Projects

Interim Information Security Officer and Impeliction Manager for TISAX at an automotive supplier

04/2024 – now      

  • Internal Audit
  • GAP Analysis
  • Implementation Roadmap for TISAX Certification
  • Implementation of information security management system according to ISO 27001 and BSI Grundschutz
  • Certification audit preparation and support

Interim CISO and Information Security Manager at a chemical trading company

04/2024 – 05/2025

  • Internal Audit
  • GAP Analysis
  • Implementation roadmap for TISAX and ISO27001 certification
  • Creation of NIS 2 readiness
  • Implementation of a comprehensive risk management system for information security
  • Implementation of information security
    • SOC/SIEM/XDR/CERT…
  • Privacy Support
  • O365 Tentant Schutz
  • Supporting the transformation of IT towards cloud use

IT coordination and TISAX Level 3 prototype protection introduction at an automotive supplier

01/2023 – 12/2023

  • Interim IT Koordination
  • Implementation of TISAX Level 3 prototype protection
  • Certification maturity achieved, audit on the customer side led and passed
  • Risk management
  • Information
  • Privacy
  • Prototype Protection, OT Security
  • SAP S/4HANA Public Cloud Administration und SAP Security-Consulting
  • SAP ERP, DM, BTP, SAP For Me
  • Industry 4.0 Security Upgrade
  • O365 Maintenance and Security Implementation

 

Manager 08/2022 – 12/2022     

  • Risk management
  • Restructuring of the company
  • Businessplan 2023
  • Training
  • Creation of an ISMS according to ISO 27001

 

 

 

Information Security Manager of a bank in Munich

05/2022 – 7/2022

  • Updating of the specifications based on common standards (ISO27001, MaRisk, BAIT, etc.)
  • Conducting internal audits in accordance with ISO27001, SWIFT, etc.
  • Evaluation of the SIEM
  • Supplier management from the point of view of information security
  • Assistance with bank audits
  • Management of risk management in the field of information security
  • Preparation of reporting to the Bank's Management Board
  • Independent coordination with the "first line of defense"
  • Company language: English

 

ISMS Consultant for an International FinTech Credit Card Company

01/2022 – 4/2022

  • Assistance with an audit
  • Revision of the ISMS according to ISO 27001
  • Implementation of processes and SOP
  • Company language English, registered office of the contact person in the Netherlands

 

INFORMATION SECURITY MANAGER (Automotive, KRITIS)/ DATENSCHUTZ CONSULTANT (Telecommunications COMPANY)

08/2021 – 10/2021

  • Lead Project Manager
  • Implementation Manager for an information security management system according to ISO27001 and TISAX
  • Preparation of the certification process of the business unit in the scope of the ISMS according to ISO27001 and TISAX
  • Implementation of KRITIS requirements
  • TK Data Protection Security

 

INFORMATION SECURITY Management System MANAGER at a fiber optic and data center provider of KRITIS is relevant.

08/2020 – 06/2021

  • Implementation Manager for an information security management system according to ISO27001
  • Preparation of the certification process of the business unit in the scope of the ISMS according to ISO27001
  • Enterprise Architecture, Development Planning
  • Coordination of security projects
  • KRITIS, Telekommunikationsgesetz
  • Telecommunications Security
  • OT Security
  • Development of a risk management system, SIEM SPLUNK, SOC, CSIRT
  • Supplier management

 

INFORMATION SECURITY Management System MANAGER at a FINTECH company

04/2019 – 06/2020

  • Implementation Manager for an information security management system according to ISO27001
  • Management of the certification process of the business unit in the scope of the ISMS according to ISO27001
  • Enterprise Architecture, Zoning, Security Architecture
  • Internal Audit der Legal Entity in Dubai
  • Coordination of security projects
  • Evaluation of SIEM results
  • Audit des Management Systems
  • OT Security
  • KRITIS Certification Support
  • Documentation and business language: English

 

Data Protection Officer and Manager at a medical device company

09/2018 – 04/2019

  • Implementation of the General Data Protection Regulation (GDPR)
  • Implementation of information security
  • Carrying out a risk and protection needs analysis
  • Employee training

 

INFORMATION SECURITY AND DATA PROTECTION CONSULTANT at a German private television station

03/2018 – 09/2018

  • Technical assessment of the IT infrastructure, identification of IT risks with the business manager
  • Structured and systematic improvement of information security
  • Planning and coordination of the implementation of prevention and improvement proposals, including internal training measures
  • Integration of information security into business processes
  • Measurement and analysis of KPI/ISMS processes
  • Implementation of the General Data Protection Regulation (GDPR)

 

INFORMATION SECURITY CONSULTANT at a bank in Frankfurt

01/2017 – 12/2017

  • Technical Project Manager
  • IT Security Lieferanten-Management
  • Creation of a tool for the risk-based creation of a contract annex for IT security minimum requirements
  • Revision and creation of IT security minimum standards
  • Implementation of the requirements of MaRisk, KWG, GwG and other directives
  • Extension of IT security requirements to include GDPR/EU-GDPR
  • Stakeholder Management

 

ISMS CONSULTANT at an energy supplier relevant to KRITIS in Düsseldorf

08/2016 – 12/2016

  • Creation of processes according to the ISO 27000 series
  • Creation of specifications and guidelines
  • Stakeholder Management
  • Implementation of documents
  • Supplier management
  • Risk analyses, considerations and mitigation
  • Creation of concepts, e.g. virus protection concept

 

ISMS IMPLEMENTATION MANAGER at an SAP system house in Munich

05/2016 – 07/2016

  • Creation of an information security management system in accordance with
  • ISO 27001:2013
  • Control of the creation of documents
  • Creation of processes, specifications and guidelines
  • Awareness measures in the company for the ISMS
  • Implementation of documents
  • Start of PDCA measures
  • Stakeholder Management
  • Initiation of certification

 

INFORMATION SECURITY CONSULTANT at a MobilePayment provider of a bank

10/2015 – 02/2016

  • Preparation of information security guidelines;
  • Introduction of a risk analysis,
  • Introduction of a protection needs analysis,
  • Training of employees in German and English
  • Preparation of the emergency management plan

 

Information Security Manager at an automotive manufacturer in Munich                    

04/2015 – 11/2015

  • Writing security concepts in English.
  • Clarification of the measures taken and the resulting risks.
  • co-governing risk,
  • Assessment of the risks of the international locations
  • DWH implementation from Japan to Germany
  • Stakeholder Management

Hier finden Sie uns

Für Fragen oder Terminvereinbarungen erreichen Sie uns unter der folgenden Telefonnummer:

 

+49 173 1970559+49 173 1970559

 

Nutzen Sie auch gerne direkt unser Kontaktformular.

Druckversion | Sitemap
© Michael Schrod
Login

WebansichtMobile-Ansicht

Logout | Seite bearbeiten