Aufgrund des aktuellen
Urteils des 12. Senats des
Bundessozialgerichts (BSG) in Deutschland vom 24. Oktober 2023 (Az. B 12 R 9/21 R) zur
Scheinselbstständigkeit führt eine generelle Verpflichtung zur
Leistung Vor-Ort in DE oder eine Verpflichtung zur
Nutzung der Infrastruktur zur Scheinselbstständigkeit. Bitte in dem Fall (im eigenen Interesse) nach Kollegen suchen, die ANÜ in DE anbieten.- Danke.
.............................
TOP-Skills:
DORA | Cyber Resilience Act (CRA) | Regulatory Compliance | Business Analyse | CyberSecurity | IT Compliance | Due Diligence/IT Audit | Cloud Architektur | Outsourcing | 3rd Party Risikomanagement | Aufsichtsprüfung | IT Riskmanagement | IT Governance | IT Forensik | Supply Chain Management | Audit Management / Audit Defense | IT Vertragsmanagement | IT Strategie | Operational Resilience | Security Standards: CSA, ITIL, ISO20000 COBIT, ISO 27001/2, COBIT, PCI-DSS, COBIT NIST, BSI Grundschutz | Interim CTO/CIO | SIEM | KRITIS / CERD | NIS2 | Informationssicherheit | etc.
Sprachen
Deutsch (Muttersprache)
Englisch (Business-Level)
Einsatzorte
Remote
Branchen
Kreditinstitute (Banken)
Zahlungs-Provider / E-money Anbieter
Investment Firmen
Trading Unternehmen
Versicherungen
Crowdfunding Services
ICT/Cloud Anbieter
…weitere kritische Branchen
Der
Digital Operational Resilience Act (DORA), die
Critical Entities Resilience Directive (CER) und der
Cyber Resilience Act (CRA) der EU sind 2023 in Kraft getreten bzw. werden in verschiedenen Phasen ab Januar 2025 scharf geschaltet.
Gerade vor dem
Hintergrund nun erstmalig der drohenden Zwangs- und Bussgelder ist oft eine massive Überarbeitung der bisherigen Policies,
Dokumentation der Vorgaben, Register, Prozesse und Evidenzen entsprechend den neuen Anforderungen an ein angemessenes
Risiko-Management Framework in den folgenden Bereichen notwendig:
- Governance & Organization
- Digital & Operational Resilience
- ICT Risk Management & Cyber Security
- ICT Incident Management / Major Incident Management
- Third-Party Provider Management (Due Diligence und IT Audits und Risiko-Analyse von Ausgliederungen sowie Massnahmen der Steuerung/ zzgl. LieferkettensogfaltsG)
- Vorbereitung und Begleitung von Behörden-Audits
- On-Boarding- und Exit-Management
- General ICT security
- Access control
- Acquisition, development, and maintenance of ICT systems
- ICT Capacity and Performance Management
- Data and system security
- ICT Encryption & cryptography
- Human resources
- ICT asset management
- ICT business continuity
- ICT change management
- ICT operations security
- ICT project management
- ICT risk management
- ICT-related incident management
- Identity management
- Network security management
- Physical and environmental security
- Security information in transit
- ICT Vulnerability and patch management
- Documented Strategy on ICT third-party risk
- Policy on the use of ICT services supporting critical or important functions
- Contractual arrangements with third parties
Betroffen sind in den benannten EU-Branchen tätige Unternehmen unabhängig von ihrem Ursprungsland und weitere 3rd Party Anbieter z.B. von IT Leistungen die in entsprechenden Audits nachweisen müssen, dass sie alle Anforderungen einhalten.
........
Zur Person:
Ich bin ausgebildeter Jurist und Informatiker, verfüge über mehr als 30 Jahre operative Erfahrung in den regulierten Bereichen IT Organisation und Infrastruktur sowie 3rd Party / Outsourcing Management mit den Schwerpunkten DueDiligence/Audit, Governance, Risk, Compliance, Resilience, Digitalisierung, Business Analyse, Datenschutz, etc.
Ich helfe Unternehmen in Finanzmärkten und anderen kritischen oder regulierten Branchen, wie z.B. Energiewirtschaft als Interim Manager auf Freelancer-Basis dabei, Compliance Anforderungen in ihren Projekten oder für die Aufrechterhaltung des laufenden ordnungsgemässen Betriebes sicher zu stellen.
Aus- und Weiterbildung:
1984: Abitur
1986 – 1991: Studium der Rechtswissenschaften – 1.Staats-Examen (1989) / Dipl.-Jurist (2006)
1990 – 1993: Studium der Betriebswirtschaftswissenschaften (Schwerpunkt: Organisation/BWL)
1991 – 1992: Diverse Novell - Lehrgänge
1993: Novell Lehrgänge CNE 3
1996: Novell Lehrgänge CNE 4 (NDS-Design)
1997: HP - Lehrgänge HPUX Unix - Grundlagen (SHELLs, SAM, etc.)
1998: Diverse Management Lehrgänge:
1998: Microsoft Lehrgänge Total Cost Of Ownership
1998 – 1999: Microsoft Lehrgänge MCP/MCSE
1999: Novell Lehrgänge CNE 5 (Networking Techn., Admin., Adv. Admin.)
1999 – 2003: (Fern-)studium: Informations- und Kommunikationsmanagement
2001: ITIL Service Management Foundation Lehrgang
2003: Zertifizierung ITILv2 Service Manager
2004: Zertifizierung PRINCE2
2005: COBIT 4
2008: COBIT 4.1 Update
2010: Zertifizierung PMP
2011: Lehrgang Compliance Management
2012: Zertifizierung Certified Outsourcing Professional (COP)
2015: zert. Business Coach und Trainer (IHK)
2016: Zertifizierung SCRUM PO/SM
2021: CRCM (EU) Certified Regulatory Compliance Manager
2021: Weiterbildungen Bachelor of Science auf ECTS- bzw. CPE-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities)
- Jul 2021 - CISA 1 - Auditing Information Systems for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2021 - CISA 2 - Information Technology Governance and Management for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2021 - CISA 3 - Information Technology Life Cycle for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2021 - CISA 4 - IT Operations, Maintenance, and Service Delivery for IS Auditors
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Oct 2021 - Audit and Due Diligence: Priorities and Best Practices
Skills: Information Security Management · Information Security · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Oct 2021 - CCSP: 1 Cloud Concepts, Architecture, and Design
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Oct 2021 - CCSP: 6 Legal, Risk, and Compliance
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Oct 2021 - Certified Analytics Professional (CAP): Domains 5–7
Skills: Information Security Management · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Nov 2021 - Adaptive Project LeadershipAdaptive Project Leadership
Skills: Operational Risk ManagementSkills: Operational Risk Management
- Nov 2021 - Digital TransformationDigital Transformation
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management
- Nov 2021 - Executive LeadershipExecutive Leadership
Skills: Operational Risk Management
- Nov 2021 - Risk Management for IT and Cybersecurity Managers
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Nov 2021 - SSCP: 4 Incident Response and Recovery
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Nov 2021 - The New Age of Risk Management Strategy for Business
Skills: Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
2022: Weiterbildungen Bachelor of Science auf ECTS- oder CPE- Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
- Jul 2022 - Microsoft Azure Security Technologies (AZ-500) Cert: 1 Manage Identity and Access
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 1 Core Concepts
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2022 - Microsoft Security, Compliance, and Identity Fundamentals (SC-900): 4 Understanding Microsoft Security and Compliance Capabilities
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Jul 2022 - Office 365: Implement Networking and Security (Office 365/Microsoft 365)
Skills: Information Security Management · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Operational Risk Management
- Jul 2022 - Top 10 Security Features to Enable within Microsoft 365
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · Regulatory Compliance · Regulatory Audits · IT Audit · Internal Audits · Operational Risk Management
- Aug 2022 - Microsoft 365: Health and Security
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Compliance · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Operational Risk Management
- Aug 2022 - Microsoft 365: Implement Security and Threat Management
Skills: Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Aug 2022 - Microsoft 365: Manage Governance and Compliance
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Data Governance · Regulatory Audits · IT Audit · Risk Management · Internal Audits
2023: Weiterbildungen Bachelor of Science auf ECTS- bzw. CPE-Niveau (European Credit Transfer and Accumulation System - globally relevant Official Academic Credits at Partner Universities):
- Apr 2023 - Advanced Microservices: Tactical Forking
Skills: Enterprise Architecture · Cloud Computing · Risk Management
- Apr 2023 - Building and Auditing a Cybersecurity Program
Skills: Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
- Apr 2023 - CCSK Cert: 1 Cloud Architecture
Skills: Information Security Management · Cloud Computing · Cloud Security · IT Audit · Risk Management
- Apr 2023 - CCSK Cert: 2 Infrastructure Security for Cloud
Skills: Information Security Management · Infrastructure Security · Cloud Computing · IT Audit · Risk Management
- Apr 2023 - CIPP/US Cert: 1 U.S. Privacy Environment
Skills: Information Security Management · Information Security · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Cloud Architecture: Advanced Concepts
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Cloud Architecture: Core Concepts
Skills: Information Security Management · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Cloud Security Architecture for the Enterprise
Skills: Enterprise Architecture · Information Security Management · Information Security · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Cybersecurity Foundations
Skills: Cybersecurity
- Apr 2023 - Ethics in Information SecurityEthics in Information Security
Skills: Information Security · IT Audit · Computer Ethics
- Apr 2023 - IT Security Foundations: Core Concepts
Skills: IT Audit · IT Security Operations
- Apr 2023 - IT and Cybersecurity Risk Management Essential Training
Skills: IT Risk Management · Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
- Apr 2023 - Computer Forensics
Skills: Computer Forensics · Cloud Computing · IT Audit
- Apr 2023 - Learning Threat Modeling for Security Professionals
Skills: Threat Modeling · Cloud Computing · IT Audit
- Apr 2023 - Learning Vulnerability ManagementLearning Vulnerability Management
Skills: Cloud Computing · IT Audit · Vulnerability Management
- Apr 2023 - Practical Cybersecurity for IT Professionals
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
- Apr 2023 - Scaling Your Cybersecurity and Privacy Program
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits · Cybersecurity
- Apr 2023 - Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes
Skills: Information Security Management · Information Security · Cloud Computing · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
- Apr 2023 - Soft Skills for Information Security Professionals
Skills: Information Security · IT AuditSkills: Information Security · IT Audit
- Apr 2023 - Using SABSA to Architect Cloud Security
Skills: Information Security Management · Cloud Computing · Cloud Security · Operational Risk · External Audit · Regulatory Audits · IT Audit · Risk Management · Internal Audits
Belastbare und umfängliche Beratung und
kontinuierliche Weiterbildung stehen für mich in einem
untrennbaren Zusammenhang.
Veraltetes oder Scheinwissen sind der häufigste Ansatzpunkt für Regress- bzw. Schadensersatzforderungen der Rechtsabteilungen der Kundenorganisationen.