Volker J. - Interim CISO (Germany, Austria, US, APAC), Auditor

Go to Website

Gröbenzell, Germany

Experience

May 2023 - Oct 2024

1 year 6 months

Ravensburg, Germany

Interim CISO (Germany, Austria, US, APAC), Auditor

Vetter Pharma-Fertigung GmbH & Co. KG

Planned and initiated BIA/BCM assessment – to identify risk mitigation measures and process optimization, and provide risk transparency to the general management
KRITIS/NIS-2 status evaluation and implementation of KRITIS/NIS2 Requirements
Creation of comprehensive general digital roadmap and ISO 27001 / NIS-2 / KRITIS roadmap
Enhance crisis management process and documentation.
Integrate information security clauses into customer and supplier contracts to ensure compliance with internal and regulatory requirements.
Ensured organizational readiness for audits by the Landesbehörde für Aufsicht (LBA) and supported audit processes.
Improvement of asset management processes and classification of sensitive data to strengthen overall security.
Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
Compliance check against EU CER requirements & reporting
Creation of Management status and risk reports for management, ensuring transparent communication of risks and security posture.
Managed registration with the German Federal Office for Information Security (BSI) and provided ongoing status updates.
Risk assessment of supply chain, enhanced evaluation and reporting processes.
Improved IT/OT network segmentation to enhance security and reduce potential risks.
Strengthened the organization’s cyber resilience by proactive measures and enhanced security frameworks and KPI reporting.
Onboarding SIEM/SOC/EDR to improve cybersecurity monitoring and response.
Plan and conduct awareness trainings (employees, administrator and management).
Enhanced incident reporting processes to ensure timely and accurate reporting of cybersecurity events.
Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
ISMS Scoping and implementation of ISO 27001:2022 requirements as part of the Information Security Management System (ISMS).
Interim InfoSec team lead
Introducing Information Security to global KAM and Sales organization
Improvement of admission and access management including privileged access
Conducting of internal audits in collaboration with internal audit department

Mar 2023 - Present

2 years 10 months

Munich, Germany

Interim CISO (Germany, South Africa, USA, UK), Auditor

METRONOMIA Clinical Research GmbH

Preparation for ISO 27001:2013 certification audit
Drafting ISO 27001 implementation roadmap
ISMS Scoping and implementation of ISO 27001:2013 requirements
Plan and conduct migration from ISO 27001:2013 to ISO 27001:2022
Creation of comprehensive migration roadmap for ISO 27001:2022
Improve and perform Risk assessments and reporting
Improvement vulnerability scanning-, management & reporting
ISMS documentation & management reporting
Improvement of supply chain risk assessment and reporting
Enhancement cyber resilience
Improvement of admission and access management including privileged access.
Improvement of Identity and access Management (IAM) process, monitoring and reporting.
Enhance crisis management process and documentation.
Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
Enhance external vulnerability scanning and incident management and reporting process.
Plan and conduct supplier risk assessment to ensure compliance with internal and regulatory requirements.
Enhanced privileged access rights management and monitoring.
Conduct internal audits to comply with ISO 27001 Annex A
Management status and risk reporting
Improvement of asset management processes and classification of sensitive data to strengthen overall security.
Enhance information security strategy
Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
Defining and install CISO relevant Information Security KPI reporting
Plan and conduct awareness trainings (for employees, administrator and management).
Installed regular JF with Quality and IT lead.
Setup regular JF with external DPO
Prepare and conduct KRITIS / NIS-2 relevance for this enterprise.

Apr 2021 - Nov 2022

1 year 8 months

Erlangen, Germany

Interim CISO (Germany, Hungary, Spain), Auditor, deputy DPO

Framatome GmbH

Responsible for Information Security across the company and its subsidiaries in close cooperation with the global and regional CISOs.
BIA/BCM assessment – risk mitigation measures, process optimization. improvement of the overall process.
Development of awareness and phishing campaigns (Germany, Hungary, Spain).
Drafting new security guidelines and processes for data carrier destruction.
Information security reporting to the SMC and the Cybersecurity Steering Committee.
Creation and or review of the ISMS interface documentation and all other relevant documents.
Enhance crisis management process and documentation.
Improvement of Identity and access Management (IAM) process.
Creating the budget forecasts for the upcoming Information Security investments (technology/systems staffing, trainings, e.g).
Setup regular JF with risk manager and IT lead.
Improvement of asses classification and asset management.
Drafting cyber resilience strategy and roadmap.
Alignment with the global cyber security strategy.
Improvement of risk management and reporting process.
Setup of SIEM/SOC and incident reporting.
Conducting supplier audits.
Develop and release cyber resilience guidelines.
Drafting of internal guidelines for handling VS-NfD information.
Improvement of vulnerability scanning and penetration testing.
Improvement of network segmentation IT/OT.
Review and rework roles and responsibilities.
Sketching an audit plan for service providers.

May 2020 - Jul 2020

3 months

Munich, Germany

Consultant supply chain resilience strategy

Siemens AG

Review CoT (Charter of Trust) CP documents regarding cyber security measures (customers and suppliers).
Collaborate with legal department on new/updates Information Security clauses.
Protection requirement analysis for contractual cyber security measures.
Service provider audit (GDPR, processes, cyber security), risk assessment,
Development of measures and contractual clauses to improve cyber security in the supply chain.

Feb 2019 - Apr 2020

1 year 3 months

Munich, Germany

Deputy project manager and topic lead risk and efficiency assessment of the global certificate management infrastructure

Reinsurance (Munich Re)

Risk and efficiency assessment of the global certificate management lifecycle infrastructure.
Protection requirements analysis according to ISO 27001:2013, BSI
Alignment with the ISMS requirements.
Cybersecurity, redesign of the existing resilience measures of the global certificate management process.
Design network segmentation for the new PKI.
Processes, optimization, centralization, and standardization of the global certificate management processes. Sub-project manager.
Training of the external service provider.