Volker Jung
Interim CISO (Germany, Austria, US, APAC), Auditor
Experience
May 2023 - Oct 2024
1 year 6 months Ravensburg, Germany
Interim CISO (Germany, Austria, US, APAC), Auditor
Vetter Pharma-Fertigung GmbH & Co. KG
- Planned and initiated BIA/BCM assessment – to identify risk mitigation measures and process optimization, and provide risk transparency to the general management
- KRITIS/NIS-2 status evaluation and implementation of KRITIS/NIS2 Requirements
- Creation of comprehensive general digital roadmap and ISO 27001 / NIS-2 / KRITIS roadmap
- Enhance crisis management process and documentation.
- Integrate information security clauses into customer and supplier contracts to ensure compliance with internal and regulatory requirements.
- Ensured organizational readiness for audits by the Landesbehörde für Aufsicht (LBA) and supported audit processes.
- Improvement of asset management processes and classification of sensitive data to strengthen overall security.
- Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
- Compliance check against EU CER requirements & reporting
- Creation of Management status and risk reports for management, ensuring transparent communication of risks and security posture.
- Managed registration with the German Federal Office for Information Security (BSI) and provided ongoing status updates.
- Risk assessment of supply chain, enhanced evaluation and reporting processes.
- Improved IT/OT network segmentation to enhance security and reduce potential risks.
- Strengthened the organization’s cyber resilience by proactive measures and enhanced security frameworks and KPI reporting.
- Onboarding SIEM/SOC/EDR to improve cybersecurity monitoring and response.
- Plan and conduct awareness trainings (employees, administrator and management).
- Enhanced incident reporting processes to ensure timely and accurate reporting of cybersecurity events.
- Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
- ISMS Scoping and implementation of ISO 27001:2022 requirements as part of the Information Security Management System (ISMS).
- Interim InfoSec team lead
- Introducing Information Security to global KAM and Sales organization
- Improvement of admission and access management including privileged access
- Conducting of internal audits in collaboration with internal audit department
Mar 2023 - Present
2 years 5 months Munich, Germany
Interim CISO (Germany, South Africa, USA, UK), Auditor
METRONOMIA Clinical Research GmbH
- Preparation for ISO 27001:2013 certification audit
- Drafting ISO 27001 implementation roadmap
- ISMS Scoping and implementation of ISO 27001:2013 requirements
- Plan and conduct migration from ISO 27001:2013 to ISO 27001:2022
- Creation of comprehensive migration roadmap for ISO 27001:2022
- Improve and perform Risk assessments and reporting
- Improvement vulnerability scanning-, management & reporting
- ISMS documentation & management reporting
- Improvement of supply chain risk assessment and reporting
- Enhancement cyber resilience
- Improvement of admission and access management including privileged access.
- Improvement of Identity and access Management (IAM) process, monitoring and reporting.
- Enhance crisis management process and documentation.
- Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
- Enhance external vulnerability scanning and incident management and reporting process.
- Plan and conduct supplier risk assessment to ensure compliance with internal and regulatory requirements.
- Enhanced privileged access rights management and monitoring.
- Conduct internal audits to comply with ISO 27001 Annex A
- Management status and risk reporting
- Improvement of asset management processes and classification of sensitive data to strengthen overall security.
- Enhance information security strategy
- Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
- Defining and install CISO relevant Information Security KPI reporting
- Plan and conduct awareness trainings (for employees, administrator and management).
- Installed regular JF with Quality and IT lead.
- Setup regular JF with external DPO
- Prepare and conduct KRITIS / NIS-2 relevance for this enterprise.
Apr 2021 - Nov 2022
1 year 8 months Erlangen, Germany
Interim CISO (Germany, Hungary, Spain), Auditor, deputy DPO
Framatome GmbH
- Responsible for Information Security across the company and its subsidiaries in close cooperation with the global and regional CISOs.
- BIA/BCM assessment – risk mitigation measures, process optimization. improvement of the overall process.
- Development of awareness and phishing campaigns (Germany, Hungary, Spain).
- Drafting new security guidelines and processes for data carrier destruction.
- Information security reporting to the SMC and the Cybersecurity Steering Committee.
- Creation and or review of the ISMS interface documentation and all other relevant documents.
- Enhance crisis management process and documentation.
- Improvement of Identity and access Management (IAM) process.
- Creating the budget forecasts for the upcoming Information Security investments (technology/systems staffing, trainings, e.g).
- Setup regular JF with risk manager and IT lead.
- Improvement of asses classification and asset management.
- Drafting cyber resilience strategy and roadmap.
- Alignment with the global cyber security strategy.
- Improvement of risk management and reporting process.
- Setup of SIEM/SOC and incident reporting.
- Conducting supplier audits.
- Develop and release cyber resilience guidelines.
- Drafting of internal guidelines for handling VS-NfD information.
- Improvement of vulnerability scanning and penetration testing.
- Improvement of network segmentation IT/OT.
- Review and rework roles and responsibilities.
- Sketching an audit plan for service providers.
May 2020 - Jul 2020
3 months Munich, Germany
Consultant supply chain resilience strategy
Siemens AG
- Review CoT (Charter of Trust) CP documents regarding cyber security measures (customers and suppliers).
- Collaborate with legal department on new/updates Information Security clauses.
- Protection requirement analysis for contractual cyber security measures.
- Service provider audit (GDPR, processes, cyber security), risk assessment,
- Development of measures and contractual clauses to improve cyber security in the supply chain.
Feb 2019 - Apr 2020
1 year 3 months Munich, Germany
Deputy project manager and topic lead risk and efficiency assessment of the global certificate management infrastructure
Reinsurance (Munich Re)
- Risk and efficiency assessment of the global certificate management lifecycle infrastructure.
- Protection requirements analysis according to ISO 27001:2013, BSI
- Alignment with the ISMS requirements.
- Cybersecurity, redesign of the existing resilience measures of the global certificate management process.
- Design network segmentation for the new PKI.
- Processes, optimization, centralization, and standardization of the global certificate management processes. Sub-project manager.
- Training of the external service provider.
Languages
German
Native
English
Advanced
Certifications & licenses
CISM
ISACA
Similar Freelancers
Discover other experts with similar qualifications and experience