Freelancer profile translated to English.

Description

As a computer scientist with over 25 years of expertise in information security, data protection, and emergency management, I have successfully operated in key roles such as Data Protection Officer and Chief Information Security Officer in industries such as banking, insurance, automotive, and energy generation. With comprehensive knowledge in ISO/IEC 27001, TISAX, PCI-DSS, GDPR, PRINCE2, and BSI IT-Grundschutz, as well as the application of tools such as Confluence, MS Office, Jira, and SharePoint, I have developed effective security concepts.

As a lecturer at TÜV for ISO/IEC 27001, I pass on my expertise and have gained international experience in projects. My successful collaboration with boards and management reflects my understanding of company-wide needs. I focus on a holistic approach from conception to implementation and always strive to strengthen the digital resilience of organizations. My experience and passion for information security make me a valuable partner for optimizing your security landscape.

Industry field of expertise

Languages

German
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Munich (up to 50km), Nürnberg (up to 50km), Frankfurt am Main (up to 50km), Traunstein (up to 50km), Ravensburg (up to 50km)

dataport
Auditor BSI IT Baseline Protection
DIGITAL AND IT
January 2024 - Today (2 years and 5 months)
Hamburg, Germany
Dataport is an IT service provider for predominantly public clients with several locations, mainly in the northern part of Germany.
The project aims to provide a public client with a cloud workplace including the functions: file storage, email, office applications, and video conferencing. In this setup, it is particularly important that the IT processes and the applications themselves comply with the requirements of BSI IT Baseline Protection.
The overarching goal was therefore to achieve Baseline Protection conformity for the solution, and the following tasks were part of the project:
• Coordination with the manufacturers of the solution modules regarding the information they need to provide for the Baseline Protection requirements.
• Modeling the requirements from BSI IT Baseline Protection for the individual modules.
• Documentation of requirements and evidence in HiScout
• Review of the manufacturers' responses for the respective requirements
• Verification of the evidence to determine if it is sufficient for meeting the requirements.
• Conducting workshops with the operations teams to support the design of processes related to BSI IT Baseline Protection
• Design of interfaces between manufacturers and operations teams concerning cross-functional processes.
• Support in documenting guidelines for describing the implementation of requirements.
• Conducting BSI IT Baseline Protection checks to verify implementation
Debeka
Project Manager Regulatory Consulting
BANKING AND INSURANCE
August 2021 - December 2023 (2 years and 5 months)
Koblenz, Germany
Debeka is an insurance group from Germany with several locations in Germany. The centrally managed project was part of a program for the complete redesign of the health insurance division. Insurance data, especially health data, enjoys special protection under GDPR. The project was responsible for the complete implementation of all regulatory requirements from the areas of GDPR, VAIT, BaFin, and critical infrastructure. The task consisted of management and planning tasks in the aforementioned areas, and the following tasks were part of the project:
• Conducting threshold analyses
• Creation of data protection impact assessments
• Conducting small audits to provide evidence for regulatory requirements
• Coordination of the acceptance of documentation describing measures
• Clarification of requirements in specific data protection issues
• Regular reporting to the board
• Adaptation of data protection notices
• Follow-up on legal clarification of specific data protection issues
• Project management for the creation of the authorization structure for the new health insurance solution
• Coordination of external audits by third parties
• Contact for data protection supervisory authorities
• Planning and follow-up of the implementation of security measures to comply with regulatory requirements
dormakaba Group
Information Security Officer
MECHANICAL ENGINEERING
May 2019 - August 2020 (1 year and 4 months)
Rümlang, Switzerland
The dormakaba Group is an international group based in Switzerland, with many subsidiaries worldwide. The client operates as a producer of cloud solutions and wanted to establish an ISMS according to ISO/IEC 27001, taking into account the European General Data Protection Regulation. The requirements from the group-wide guidelines need to be adapted into work instructions for the operations teams. Specific recommendations for action need to be defined in the IT areas. Some IT services need to be improved to meet the new information security requirements.
The task consisted mainly of management tasks. In several meetings with the responsible parties from the business units, the new requirements were clarified and translated into concrete implementation projects. The following tasks were part of the project:
• Training on the content of the individual measures with the team leaders
• Integration of security requirements into existing ITIL processes
• Management of tasks within time and budget
• Coordination of responsibilities in the area of measures with other group units
• Regular reporting to management
• Coordination of information security risks with the CISO
• Support of the Data Protection Officer in implementing data subject rights under GDPR
• Development of KPIs for individual security measures to measure the degree and quality of implementation.