Projekt Management - Schwachstellen Management - Prozessberatung - Informationssicherheit - Business Analyse

10/2020 – 9/2021

▪ Enhancing manual and legacy processes. Driving processes to be automated and increasing effectiveness by
decreasing manual effort.
▪ Support building up new Vulnerability Management Group in I&O to work on vulnerabilities found by Security & Vulnerability Scan department.
▪ Support Teams to decrease found vulnerabilities by driving escalations and doing overarching coordination
work within i&o and security if needed.
▪ Consultancy of leadership with personal & vulnerability strategic decisions.
▪ Reporting of measurements and vulnerabilities

IT-Governance, IT Sicherheit (allg.), Prozess- / Workflow, Prozessberatung, Prozessmanagement

9/2020 – 1/2021

▪ Design and definition of new processes in context of the MS Exchange implementation such as request of
permissions for (shared) mailboxes and general mailboxes for users or distribution lists and further.
▪ Operationalizing of defined processes and implementation in ITSM environment
▪ Creation of RBAC concept and documentation
▪ Hands on doing in project (creation of rules within owa, etc)
▪ Coordination of tasks and decisions with the country subsidiaries.

Projektleitung / Teamleitung (IT), Projektmanagement (IT)

6/2020 – 8/2020

▪ Analysis of old processes in patch management topics and the target of patch management is to be applied
in the future.
▪ Design and definition of new processes to enhance patch management workflows. Enabling old processes
which are not in place and enhancement of those.
▪ Alignment of new processes with Global IT Security - Vulnerability Management Team to ensure
sustainability of the processes defined.

Prozessberatung, Prozessoptimierung

3/2020 – 10/2022

▪ Creation of a business case to illustrate the possible options in terms of implementation time and the
associated costs and risks.
▪ Realization of the business case with the goal to dismantle all Windows 2008 legacy systems to the expiry
date of the ESU licenses in 01/23.
▪ Coordination of inhouse operation staff and sourcing provider.

Projektleitung / Teamleitung (IT), Projektmanagement (IT)

1/2020 – 12/2021

▪ Developing and providing support all I&O departments on security breaches, vulnerability remediation,
security patch management and security compliance
▪ Define product vision by translating the technology and business strategy into a consistent set of product
objectives and targets with specific focus on security and risk reduction in order to protect I&O
infrastructure, products and ser-vices from internal/external cyber-at-tacks
▪ Manage the product evangelization, presales and post-sales, defining product direction based on the
changing security threat landscape /technology/ market adoption/evolution in collaboration with customers
and tech. leadership
▪ Own and participate in the creation of the technology vision for I&O from a Security PoV.
▪ Identify journeys’ / product key capabilities and features required to evolve towards the technology vision
and deliver expected strategy outcomes, facilitate Product Line teams.
▪ E2E ownership of the “Infrastructure Vulnerability Management” measures to be taken by I&O based on
Group IT Security vulnerability reports and findings (analyze findings, define and align measures with
operations line of business and Security
▪ C-level Consulting

IT-Governance, IT Sicherheit (allg.), Management (allg.)

8/2019 – 1/2020

Increase vulnerability scanning effectiveness by rolling out scan agents in the Windows and Linux server
infrastructure (~5,000 servers) across all zones and stages of the enterprise, while reducing network load and
usage of highly privileged users for the remote scanner infrastructure.
▪ Requirements engineering
▪ Coordination of the implementation (stagebased deployment / rollout) and the team
▪ Coordination of the VM procurement
▪ Development and implementation of necessary processes
Tools used, languages: MS Office, tenable Nessus Manager, Tenable

Projektleitung / Teamleitung (IT), Projektmanagement (IT)

7/2019 – 12/2019

▪ Determining solutions for processing and closing of audit findings
▪ Determining solutions for closing vulnerabilities (Findings vulnerabilities scanner)
▪ Establishment of sustainable processes
▪ Patch management/-optimization
Process tasks
▪ Requirements assessment of processes in the area of vulnerability and incident management
▪ Process design and redesign in the area of vulnerability and incident management
▪ Introduction and establishment of more effective ways of working in different groups
e.g. transparency about and reduction of work-in-progress for IT operations
Coordinative tasks
▪ Mediation between IT security and IT operations
▪ Review of vulnerability reports
▪ Identification of asset managers
▪ Assignment of the vulnerabilities to the identified asset managers
▪ Tracking of the timely processing of vulnerabilities
▪ Coordination of mitigation rollouts / configuration adjustments
▪ Creation of status reports
▪ Incident & Problem Management
▪ Planning of workshops & moderation
▪ Evaluation of a vulnerability management solution
Operational and technical tasks (in cooperation with other external service providers)
▪ Examination and evaluation of vulnerabilities for false positives
▪ Examination of the applicability of recommended remedial actions
▪ If necessary, consideration of alternative remedial measures
▪ Test/documentation of the respective remedial measures
▪ Implementation of remedial measures or application for risk acceptance

IT-Governance, IT Sicherheit (allg.)

2/2019 – 6/2019

▪ Evaluation of a suitable visualization framework (RStudio)
▪ Definition & coordination of key figures with the ISO organization
▪ Definition & coordination of threshold values and measures with the ISO organization
▪ Professional and technical conception on the basis of the requirements
▪ Topics for ComplianceGate: Vulnerabilities Scan, DLP, IAM, PAM, Asset Inventory, etc.
▪ Security concept incl. threat modelling
▪ Documentation/compilation of operating manual
▪ Implementation of data aggregations (Kibana)

IT Sicherheit (allg.)

9/2018 – 2/2019

▪ Development of a network infrastructure for the provision of services: Vulnerabilities Scan and penetration
testing to reduce network load and increase efficiency (coverage of previously known and tested network
segments increased by direct access to all VLANs)
▪ Process consulting and design
▪ Project and network documentation
▪ Documentation/ Preparation of operating and installation manual
▪ Security Concept incl. Threat Modelling

Business Analyse, IT Sicherheit (allg.)

2/2018 – 10/2018

▪ Definition & coordination of key figures with business unit and business owner (VulScan, DLP, IAM, PAM,..)
▪ Definition & coordination of measured values for the presentation of compliance (VulScan, DLP, IAM, PAM,..)
▪ requirements analysis
▪ Professional and technical conception on the basis of the requirements (VulScan, DLP, IAM, PAM,..)
▪ Technical implementation
▪ Formulation of Compliance & Security Use Cases (VulScan, DLP, IAM, PAM,.. )
▪ Implementation of data aggregations with ElasticSearch
▪ Visualization of data aggregations with Kibana
▪ Evaluation & connection of data suppliers to the log platform
▪ Enhancement of Python Scripts
▪ Development of Bash / Shell scripts
▪ Log data analysis
▪ Development of threshold logics and evaluations using Elastic Watcher & Painless Script

DIN ISO/IEC 27001

11/2017 – 6/2019

▪ Maintenance, operation and further development of the vulnerability scanner
▪ Vulnerability management
▪ Vulnerability scans
▪ Vulnerability analysis
▪ Security Incident Management
▪ Reporting
▪ Documentation (creation/maintenance of the installation and operating manual)
▪ Process consulting and optimization
▪ Connection to central log management

Informationssicherheit, IT-Governance, IT Sicherheit (allg.)

12/2016 – 11/2017

▪ Requirements analysis
▪ Creation of technical and functional concepts
▪ Test management
▪ Test analysis & conception
▪ Mobile testing (iOS)
▪ Document testing
▪ End2End testing
▪ Reporting test state
▪ Test process improvement
▪ Consulting in agile work according to SCRUM

Business Analyse, Testdesign (IT)

7/2015 – 11/2016

▪ Requirements analysis
▪ Preparation of technical / solution concepts for requirements
▪ Creation of Release Notes and User Manuals
▪ Test case identification and test specification/design according to ISQTB
▪ Determination of regression tests
▪ Execution, documentation and analysis of the software tests
▪ Bug tracking
▪ Test Status Reporting
▪ Acceptance test support
▪ Consulting test approach, test procedure, test process (improvement)

Business Analyse, Testdesign (IT)

4/2015 – 12/2017

▪ Test case identification and test specification/design according to ISQTB
▪ Test documentation
▪ Execution and analysis of the software tests
▪ Bug tracking
▪ Mobile testing (iOS)
▪ Test status reporting

Testdesign (IT), Testing (IT)

4/2015 – 7/2015

▪ Test management / test coordination
▪ Control of nearshore test teams (Romania)
▪ Control test team & test orders
▪ Creation of documentation and user manuals
▪ Bug tracking
▪ Test status reporting
▪ Acceptance test support
▪ Test environment coordination

Testmanagement / Testkoordination (IT)

12/2014 – 3/2015

▪ Release Test Management
▪ Test Status Reporting
▪ Control Test Manager & Offshore Test Team
▪ Control (offshore) Test projects (India)
▪ Test environment management / coordination / planning
▪ Bug tracking
▪ QS/test planning
▪ Load test coordination

Testmanagement / Testkoordination (IT)