Markus Künzler verfügbar

Markus Künzler

GRC & Information Security Risk Consultant

Profilbild von Markus Kuenzler GRC & Information Security Risk Consultant aus Gruenenmatt
  • 3452 Grünenmatt Freelancer in
  • Abschluss: Elektroingenieur FH
  • Stunden-/Tagessatz:
  • Sprachkenntnisse: deutsch (Muttersprache) | englisch (verhandlungssicher) | französisch (Grundkenntnisse) | italienisch (Grundkenntnisse)
  • Letztes Update: 31.03.2016
Profilbild von Markus Kuenzler GRC & Information Security Risk Consultant aus Gruenenmatt
CV Markus Kuenzler - dt.docx

Diese Anzeige ist nur für angemeldete Nutzer möglich.

Profil Markus Kuenzler v1.docx

Diese Anzeige ist nur für angemeldete Nutzer möglich.

- Project managing security projects (e.g. large infrastructure projects)
- Implementing of ISMS and preparation for certification (ISO / IEC 27001 or BSI baseline protection);
- Implementing of business continuity management systems (BCMS) (ISO / IEC 22301)
- Information risk assessments (ISO 31000; ISO 27005; FAIR; BSI-100-3, Cyber Security Controls
- Business continuity management / Disaster Recovery (ISO 22301 / ISO 22313; BSI 100-4)
- Crisis Management
- Compliance assessments in accordance with PCI / DSS, GxP, HIPAA, FDA (CFR 21), ISO / IEC 27001, etc.
- Establishing frameworks for IT service continuity management (IT SCM)
- Hardening standards for clients / servers / browsers
- Security policy frameworks
Freelancer - Selected projects:

DAX30 Company, Essen (D)
- Corporate ISO - Responsible for all security domains within the corporate business area (global)

Client (Security Firm), Lausanne
-Development of BCM Framework comprising planning process, BCP develpment, Crisis Management, Awarenwess and testing)

Client (Energy), Zug
- Development of risk framework based on ISO 31000 and generic IT risk scenarios
- transition of certified ISMS to new standard (ISO/IEC 27001:2013)

Client (Security Firm), Lausanne
- Internal Audit ISMS (pre-certification Audit)

Client (intern. Bank), Zurich
- Definition data security framework (regulatory requirement: FINMA 08/21 App. 3)

Client (Credit Bank), Zurich
- Defining an awareness programme for all users on data privacy, general compliance issues and emerging (cyber) threats

Client (Transportation Sector), Berlin
- Responsible for the definition and subsequent roll-out of a BCM / SCM Framework comprising a planning methodology framework, service continuity plans for critical IT services, a crisis management plan

Client (Energy Sector), Zug (with operations in CH, D, R)
- Project managing the implementation of an ISMS (including successful certification) in complex IT environment
- Establishing of a new security policy framework

Client (Energy Sector), Zug - External security manager (CISO) advising on all aspects of information security including
- the maintenance and continual improvement of the ISMS
- investigation of information security incidents and evaluating security-related RfCs and projects
- defining and implementing a BCM policy and DR tool
- defining and overseeing BCM / DR exercises

Client (Health Insurance Sector), Zurich
- Definition of a Access Control & IAM Policy for the group

Client (Pharma Sector), Basel
- Responsible for the completion of a GAP analysis (ISO 27002) covering all aspects of the global IT operations and security governance framework
- Advising on the definition of a global information security framework (Global IT) comprising security processes, governance organisation and processes, awareness, policy framework
- Advising on the compilation of a legal register (Swiss and US regulation) for general IT compliance

Client (Insurance Sector), Zurich / Bonn
- Responsible for establishing and roll-out of a data governance framework for all regulated data within the group
- Leading risk assessments (compliance with data classification) within all European business departments
Employment history:

06/10 - 04-12 Head of GRC Consultancy Practice Central Europe – Integralis Deutschland GmbH, Zurich
Assuming responsibility for the delivery of consultancy services in the area of data security, auditing, ISO 27001 and PCI/ DSS to key clients in central Europe. Key responsibilities were as follows:
- Establishing GRC consulting practice in the D-A-CH region
- Defining new GRC portfolio (focus compliance, Information risk management and business continuity services)
- People management (hiring, performance appraisals, training)
- Lead consultant for critical security assessments (top clients)
- Speaker at security events (ITSA; Roadshows, etc.)

03/05 – 06/10 European Compliance Manager - Swiss Post Solutions AG, Berne
Assumed responsibility for the group-wide compliance / information security process and the definition and roll-out of a global compliance framework to accommodate all requirements stemming from a ten-year, CHF 250m Pan-European outsourcing contract with a leading international client (Finance Sector):
- Defining and implementing a global security & compliance framework
- Establishing governance processes for security, business continuity and compliance
- Providing security guidance and advice on on-going projects (ISMS, BCMS, IT-Solutions)
- Defining a BCM concept for the client’s operations in Switzerland and Austria

1/04 – 02/05 Engagement Manager - Swisscom IT Services AG, Berne
Assumed full responsibility for the timely delivery of large projects in the area of information security and service management:
- Introduction of Microsoft Rights Management for 18,000 users
- Corporate network segmentation project (based on CISCO equipment) for the enhancement of the group-wide security posture
- Roll-out of secure corporate clients (hardening, encryption, SSO)

05/02 – 08/02 Principal Consultant - NRS Regulatory Services, Edinburgh UK (Contract Job)
- Responsible for the development of new consultancy services in the area of information security benchmarking and business continuity for the SOC industry

04/00 – 03/02 Manager in Global Risk Management Solutions - PricewaterhouseCoopers, Edinburgh UK
- Diverse assignments as subject matter expert for auditing / risk assessment of critical IT projects for TOP 100 companies in the UK. Technical advisor to PwC’s incubator team on business ventures and key member of the UK business continuity management practice.

11/98 – 03/00 Senior IT Project Manager - Swisscom AG, Berne
- Overall responsibility for the set-up and successful completion of a new IT change programme - implementation of a new corporate ERM system for 1200 user positions (responsible for approx. 80 project staff and CHF > 20m project budget).
Mo-Fr, 80-100 %
D-A-CH weit
CH, UK Doppelbürger