Schlagworte
Oracle
JIRA
Meldewesen
Qualitätsmanager
Testmanager
Testplanung
Abnahmetests
Beratung
CRM
Softwaretester
IT Governance
IT Security
ISMS
IT Security Management Systems (ISMS)
IT Security Sicherheitskonzept
IT Security Consulting
IT Security Audit
IT Security ISMS
IT Security Architekt
VAIT
DSGVO
EU-DSGVO
Datensicherheit
Schwachstellenanalyse
Vulnerability
Nessus
Tenable
security controls
CIS
Security Center
schwachstellenscan
Schwachstellenmanagement
Compliance
IT Compliance
Aufbau Compliance Management System
Kibana
Prozessberatung
IT-Prozessmanagement
IT-Prozessmodellierung
Anforderungsmanagement
Business Analyse
Informationssicherheit
ISO 2700x-Familie
ISO27001
ISO 27001/27002
ISMS Spezialist ISO 27001
ISO 27001 Zertifizierung
Docker Swarm
Docker
Scrum + DevOps: Docker
DEV OPS
aws
Amazon AWS
Amazon S3
Amazon Web Services (AWS)
Ansible
Bash
Bash-Programmierung
Bash Scripting
Bash Shell
Google Cloud Services
Openshift
RedHat OpenShift Cloud
Kubernetes
Kubernetes-Clustern
Scrum Master
scrum product owner
Certified Scrum Master
Certified Scrum Product Owner
scrum coaching
cloud architekt
Cloud Architektur
AWS Cloud Expert
AWS Cloud Architektur
kms
Azure
Microsoft Azure
Logstash
CICD
jenkins
Github
MavenJenkins
Jenkins Service Orientierte Architekturen (SOA)
Jenkins (CI)
CI CD
Kafka
Apache Kafka Streams
Kafka Streams
ElasticSearch
Elastic Log Management
Elastic Stack
ELK-Stack
ELK
Phyton
BSI Gundschutz
BSI
BSI Grundschutz 100-4
Datenschutz und Datensicherheit (BSI Grundschutz)
BSI Grundschutz
bsi grundschutz auditor
Sichere Rechenzentren nach BSI Grundschutz
ISO27001 nach IT-Grundschutz
IT-Grundschutz
ISO 2700x-Familie BSI IT-Grundschutz
ISO27001 BSI IT-Grundschutz
BSI 200-2
Testing
Agile testing
SW Testing
tosca
Tosca Testsuite
Toscar suite
Skills
ISTQB Certified Testing, Testmanagement. TMAP Certified Testing HPQC, HP Quality Center ALM, Jira, Blackbox Test, Schnittstellentest, Testfallspezifikation, Testdokumentation, Bugtracking, Reporting, Testausführung, Testkoordination, Testmanagement, Testkonzeption, Testplanung, QS Planung, IBM Rational QualityManager, IBM Clearquest, Remedy, Review, Test Beratung, Kommunikation, Sepa, Wizard, Oracle Siebel CRM, ISO2700x, ISO27001, CSC CIS, Schwachstellen, VAIT; DSGVO, EU-DSGVO, Schwachstellenscan, Schwachstellenanalyse, Schwachstellenmanagement, IT Governance, IT Compliance, Kibana,Docker, Kubernetes,Microsoft Azure,Amazon Web Services, aws, Google Cloud Platform,Sequime (Cloud-Printing), XML, Ansible, bash, openshift, Linux, Scrum master, Scrum Product Owner, Sec ops, SECOPS, DEVOPS, dev ops, jenkins, git hub, maven, CI CD, continuous integration, continuous delivery, logstash, kafka, elastic search, phyton, BSI Grundschutz, Grundschutz BSI Grundschutz neu,tosca, tosca testsuite,test,testing,sw test,software testing
Projekthistorie
01/2021
-
bis jetzt
Project Manager
Centralization of decentral hosted fileservers in each of the regional companies used for providing user home
shares, collaboration data and application data within the stand-alone-companies to cloud based central service
in Microsoft environment. The new TOM for user home drive is OneDrive to which the personal data will be
migrated to, for the collaboration data the data will be migrated to SharePoint Online with a new Role Based Access Control Model based on the obtained data in cooperation with the (national) IT and HR departments. For the application
data the azure file server is planned to use in a lift and shift approach with probably post project transformations
▪ More than 70 locations in 8 countries with approx. 90 TB of Data
▪ Migration to MS OneDrive and SharePoint Online
▪ Gathering as is information from country- & subsidiaries and local responsibles
▪ Working on and creating organizational structures and orgcharts for new RBAC Implementation
▪ Tracking of the timely processing of the project
▪ Working on project tenders for contractors
▪ Evaluation of contractors based on tenders
▪ Status reporting and presentation
▪ Coordination of migration “rollouts”
▪ Coordination and Governance for external contractors
▪ Coordination of tasks and decisions with the country subsidiaries.
▪ Planning of workshops & moderation
▪ Documentation of as is situation and working out a migration path
shares, collaboration data and application data within the stand-alone-companies to cloud based central service
in Microsoft environment. The new TOM for user home drive is OneDrive to which the personal data will be
migrated to, for the collaboration data the data will be migrated to SharePoint Online with a new Role Based Access Control Model based on the obtained data in cooperation with the (national) IT and HR departments. For the application
data the azure file server is planned to use in a lift and shift approach with probably post project transformations
▪ More than 70 locations in 8 countries with approx. 90 TB of Data
▪ Migration to MS OneDrive and SharePoint Online
▪ Gathering as is information from country- & subsidiaries and local responsibles
▪ Working on and creating organizational structures and orgcharts for new RBAC Implementation
▪ Tracking of the timely processing of the project
▪ Working on project tenders for contractors
▪ Evaluation of contractors based on tenders
▪ Status reporting and presentation
▪ Coordination of migration “rollouts”
▪ Coordination and Governance for external contractors
▪ Coordination of tasks and decisions with the country subsidiaries.
▪ Planning of workshops & moderation
▪ Documentation of as is situation and working out a migration path
01/2022
-
10/2022
Project Manager
▪ Technical and procedural documentation of the changes and handover to operation
▪ Planning and evaluating of a suitable solution and implementation afterwards.
▪ Steering of and contact person for the external supplier in case of questions
▪ Planning of workshops & moderation
▪ Reporting to C-Level
▪ Planning and evaluating of a suitable solution and implementation afterwards.
▪ Steering of and contact person for the external supplier in case of questions
▪ Planning of workshops & moderation
▪ Reporting to C-Level
10/2021
-
10/2022
Project Manager
▪ Contact person for suppliers and specialist groups in case of questions
▪ Collaboration in the planning of milestones and timeframes for the implementation of lifecycle topics
▪ Supporting the creation of highlevel and implementation procedures
▪ Verification of requirements and assumptions on the part of Customer
▪ Support of the pilot & tests for the implementation of the HW BLC replacement
▪ QA acceptance documentation
▪ Planning of migration waves (application groups) for migration of applications
▪ Planning of migration waves for migration of Windows2012 Servers to latest OS Gen.
▪ Control and follow-up of the implementations by PV / project team members
▪ QS reporting of progress
▪ Maintenance of necessary change data in CMDB, etc.
▪ Technical and procedural documentation of the changes and handover to Operation
▪ Collaboration in the planning of milestones and timeframes for the implementation of lifecycle topics
▪ Supporting the creation of highlevel and implementation procedures
▪ Verification of requirements and assumptions on the part of Customer
▪ Support of the pilot & tests for the implementation of the HW BLC replacement
▪ QA acceptance documentation
▪ Planning of migration waves (application groups) for migration of applications
▪ Planning of migration waves for migration of Windows2012 Servers to latest OS Gen.
▪ Control and follow-up of the implementations by PV / project team members
▪ QS reporting of progress
▪ Maintenance of necessary change data in CMDB, etc.
▪ Technical and procedural documentation of the changes and handover to Operation
03/2020
-
10/2022
Project Manager
▪ Creation of a business case to illustrate the possible options in terms of implementation time and the
associated costs and risks.
▪ Realization of the business case with the goal to dismantle all Windows 2008 legacy systems to the expiry
date of the ESU licenses in 01/23.
▪ Coordination of inhouse operation staff and sourcing provider.
associated costs and risks.
▪ Realization of the business case with the goal to dismantle all Windows 2008 legacy systems to the expiry
date of the ESU licenses in 01/23.
▪ Coordination of inhouse operation staff and sourcing provider.
01/2020
-
12/2021
Vulnerability-, Patch- & Compliance Manager on the staff of the Board (C-Level)
▪ Developing and providing support all I&O departments on security breaches, vulnerability remediation,
security patch management and security compliance
▪ Define product vision by translating the technology and business strategy into a consistent set of product
objectives and targets with specific focus on security and risk reduction in order to protect I&O
infrastructure, products and ser-vices from internal/external cyber-at-tacks
▪ Manage the product evangelization, presales and post-sales, defining product direction based on the
changing security threat landscape /technology/ market adoption/evolution in collaboration with customers
and tech. leadership
▪ Own and participate in the creation of the technology vision for I&O from a Security PoV.
▪ Identify journeys’ / product key capabilities and features required to evolve towards the technology vision
and deliver expected strategy outcomes, facilitate Product Line teams.
▪ E2E ownership of the “Infrastructure Vulnerability Management” measures to be taken by I&O based on
(Group IT Security) vulnerability reports and findings (analyze findings, define and align measures with
operations line of business and Security
▪ C-level Consulting
security patch management and security compliance
▪ Define product vision by translating the technology and business strategy into a consistent set of product
objectives and targets with specific focus on security and risk reduction in order to protect I&O
infrastructure, products and ser-vices from internal/external cyber-at-tacks
▪ Manage the product evangelization, presales and post-sales, defining product direction based on the
changing security threat landscape /technology/ market adoption/evolution in collaboration with customers
and tech. leadership
▪ Own and participate in the creation of the technology vision for I&O from a Security PoV.
▪ Identify journeys’ / product key capabilities and features required to evolve towards the technology vision
and deliver expected strategy outcomes, facilitate Product Line teams.
▪ E2E ownership of the “Infrastructure Vulnerability Management” measures to be taken by I&O based on
(Group IT Security) vulnerability reports and findings (analyze findings, define and align measures with
operations line of business and Security
▪ C-level Consulting
10/2020
-
09/2021
Vulnerability- & Patch Manager and Strategy & Process Consultant
▪ Enhancing manual and legacy processes. Driving processes to be automated and increasing effectiveness by
decreasing manual effort.
▪ Support building up new Vulnerability Management Group in I&O to work on vulnerabilities found by Security & Vulnerability Scan department.
▪ Support Teams to decrease found vulnerabilities by driving escalations and doing overarching coordination
work within i&o and security if needed.
▪ Consultancy of leadership with personal & vulnerability strategic decisions.
▪ Reporting of measurements and vulnerabilities
decreasing manual effort.
▪ Support building up new Vulnerability Management Group in I&O to work on vulnerabilities found by Security & Vulnerability Scan department.
▪ Support Teams to decrease found vulnerabilities by driving escalations and doing overarching coordination
work within i&o and security if needed.
▪ Consultancy of leadership with personal & vulnerability strategic decisions.
▪ Reporting of measurements and vulnerabilities
09/2020
-
01/2021
Consultant / Project Manager
▪ Design and definition of new processes in context of the MS Exchange implementation such as request of
permissions for (shared) mailboxes and general mailboxes for users or distribution lists and further.
▪ Operationalizing of defined processes and implementation in ITSM environment
▪ Creation of RBAC concept and documentation
▪ Hands on doing in project (creation of rules within owa, etc)
▪ Coordination of tasks and decisions with the country subsidiaries.
permissions for (shared) mailboxes and general mailboxes for users or distribution lists and further.
▪ Operationalizing of defined processes and implementation in ITSM environment
▪ Creation of RBAC concept and documentation
▪ Hands on doing in project (creation of rules within owa, etc)
▪ Coordination of tasks and decisions with the country subsidiaries.
06/2020
-
08/2020
Process & Strategy Consultant, Patch Manager
▪ Analysis of old processes in patch management topics and the target of patch management is to be applied
in the future.
▪ Design and definition of new processes to enhance patch management workflows. Enabling old processes
which are not in place and enhancement of those.
▪ Alignment of new processes with Global IT Security - Vulnerability Management Team to ensure
sustainability of the processes defined.
in the future.
▪ Design and definition of new processes to enhance patch management workflows. Enabling old processes
which are not in place and enhancement of those.
▪ Alignment of new processes with Global IT Security - Vulnerability Management Team to ensure
sustainability of the processes defined.
08/2019
-
01/2020
Project Manager
Increase vulnerability scanning effectiveness by rolling out scan agents in the Windows and Linux server
infrastructure (~5,000 servers) across all zones and stages of the enterprise, while reducing network load and
usage of highly privileged users for the remote scanner infrastructure.
▪ Requirements engineering
▪ Coordination of the implementation (stagebased deployment / rollout) and the team
▪ Coordination of the VM procurement
▪ Development and implementation of necessary processes
Tools used, languages: MS Office, tenable Nessus Manager, Tenable
infrastructure (~5,000 servers) across all zones and stages of the enterprise, while reducing network load and
usage of highly privileged users for the remote scanner infrastructure.
▪ Requirements engineering
▪ Coordination of the implementation (stagebased deployment / rollout) and the team
▪ Coordination of the VM procurement
▪ Development and implementation of necessary processes
Tools used, languages: MS Office, tenable Nessus Manager, Tenable
07/2019
-
12/2019
Vulnerability & Patch Manager, Process & Strategy Consultant
▪ Determining solutions for processing and closing of audit findings
▪ Determining solutions for closing vulnerabilities (Findings vulnerabilities scanner)
▪ Establishment of sustainable processes
▪ Patch management/-optimization
Process tasks
▪ Requirements assessment of processes in the area of vulnerability and incident management
▪ Process design and redesign in the area of vulnerability and incident management
▪ Introduction and establishment of more effective ways of working in different groups
e.g. transparency about and reduction of work-in-progress for IT operations
Coordinative tasks
▪ Mediation between IT security and IT operations
▪ Review of vulnerability reports
▪ Identification of asset managers
▪ Assignment of the vulnerabilities to the identified asset managers
▪ Tracking of the timely processing of vulnerabilities
▪ Coordination of mitigation rollouts / configuration adjustments
▪ Creation of status reports
▪ Incident & Problem Management
▪ Planning of workshops & moderation
▪ Evaluation of a vulnerability management solution
Operational and technical tasks (in cooperation with other external service providers)
▪ Examination and evaluation of vulnerabilities for false positives
▪ Examination of the applicability of recommended remedial actions
▪ If necessary, consideration of alternative remedial measures
▪ Test/documentation of the respective remedial measures
▪ Implementation of remedial measures or application for risk acceptance
▪ Determining solutions for closing vulnerabilities (Findings vulnerabilities scanner)
▪ Establishment of sustainable processes
▪ Patch management/-optimization
Process tasks
▪ Requirements assessment of processes in the area of vulnerability and incident management
▪ Process design and redesign in the area of vulnerability and incident management
▪ Introduction and establishment of more effective ways of working in different groups
e.g. transparency about and reduction of work-in-progress for IT operations
Coordinative tasks
▪ Mediation between IT security and IT operations
▪ Review of vulnerability reports
▪ Identification of asset managers
▪ Assignment of the vulnerabilities to the identified asset managers
▪ Tracking of the timely processing of vulnerabilities
▪ Coordination of mitigation rollouts / configuration adjustments
▪ Creation of status reports
▪ Incident & Problem Management
▪ Planning of workshops & moderation
▪ Evaluation of a vulnerability management solution
Operational and technical tasks (in cooperation with other external service providers)
▪ Examination and evaluation of vulnerabilities for false positives
▪ Examination of the applicability of recommended remedial actions
▪ If necessary, consideration of alternative remedial measures
▪ Test/documentation of the respective remedial measures
▪ Implementation of remedial measures or application for risk acceptance
02/2019
-
06/2019
IT Security Consultant
▪ Evaluation of a suitable visualization framework (RStudio)
▪ Definition & coordination of key figures with the ISO organization
▪ Definition & coordination of threshold values and measures with the ISO organization
▪ Professional and technical conception on the basis of the requirements
▪ Topics for ComplianceGate: Vulnerabilities Scan, DLP, IAM, PAM, Asset Inventory, etc.
▪ Security concept incl. threat modelling
▪ Documentation/compilation of operating manual
▪ Implementation of data aggregations (Kibana)
▪ Definition & coordination of key figures with the ISO organization
▪ Definition & coordination of threshold values and measures with the ISO organization
▪ Professional and technical conception on the basis of the requirements
▪ Topics for ComplianceGate: Vulnerabilities Scan, DLP, IAM, PAM, Asset Inventory, etc.
▪ Security concept incl. threat modelling
▪ Documentation/compilation of operating manual
▪ Implementation of data aggregations (Kibana)
11/2017
-
06/2019
IT Security Consultant, Vulnerability / Schwachstellen Management
▪ Maintenance, operation and further development of the vulnerability scanner
▪ Vulnerability management
▪ Vulnerability scans
▪ Vulnerability analysis
▪ Security Incident Management
▪ Reporting
▪ Documentation (creation/maintenance of the installation and operating manual)
▪ Process consulting and optimization
▪ Connection to central log management
▪ Vulnerability management
▪ Vulnerability scans
▪ Vulnerability analysis
▪ Security Incident Management
▪ Reporting
▪ Documentation (creation/maintenance of the installation and operating manual)
▪ Process consulting and optimization
▪ Connection to central log management
09/2018
-
02/2019
IT Security Consultant
▪ Development of a network infrastructure for the provision of services: Vulnerabilities Scan and penetration
testing to reduce network load and increase efficiency (coverage of previously known and tested network
segments increased by direct access to all VLANs)
▪ Process consulting and design
▪ Project and network documentation
▪ Documentation/ Preparation of operating and installation manual
▪ Security Concept incl. Threat Modelling
testing to reduce network load and increase efficiency (coverage of previously known and tested network
segments increased by direct access to all VLANs)
▪ Process consulting and design
▪ Project and network documentation
▪ Documentation/ Preparation of operating and installation manual
▪ Security Concept incl. Threat Modelling
02/2018
-
10/2018
Consultant IT Security & SIEM
▪ Definition & coordination of key figures with business unit and business owner (VulScan, DLP, IAM, PAM,..)
▪ Definition & coordination of measured values for the presentation of compliance (VulScan, DLP, IAM, PAM,..)
▪ requirements analysis
▪ Professional and technical conception on the basis of the requirements (VulScan, DLP, IAM, PAM,..)
▪ Technical implementation
▪ Formulation of Compliance & Security Use Cases (VulScan, DLP, IAM, PAM,.. )
▪ Implementation of data aggregations with ElasticSearch
▪ Visualization of data aggregations with Kibana
▪ Evaluation & connection of data suppliers to the log platform
▪ Enhancement of Python Scripts
▪ Development of Bash / Shell scripts
▪ Log data analysis
▪ Development of threshold logics and evaluations using Elastic Watcher & Painless Script
▪ Definition & coordination of measured values for the presentation of compliance (VulScan, DLP, IAM, PAM,..)
▪ requirements analysis
▪ Professional and technical conception on the basis of the requirements (VulScan, DLP, IAM, PAM,..)
▪ Technical implementation
▪ Formulation of Compliance & Security Use Cases (VulScan, DLP, IAM, PAM,.. )
▪ Implementation of data aggregations with ElasticSearch
▪ Visualization of data aggregations with Kibana
▪ Evaluation & connection of data suppliers to the log platform
▪ Enhancement of Python Scripts
▪ Development of Bash / Shell scripts
▪ Log data analysis
▪ Development of threshold logics and evaluations using Elastic Watcher & Painless Script
02/2015
-
12/2017
Consultant / Test Analyst
▪ Test case identification and test specification/design according to ISQTB
▪ Test documentation
▪ Execution and analysis of the software tests
▪ Bug tracking
▪ Mobile testing (iOS)
▪ Test status reporting
▪ Test documentation
▪ Execution and analysis of the software tests
▪ Bug tracking
▪ Mobile testing (iOS)
▪ Test status reporting
12/2016
-
11/2017
Business Analyst / Consultant / Subproject Manager
▪ Requirements analysis
▪ Creation of technical and functional concepts
▪ Test management
▪ Test analysis & conception
▪ Mobile testing (iOS)
▪ Document testing
▪ End2End testing
▪ Reporting test state
▪ Test process improvement
▪ Consulting in agile work according to SCRUM
▪ Creation of technical and functional concepts
▪ Test management
▪ Test analysis & conception
▪ Mobile testing (iOS)
▪ Document testing
▪ End2End testing
▪ Reporting test state
▪ Test process improvement
▪ Consulting in agile work according to SCRUM
07/2015
-
11/2016
Consultant / Test Analyst / Business Analyst
▪ Requirements analysis
▪ Preparation of technical / solution concepts for requirements
▪ Creation of Release Notes and User Manuals
▪ Test case identification and test specification/design according to ISQTB
▪ Determination of regression tests
▪ Execution, documentation and analysis of the software tests
▪ Bug tracking
▪ Test Status Reporting
▪ Acceptance test support
▪ Consulting test approach, test procedure, test process (improvement)
▪ Preparation of technical / solution concepts for requirements
▪ Creation of Release Notes and User Manuals
▪ Test case identification and test specification/design according to ISQTB
▪ Determination of regression tests
▪ Execution, documentation and analysis of the software tests
▪ Bug tracking
▪ Test Status Reporting
▪ Acceptance test support
▪ Consulting test approach, test procedure, test process (improvement)
04/2015
-
07/2015
Consultant / Test Manager
▪ Test management / test coordination
▪ Control of nearshore test teams (Romania)
▪ Control test team & test orders
▪ Creation of documentation and user manuals
▪ Bug tracking
▪ Test status reporting
▪ Acceptance test support
▪ Test environment coordination
▪ Control of nearshore test teams (Romania)
▪ Control test team & test orders
▪ Creation of documentation and user manuals
▪ Bug tracking
▪ Test status reporting
▪ Acceptance test support
▪ Test environment coordination
12/2014
-
03/2015
Consultant / Test Manager
▪ Release Test Management
▪ Test Status Reporting
▪ Control Test Manager & Offshore Test Team
▪ Control (offshore) Test projects (India)
▪ Test environment management / coordination / planning
▪ Bug tracking
▪ QS/test planning
▪ Load test coordination
▪ Test Status Reporting
▪ Control Test Manager & Offshore Test Team
▪ Control (offshore) Test projects (India)
▪ Test environment management / coordination / planning
▪ Bug tracking
▪ QS/test planning
▪ Load test coordination
Zertifikate
IT Information Security Practitioner (IT ISP)
ISACA
2018
Nessus Certificate of Proficiency
Tenable
2018
Professional Scrum Master
Scrum.org
2016
Professional Scrum Product Owner
Scrum.org
2016
ISO 27001 - Foundation Level
TÜV Sued
2016
ISO 27001 - Information Security Officer
TÜV Sued
2016
ISTQB - Certified Tester Advanced Level - Test Manager
iSQI
2013
TMap NEXT® Test Engineer
EXIN
2011
ISTQB - Certified Tester Foundation Level
iSQI
2011
Reisebereitschaft
Verfügbar in den Ländern
Deutschland
DACH - national bevorzugt Raum Düsseldorf
