 months

IT Security Manager

DomConsult Immobilien GmbH

  • Implementation of ISMS measures according to ISO:IEC 27001
  • Development of IT guidelines, policies, work instructions and procedures
  • Implementation of ISO control requirements
  • Creation of business continuity standards including business impact analysis (BIA)
  • Risk impact analysis and risk treatment planning
  • Consulting and implementation of Symantec Endpoint Protection
Apr 2018 - Jun 2018
3 months

IT Security Consultant

init AG

  • Conducting structure and protection needs analyses
  • Determination of protection requirements for database applications
  • Definition of protection categories per database based on availability analysis
  • Formulation of risk management conclusions
  • Securing systems through network segmentation and dataKana
Apr 2018 - May 2018
2 months

Data Protection Consultant

Charité Berlin

  • Audit of data processing agreements (AV)
  • Evaluation of GDPR documentation standards of service providers
  • Assessment of GDPR implementation using a checklist
  • Review of internal data flow policies for intranet and USB devices
  • Short interviews with management and employees
  • Creation of a list of deficiencies and audit report
Mar 2017 - May 2018
1 year 3 months

ISMS and Data Protection Officer

Cyber Akademie Berlin

  • Presentation of ISMS processes and comparison of ISMS tools
  • Identification of risk areas and implementation priorities for the EU GDPR
  • Execution of live phishing campaigns for employee sensitization
Dec 2015 - Aug 2017
1 year 9 months

Perimeter Architect

NDA

  • Planning of a passive ground detection system using HF detection cable
  • Development of an outer perimeter protection concept
  • Threat and vulnerability analysis in hilly outdoor areas
  • Site and terrain planning including fiber optic mats
  • Deployment of an 800 m detection line with 30 alarm zones using leakage coax cable technology
  • Prototype testing and trial run of the detection system
  • Creation of security guidelines for integration with corporate IT
  • Development of an operations manual and employee training

Languages

German
Advanced
English
Advanced

Education

Oct 1994 - Jun 2000

ETH Zürich

Architecture · Zürich, Switzerland

Oct 1994 - Jun 2000

TU Berlin

Architecture · Berlin, Germany

Certifications & licenses

Certified Information Security Manager (CISM)

Certified Network Security Specialist (CNSS)

TISAX Information Security Officer (ISO)

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Markus M.
Markus M.

Project Manager / Senior Consultant (multiple projects)

View Profile
Günther E.
Günther E.

Senior Consultant

View Profile
Alagi M.
Alagi M.

Senior Project Manager S4HANA in the energy sector

View Profile
Björn B.
Björn B.

Project Manager NIS-2

View Profile
Christian D.
Christian D.

Managing Director and Senior Consultant

View Profile
Pierre G.
Pierre G.

Ansible Automation, Windows Third Level Support

View Profile
Oliver F.
Oliver F.

Senior IT Enterprise Security Architect | Project Bank Migration

View Profile
Robert V.
Robert V.

Freelance Consultant Information Security and Business Continuity

View Profile
Stephan H.
Stephan H.

Consultant

View Profile
Nikolaus B.
Nikolaus B.

ICT Risk Management and Information Security

View Profile
Dmitrii S.
Dmitrii S.

Operational Risk Management IT, Vice President

View Profile
Stephan S.
Stephan S.

IT-Security Manager

View Profile
Patrick G.
Patrick G.

Information Security Manager

View Profile
Harald K.
Harald K.

Lecturer

View Profile
Christian G.
Christian G.

Deputy Chief Information Security Officer

View Profile
Thomas U.
Thomas U.

Senior Consultant / PM Infrastructure Services & Workplace Migration

View Profile
Thomas K.
Thomas K.

Consultant/Coach ISO/SAE 21434 / UNECE R-155

View Profile
Daniel J.
Daniel J.

Information Security Consultant

View Profile
Stefan L.
Stefan L.

Freelance Lecturer

View Profile
Tobias G.
Tobias G.

Head of IT D-A-CH (CIO)

View Profile
David B.
David B.

Acting Partner

View Profile
Khallad S.
Khallad S.

Managing Director and Co-Founder

View Profile
Christian H.
Christian H.

Lead Auditor

View Profile
Phil E.
Phil E.

Principal Cybersecurity Consultant

View Profile
Dirk B.
Dirk B.

Senior Consultant Database Administration and SQL

View Profile
Valeri M.
Valeri M.

Associate Partner - Information Security Consulting

View Profile
Sandra K.
Sandra K.

Webinar Leader - Blackout Prevention and Preparation

View Profile
Andreas K.
Andreas K.

Head of Information Management

View Profile
Michael W.
Michael W.

Business Analyst, Product Owner, Deputy Chairman of the Advisory Board

View Profile
Friederike B.
Friederike B.

Information Security Manager

View Profile