Volker Jung

Interim CISO (Germany, Austria, US, APAC), Auditor

Gröbenzell, Germany

Experience

May 2023 - Oct 2024
1 year 6 months
Ravensburg, Germany

Interim CISO (Germany, Austria, US, APAC), Auditor

Vetter Pharma-Fertigung GmbH & Co. KG

  • Planned and initiated BIA/BCM assessment – to identify risk mitigation measures and process optimization, and provide risk transparency to the general management
  • KRITIS/NIS-2 status evaluation and implementation of KRITIS/NIS2 Requirements
  • Creation of comprehensive general digital roadmap and ISO 27001 / NIS-2 / KRITIS roadmap
  • Enhance crisis management process and documentation.
  • Integrate information security clauses into customer and supplier contracts to ensure compliance with internal and regulatory requirements.
  • Ensured organizational readiness for audits by the Landesbehörde für Aufsicht (LBA) and supported audit processes.
  • Improvement of asset management processes and classification of sensitive data to strengthen overall security.
  • Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
  • Compliance check against EU CER requirements & reporting
  • Creation of Management status and risk reports for management, ensuring transparent communication of risks and security posture.
  • Managed registration with the German Federal Office for Information Security (BSI) and provided ongoing status updates.
  • Risk assessment of supply chain, enhanced evaluation and reporting processes.
  • Improved IT/OT network segmentation to enhance security and reduce potential risks.
  • Strengthened the organization’s cyber resilience by proactive measures and enhanced security frameworks and KPI reporting.
  • Onboarding SIEM/SOC/EDR to improve cybersecurity monitoring and response.
  • Plan and conduct awareness trainings (employees, administrator and management).
  • Enhanced incident reporting processes to ensure timely and accurate reporting of cybersecurity events.
  • Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
  • ISMS Scoping and implementation of ISO 27001:2022 requirements as part of the Information Security Management System (ISMS).
  • Interim InfoSec team lead
  • Introducing Information Security to global KAM and Sales organization
  • Improvement of admission and access management including privileged access
  • Conducting of internal audits in collaboration with internal audit department
Mar 2023 - Present
2 years 5 months
Munich, Germany

Interim CISO (Germany, South Africa, USA, UK), Auditor

METRONOMIA Clinical Research GmbH

  • Preparation for ISO 27001:2013 certification audit
  • Drafting ISO 27001 implementation roadmap
  • ISMS Scoping and implementation of ISO 27001:2013 requirements
  • Plan and conduct migration from ISO 27001:2013 to ISO 27001:2022
  • Creation of comprehensive migration roadmap for ISO 27001:2022
  • Improve and perform Risk assessments and reporting
  • Improvement vulnerability scanning-, management & reporting
  • ISMS documentation & management reporting
  • Improvement of supply chain risk assessment and reporting
  • Enhancement cyber resilience
  • Improvement of admission and access management including privileged access.
  • Improvement of Identity and access Management (IAM) process, monitoring and reporting.
  • Enhance crisis management process and documentation.
  • Plan & order regular penetration tests (internal, external) to identify vulnerabilities and improve security measures.
  • Enhance external vulnerability scanning and incident management and reporting process.
  • Plan and conduct supplier risk assessment to ensure compliance with internal and regulatory requirements.
  • Enhanced privileged access rights management and monitoring.
  • Conduct internal audits to comply with ISO 27001 Annex A
  • Management status and risk reporting
  • Improvement of asset management processes and classification of sensitive data to strengthen overall security.
  • Enhance information security strategy
  • Creation of AI policy in cooperation with the Legal department to the secure use and governance of Artificial Intelligence (AI) within the organization.
  • Defining and install CISO relevant Information Security KPI reporting
  • Plan and conduct awareness trainings (for employees, administrator and management).
  • Installed regular JF with Quality and IT lead.
  • Setup regular JF with external DPO
  • Prepare and conduct KRITIS / NIS-2 relevance for this enterprise.
Apr 2021 - Nov 2022
1 year 8 months
Erlangen, Germany

Interim CISO (Germany, Hungary, Spain), Auditor, deputy DPO

Framatome GmbH

  • Responsible for Information Security across the company and its subsidiaries in close cooperation with the global and regional CISOs.
  • BIA/BCM assessment – risk mitigation measures, process optimization. improvement of the overall process.
  • Development of awareness and phishing campaigns (Germany, Hungary, Spain).
  • Drafting new security guidelines and processes for data carrier destruction.
  • Information security reporting to the SMC and the Cybersecurity Steering Committee.
  • Creation and or review of the ISMS interface documentation and all other relevant documents.
  • Enhance crisis management process and documentation.
  • Improvement of Identity and access Management (IAM) process.
  • Creating the budget forecasts for the upcoming Information Security investments (technology/systems staffing, trainings, e.g).
  • Setup regular JF with risk manager and IT lead.
  • Improvement of asses classification and asset management.
  • Drafting cyber resilience strategy and roadmap.
  • Alignment with the global cyber security strategy.
  • Improvement of risk management and reporting process.
  • Setup of SIEM/SOC and incident reporting.
  • Conducting supplier audits.
  • Develop and release cyber resilience guidelines.
  • Drafting of internal guidelines for handling VS-NfD information.
  • Improvement of vulnerability scanning and penetration testing.
  • Improvement of network segmentation IT/OT.
  • Review and rework roles and responsibilities.
  • Sketching an audit plan for service providers.
May 2020 - Jul 2020
3 months
Munich, Germany

Consultant supply chain resilience strategy

Siemens AG

  • Review CoT (Charter of Trust) CP documents regarding cyber security measures (customers and suppliers).
  • Collaborate with legal department on new/updates Information Security clauses.
  • Protection requirement analysis for contractual cyber security measures.
  • Service provider audit (GDPR, processes, cyber security), risk assessment,
  • Development of measures and contractual clauses to improve cyber security in the supply chain.
Feb 2019 - Apr 2020
1 year 3 months
Munich, Germany

Deputy project manager and topic lead risk and efficiency assessment of the global certificate management infrastructure

Reinsurance (Munich Re)

  • Risk and efficiency assessment of the global certificate management lifecycle infrastructure.
  • Protection requirements analysis according to ISO 27001:2013, BSI
  • Alignment with the ISMS requirements.
  • Cybersecurity, redesign of the existing resilience measures of the global certificate management process.
  • Design network segmentation for the new PKI.
  • Processes, optimization, centralization, and standardization of the global certificate management processes. Sub-project manager.
  • Training of the external service provider.

Languages

German
Native
English
Advanced

Certifications & licenses

CISM

ISACA