Planned and initiated BIA/BCM assessment – to identify risk mitigation measures and process optimization, and provide risk transparency to the general management
KRITIS/NIS-2 status evaluation and implementation of KRITIS/NIS2 Requirements
Creation of comprehensive general digital roadmap and ISO 27001 / NIS-2 / KRITIS roadmap
Enhance crisis management process and documentation.
Integrate information security clauses into customer and supplier contracts to ensure compliance with internal and regulatory requirements.
Ensured organizational readiness for audits by the Landesbehörde für Aufsicht (LBA) and supported audit processes.
Improvement of asset management processes and classification of sensitive data to strengthen overall security.
Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
Compliance check against EU CER requirements & reporting
Creation of Management status and risk reports for management, ensuring transparent communication of risks and security posture.
Managed registration with the German Federal Office for Information Security (BSI) and provided ongoing status updates.
Risk assessment of supply chain, enhanced evaluation and reporting processes.
Improved IT/OT network segmentation to enhance security and reduce potential risks.
Strengthened the organization’s cyber resilience by proactive measures and enhanced security frameworks and KPI reporting.
Onboarding SIEM/SOC/EDR to improve cybersecurity monitoring and response.
Plan and conduct awareness trainings (employees, administrator and management).
Enhanced incident reporting processes to ensure timely and accurate reporting of cybersecurity events.
Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
ISMS Scoping and implementation of ISO 27001:2022 requirements as part of the Information Security Management System (ISMS).
Interim InfoSec team lead
Introducing Information Security to global KAM and Sales organization
Improvement of admission and access management including privileged access
Conducting of internal audits in collaboration with internal audit department
Mar 2023 - Present
2 years 5 months
Munich, Germany
Interim CISO (Germany, South Africa, USA, UK), Auditor
METRONOMIA Clinical Research GmbH
Preparation for ISO 27001:2013 certification audit
Drafting ISO 27001 implementation roadmap
ISMS Scoping and implementation of ISO 27001:2013 requirements
Plan and conduct migration from ISO 27001:2013 to ISO 27001:2022
Creation of comprehensive migration roadmap for ISO 27001:2022
Improve and perform Risk assessments and reporting
Improvement of supply chain risk assessment and reporting
Enhancement cyber resilience
Improvement of admission and access management including privileged access.
Improvement of Identity and access Management (IAM) process, monitoring and reporting.
Enhance crisis management process and documentation.
Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
Enhance external vulnerability scanning and incident management and reporting process.
Plan and conduct supplier risk assessment to ensure compliance with internal and regulatory requirements.
Enhanced privileged access rights management and monitoring.
Conduct internal audits to comply with ISO 27001 Annex A
Management status and risk reporting
Improvement of asset management processes and classification of sensitive data to strengthen overall security.
Enhance information security strategy
Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
Defining and install CISO relevant Information Security KPI reporting
Plan and conduct awareness trainings (for employees, administrator and management).
Installed regular JF with Quality and IT lead.
Setup regular JF with external DPO
Prepare and conduct KRITIS / NIS-2 relevance for this enterprise.