Volker Jung
Interim CISO (Germany, Austria, US, APAC), Auditor
Experience
May 2023 - Oct 2024
1 year 6 months Ravensburg, Germany
Interim CISO (Germany, Austria, US, APAC), Auditor
Vetter Pharma-Fertigung GmbH & Co. KG
- Planned and initiated BIA/BCM assessment – to identify risk mitigation measures and process optimization, and provide risk transparency to the general management
- KRITIS/NIS-2 status evaluation and implementation of KRITIS/NIS2 Requirements
- Creation of comprehensive general digital roadmap and ISO 27001 / NIS-2 / KRITIS roadmap
- Enhance crisis management process and documentation
- Integrate information security clauses into customer and supplier contracts to ensure compliance with internal and regulatory requirements
- Ensured organizational readiness for audits by the Landesbehörde für Aufsicht (LBA) and supported audit processes
- Improvement of asset management processes and classification of sensitive data to strengthen overall security
- Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures
- Compliance check against EU CER requirements & reporting
- Creation of Management status and risk reports for management, ensuring transparent communication of risks and security posture
- Managed registration with the German Federal Office for Information Security (BSI) and provided ongoing status updates
- Risk assessment of supply chain, enhanced evaluation and reporting processes
- Improved IT/OT network segmentation to enhance security and reduce potential risks
- Strengthened the organization's cyber resilience by proactive measures and enhanced security frameworks and KPI reporting
- Onboarding SIEM/SOC/EDR to improve cybersecurity monitoring and response
- Plan and conduct awareness trainings (employees, administrator and management)
- Enhanced incident reporting processes to ensure timely and accurate reporting of cybersecurity events
- Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization
- ISMS Scoping and implementation of ISO 27001:2022 requirements as part of the Information Security Management System (ISMS)
- Interim InfoSec team lead
- Introducing Information Security to global KAM and Sales organization
- Improvement of admission and access management including privileged access
- Conducting of internal audits in collaboration with internal audit department
Mar 2023 - Present
2 years 2 months Munich, Germany
Interim CISO (Germany, South Africa, USA, UK), Auditor
METRONOMIA Clinical Research GmbH
- Preparation for ISO 27001:2013 certification audit
- Drafting ISO 27001 implementation roadmap
- ISMS Scoping and implementation of ISO 27001:2013 requirements
- Plan and conduct migration from ISO 27001:2013 to ISO 27001:2022
- Creation of comprehensive migration roadmap for ISO 27001:2022
- Improve and perform Risk assessments and reporting
- Improvement vulnerability scanning-, management & reporting
- ISMS documentation & management reporting
- Improvement of supply chain risk assessment and reporting
- Enhancement cyber resilience
- Improvement of admission and access management including privileged access
- Improvement of Identity and access Management (IAM) process, monitoring and reporting
- Enhance crisis management process and documentation
- Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures
- Enhance external vulnerability scanning and incident management and reporting process
- Plan and conduct supplier risk assessment to ensure compliance with internal and regulatory requirements
- Enhanced privileged access rights management and monitoring
- Conduct internal audits to comply with ISO 27001 Annex A
- Management status and risk reporting
- Improvement of asset management processes and classification of sensitive data to strengthen overall security
- Enhance information security strategy
- Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization
- Defining and install CISO relevant Information Security KPI reporting
- Plan and conduct awareness trainings (for employees, administrator and management)
- Installed regular JF with Quality and IT lead
- Setup regular JF with external DPO
- Prepare and conduct KRITIS / NIS-2 relevance for this enterprise
Apr 2021 - Nov 2022
1 year 8 months Erlangen, Germany
Interim CISO (Germany, Hungary, Spain), Auditor, Deputy DPO
Framatome GmbH
- Responsible for Information Security across the company and its subsidiaries in close cooperation with the global and regional CISOs
- BIA/BCM assessment – risk mitigation measures, process optimization improvement of the overall process
- Development of awareness and phishing campaigns (Germany, Hungary, Spain)
- Drafting new security guidelines and processes for data carrier destruction
- Information security reporting to the SMC and the Cybersecurity Steering Committee
- Creation and or review of the ISMS interface documentation and all other relevant documents
- Enhance crisis management process and documentation
- Improvement of Identity and access Management (IAM) process
- Creating the budget forecasts for the upcoming Information Security investments (technology/systems staffing, trainings, e.g)
- Setup regular JF with risk manager and IT lead
- Improvement of asses classification and asset management
- Drafting cyber resilience strategy and roadmap
- Alignment with the global cyber security strategy
- Improvement of risk management and reporting process
- Setup of SIEM/SOC and incident reporting
- Conducting supplier audits
- Develop and release cyber resilience guidelines
- Drafting of internal guidelines for handling VS-NfD information
- Improvement of vulnerability scanning and penetration testing
- Improvement of network segmentation IT/OT
- Review and rework roles and responsibilities
- Sketching an audit plan for service providers
May 2020 - Jul 2020
3 months Munich, Germany
Consultant Supply Chain Resilience Strategy
Siemens AG
- Review CoT (Charter of Trust) CP documents regarding cyber security measures (customers and suppliers)
- Collaborate with legal department on new/updates Information Security clauses
- Protection requirement analysis for contractual cyber security measures
- Service provider audit (GDPR, processes, cyber security), risk assessment
- Development of measures and contractual clauses to improve cyber security in the supply chain
Feb 2019 - Apr 2020
1 year 3 months Munich, Germany
Deputy Project Manager and Topic Lead Risk and Efficiency Assessment of the Global Certificate Management Infrastructure
Munich Re
- Risk and efficiency assessment of the global certificate management lifecycle infrastructure
- Protection requirements analysis according to ISO 27001:2013, BSI
- Alignment with the ISMS requirements
- Cybersecurity, redesign of the existing resilience measures of the global certificate management process
- Design network segmentation for the new PKI
- Processes, optimization, centralization, and standardization of the global certificate management processes. Sub-project manager
- Training of the external service provider
Summary
Interim CISO with extensive experience driving information security, compliance, and cyber resilience across global organizations in industries like pharma, clinical research, and energy. I specialize in ISO 27001 implementation, NIS-2/KRITIS compliance, and building robust ISMS frameworks tailored to organizational needs.
I excel in enhancing crisis management, improving IAM processes, and strengthening IT/OT network segmentation. My work includes creating actionable roadmaps, conducting risk assessments, and managing supplier audits to ensure end-to-end security and regulatory compliance. I’ve successfully onboarded SIEM/SOC/EDR solutions, improved vulnerability management, and developed AI governance policies in collaboration with legal teams.
With a proven track record of preparing organizations for audits, enhancing cyber resilience, and delivering transparent risk reporting to leadership, I bring a pragmatic, results-driven approach to securing critical assets and enabling business continuity.
Languages
German
Native
English
Advanced
Education
Lorem ipsum dolor sit amet
Power plant electrician
Certifications & licenses
CISM
Similar Freelancers
Discover other experts with similar qualifications and experience