TISAX / ISO 27000 ISMS Consultant

9/2022 – 9/2023

• Managing the internal ISO 27001/TISAX certification program
• Supporting the IT department with the infrastructural design of the company
• Supervising, directing, and planning the activities related to information security.
• Implement Role Based Access Management frameworks and user data anonymization solutions.
• Conducting the yearly awareness training session
• Managing the tasks and activities aimed at achieving information security.
• Developing and implementing information security policies, objectives, and strategies.
• Ensuring the availability of necessary resources for information security management.
• Monitoring and reviewing the performance of the security process.
• Making decisions regarding improvements to the security process.
• Assessing and managing risks associated with information security.
• Reviewing and optimizing security safeguards for their efficiency.
• Enhancing the practical feasibility of technical safeguards and organizational procedures.
• Ensuring compliance with information security standards and regulations.
• Maintaining and improving the level of security in the long run.
• Documenting and reporting on the design and operation of the ISMS.

Certified Information Systems Security Professional (CISSP)

3/2022 – 9/2023

Responsibilities:

● Clarify priorities to develop an ISMS
● Assess and analyze the organization's existing information security policies, procedures, and controls.
● Conduct the risk management process to identify potential vulnerabilities and threats to the organization's information assets, while creating the internal methodology and reports.
● Develop and implement an ISMS framework based on industry standards such as ISO 27001, TISAX, ISO 27017, TPISR, and BSI-Grundschutz
● Advise and assist in the development of information security policies, procedures, and guidelines.
● Conduct gap analysis to identify areas where the organization's current practices deviate from the desired security standards.
● Collaborate with stakeholders to establish information security objectives and develop a roadmap for achieving them.
● Perform regular audits and assessments to evaluate the effectiveness of the ISMS implementation and identify areas for improvement.
● Provide guidance and support to IT and security teams in implementing security controls, best practices and technical documentation.
● Offer training and awareness programs to educate employees on information security risks and their responsibilities, as well as designing the cybersecurity awareness program.
● Stay updated with emerging security threats and trends to ensure the ISMS remains relevant and effective.
● Create supplier relationships policies and conduct vendor assessments to evaluate the security posture of third-party providers and assess potential risks to the organization, creating also the remediation plans.
● Assist in incident response and management, including investigating security incidents and recommending corrective actions.
● Prepare reports and presentations for management, highlighting the status of the ISMS implementation, identified risks, and proposed solutions.
● Liaise with external auditors and regulatory bodies to ensure compliance with relevant information security standards and regulations.
● Provide ongoing support and guidance to maintain the ISMS and address any security-related concerns or incidents.
● Operate the declared security controls and manage the control measurement procedure.

ITIL, Projektleitung / Teamleitung (IT), Projektmanagement (IT), DIN ISO/IEC 27002, Risikomanagement, Risikoanalyse, DIN EN ISO 27001