Profilbild von Tibor Strajh Senior Consultant - Information Security & Risk Management aus Basel

Tibor Strajh

verfügbar

Letztes Update: 06.09.2022

Senior Consultant - Information Security & Risk Management

Firma: Enfina Security s.r.o.
Abschluss: Eidgenössisch Diplomierter Wirtschaftsinformatiker
Stunden-/Tagessatz: anzeigen
Sprachkenntnisse: deutsch (Muttersprache) | englisch (verhandlungssicher) | französisch (gut) | serbisch (Muttersprache)

Skills

ZERTIFIZIERUNGEN
  • GS Zertifizierter ISO 27001 Lead Auditor
  • SGS Zertifizierter ISO 22301 Implementer
  • ITIL v2/v3 Spezialist/Grundlagen
  • Eurocloud Europe – Star Audit Professional
TOOLS & PROGRAMME
  • Office Tools
  • Sharepoint
  • MS Project
  • VISIO
  • vsRisk
  • RM Studio
METHODISCHE KOMPETENZEN:
  • Projekt Management (PMP)
  • Geschäftsprozess - Analyse und Modellierung
  • Risikoanalyse
  • Präsentation, Moderation; Zeit- und Aufgabenmanagement

Projekthistorie

01/2020 - bis jetzt
Senior Consultant, Information Security Officer - Deutsche Bank
Deutsche Bank (>10.000 Mitarbeiter)
Banken und Finanzdienstleistungen
Implementation of information security audits in the outsourcing of Deutsche Bank and in particular the legal outsourcing of the bank in the 1st LoD
  • Tracking of the findings and the plausibility check of the risk treatment in the 1st LoD in coordination with the bank's legal team Revision of the Key Operating Directive (KOD) for the outsourcing requirements for information security in the bank
  • coordination with the stakeholders of the crypto team from the 2nd LoD
  • Regulatory requirements for outsourcing, stakeholder management, risk management.

05/2019 - 09/2019
Project Leader / Information Security Officer (Outsourced function)
ZEPTER International
Preparation of ISO 27001 recertification for Zepter International internal  IT
  • BIA-Business Impact Assessment, Risk Assessment, review and improvement of  ISO 27001 Documentation, preparation for ISO standard recertification by «SGS».
  • Review of Business Continuity Plans as well as testing of several BC scenarios.
  • Workshops and pieces of training in Information Security for Zepter International internal IT staff.
  • Outsourced internal Revision and function of  Information Security Officer during the project period.  


01/2018 - 09/2019
Project Leader / Consultant, Information Security Officer, Business Continuity Manager
Orion Telekom
Improvement of Integrated Management System (IMS) with four implemented ISO Standards
  • Review and inspection of implemented IMS. Improvement and integration of all customers Telco Services like Unified Communication (VoIP, Mobility, BYOD, SMS, PBX and UCaaS) by creating adequate security concepts for their services using ISO 27001 and ISO 20000/ITIL.
  • Integrating these concepts in existing IMS documentation and improving service quality as well as security for offered services.
  • BIA-Business Impact Assessment, Risk Assessment, improvement and adoption of  ISO 27001 documentation due to corporate system changes.
  • Testing and refinement of Business Continuity Plans.
  • Implementing downtime calculations based on performed BIA and RA as input for Top Management for further strategical decisions.  Preparation of ISO standards certification performed by «SGS».


01/2017 - 12/2018
Consultant (Eurocloud Europe Star Audit Professional – Eurocloud Standard)
NALED National Alliance for Local Economic Development
Implementation of e-Gov-project in Serbia  
  • Co-Project Leader of a workgroup (chosen representatives of several industries and business sectors).
  • Preparation and planning of regular workshops.
  • Gradual drafting and creation of legal act (based on Eurocloud Standard) presented by NALED representatives to the Serbian Government. They served as an initial template for the implementation of e-Government.


03/2018 - 08/2018
Project Leader / Information Security Officer (Outsourced function)
ZEPTER International
Implementation of ISO 27001 for Zepter International internal  IT
  • «Green Field» ISO 27001 Implementation, BIA-Business Impact Assessment, Risk Assessment, Development and creation of ISO 27001 Documentation, preparation for ISO standard certification by «SGS».
  • Development and design of Business Continuity Plan as well as regular testing of several scenarios.
  • Outsourced internal Revision and function of  Information Security Officer during the project period.


04/2017 - 11/2017
Co-Project Lead and Consultant
Donau Insurance
Maturity level assessment based on ITIL v3, GAP-assessments based on ISO 27001 and regulatory requirements of National Bank of Serbia
  • Project planning in cooperation with KPMG (Central Project Lead).
  • Preparation of a comprehensive questionnaire to collect and determine the degree of maturity based on ITIL v3, GAP-assessment based on ISO 27001 requirements and National Bank of Serbia's regulatory requirements (including ISO 22301/DR requirements).
  • Conduct the assessment/survey through specific interviews with all relevant sector leaders.
  • Analysis of the assessment/survey and preparation of a very comprehensive report for the management.
  • Preparation of a 13-point plan with concrete proposals for implementation and improvement of assessed problems and problem areas.
  • Presentation of the 13-point plan to the Top Management of Donau Insurance.


01/2016 - 12/2016
Project Lead and Consultant
M&I Systems
Implementation of Integrated Management-System of two ISO Standards (ISO 27001 and ISO 9001)
  • Conducting an assessment and analysis of existing implemented ISO standards and existing ISO documentation by third party company.
  • Development of a project plan for improvement and integration of the two implemented standards and the existing documentation.
  • Adaption of Business Processes (IT to Business), performing BIA-Business Impact Assessment, Risk Assessment, improvement of current ISO 27001/ISO 9001 documentation, creation of Business Continuity Plans.
  • Preparation for ISO standard certification by  «SGS».


03/2015 - 11/2015
Consultant
Opportunity Bank
Development and implementation of internal IT Audits based on COBIT 5
  • Development of the framework and necessary documentation for an IT audit according to COBIT 5 principles for internal bank IT. The focus was on training internal IT staff and preparing the internal IT auditor for their upcoming tasks.


01/2011 - 12/2013
Project Leader / Consultant, outsourced Information Security Officer and Business Continuity Manager
Orion Telekom
Implementation of Integrated Management-System of four ISO Standards (ISO 27001, ISO 22301, ISO 20000, ISO 9001)
  • Improving and further development of implemented IMS of 4 ISO standards.
  • Awareness-raising and training of Orion Telekom staff.
  • Drawing up specific action plans to integrate the retail and sales sector with the IMS  (connecting IMS and business).
  • Regular execution of BIA-Business Impact Assessment, Risk Assessment, further improvement of  ISO documentation, preparation of ISO standards recertification performed by «SGS».
  • Improvement and testing of Business Continuity Plans.


05/2013 - 11/2013
Projektleiter / Consultant
VIP Mobile - Telekom Austria Group
Implementation of ISO 22301 (Business Continuity Management)
  • Performing BIA-Business Impact Assessment and Risk Assessment in all corporate sectors, development of all  ISO 22301 documentation, creation of Business Continuity Plans.
  • Creating mandatory ISO 22301 (policies, procedures, working instructions, plans etc.) ISO standard certification preparation which was carried out by «SGS».


06/2009 - 12/2010
Project Leader / Consultant
Orion Telekom
Implementation of Integrated Management-System of four ISO Standards (ISO 27001, ISO 22301, ISO 20000, ISO 9001)
  • «Green Field» ISO 27001, ISO 22301, ISO 20000, ISO 9001 implementation, Gap Assessment and assessment of business-critical and essential data for adequate implementation of ISO standards.
  • Business Process Modeling, BIA-Business Impact Assessment, Risk Assessment, development and creation of  ISO 27001 documentation, preparation of ISO standards certification performed by «SGS».
  • Design and testing of Business Continuity Plans


01/2005 - 05/2009
Project Leader / Consultant / After project closure – IT Director
Hypo Alpe Adria Bank
Development and Setup of  IT and Infrastructure Sector as well as the central Data Center of ZIS Serbia - HYPO Group subsidiary
  • Project lead development (setup and creation) of the internal IT and infrastructure department and the central transnational computer centre (Croatia, Serbia, Bosnia and Slovenia).
  • Implementation of HYPO Group-specific IT processes. Implementation of ISO 27001, ISO 20000 and Business Continuity processes, and Disaster Recovery processes for or the Group internal IT.
  • Performing BIA-Business Impact Assessments and Risk Assessments.
  • Creation of comprehensive Business Continuity and Disaster Recovery documentation.
  • Development and creation of mandatory ISO 27001 documentation (policies, procedures, plans, etc.) concerning HYPO group policies and adaptation to central bank requirements.
  • Preparation of ISO 27001 certification.

Zeitliche und räumliche Verfügbarkeit

bis zu 100% onsite - Deutschland, Österreich, Schweiz oder International

Kontaktformular

Kontaktinformationen

Profilbild von Tibor Strajh Senior Consultant - Information Security & Risk Management aus Basel Senior Consultant - Information Security & Risk Management
Registrieren