Schlagwörter
Skills
Projekthistorie
separation of IT & OT is to be accomplished. Furthermore, this project is the first phase of a significant
transformation of the IT and network landscape.
▪ Review and collaboration on the RfP proposal and corresponding presentation slides
▪ Preparing and conducting on-site workshops to determine the current situation
▪ Collaboration in the protection requirements analysis
▪ Vulnerability scans and analysis for servers, services and applications in operation
Used tools/Frameworks: MS Office, SharePoint, ISO2700x, BSI 200-2
company group in all 70 locations over 8 countries planned to be done in 2024.
▪ Communication to internal stakeholder of the project
▪ Status reporting and presentation
▪ Coordination of and Governance for external contractors
▪ Escalation management within the program to corresponding responsible (and/or accountable) roles.
▪ Preparation of timely and budget planning for the project and the rollout plan for the usecases
▪ Defining a target environment for the archiving and datahub purposes
▪ Alignment with and coordination of related internal and external responsible parties
Used tools: MS Office, SharePoint, Jira, ServiceNow
▪ Alignment with involved technical departments and teams regarding particular requirements and demands.
▪ Alignment with procurement department for relevant activities and general conditions for tender
▪ Alignment with to be involved stakeholder to project activities.
Used tools: MS Office, SharePoint, Jira, ServiceNow
evaluated gaps of the company.
▪ Defining policies and directives for SecSDL, Logging and SIEM, Patchmanagement, etc.
▪ Review and reworking of policies and directives
Frameworks used: ISO2700x, NIST, OWSAP, SANS, MITRE ATT&CK, CIS
▪ Alignment with involved or to be involved stakeholder to project activities.
▪ Aligning and documenting on governance approvals with stakeholder for the program/project
▪ Maintaining project documentation in preparation for corresponding and upcoming migrations
▪ Communication to stakeholders referring to planned migrations.
Used tools: MS Office, SharePoint, Jira, ServiceNow
group (70 locations, 8 countries) including all subsidiaries. Considering all applications not descoped by technical
or security reasons to be migrated and handing over operation to defined MSP including the implementation of a
new backup solution (veeam).
▪ Managing of related subprojects to migrate different applications in several countries hosted on premises.
▪ Communication to internal stakeholder of the project / steering committee
▪ Alignment with and coordination of related internal and external responsible parties
▪ Project planning, status reporting and presentation
▪ Alignment and creation of decision templates, changes and demands and execution of those
▪ Coordination of and Governance for external contractors
▪ Escalation management within the program to corresponding responsible (and/or accountable) roles.
▪ Tracking of the timely and budget processing of the project
Used tools: MS Office, SharePoint, Jira, ServiceNow
shares, collaboration data and application data within the stand-alone-companies to cloud based central service
in Microsoft environment. The new TOM for user home drive is OneDrive to which the personal data will be
migrated to, for the collaboration data the data will be migrated to SharePoint Online with a new Role Based Access Control Model based on the obtained data in cooperation with the (national) IT and HR departments. For the application
data the azure file server is planned to use in a lift and shift approach with probably post project transformations
▪ More than 70 locations in 8 countries with approx. 90 TB of Data
▪ Migration to MS OneDrive and SharePoint Online
▪ Gathering as is information from country- & subsidiaries and local responsibles
▪ Working on and creating organizational structures and orgcharts for new RBAC Implementation
▪ Tracking of the timely processing of the project
▪ Working on project tenders for contractors
▪ Evaluation of contractors based on tenders
▪ Status reporting and presentation
▪ Coordination of migration “rollouts”
▪ Coordination and Governance for external contractors
▪ Coordination of tasks and decisions with the country subsidiaries.
▪ Planning of workshops & moderation
▪ Documentation of as is situation and working out a migration path
▪ Planning and evaluating of a suitable solution and implementation afterwards.
▪ Steering of and contact person for the external supplier in case of questions
▪ Planning of workshops & moderation
▪ Reporting to C-Level
▪ Collaboration in the planning of milestones and timeframes for the implementation of lifecycle topics
▪ Supporting the creation of highlevel and implementation procedures
▪ Verification of requirements and assumptions on the part of Customer
▪ Support of the pilot & tests for the implementation of the HW BLC replacement
▪ QA acceptance documentation
▪ Planning of migration waves (application groups) for migration of applications
▪ Planning of migration waves for migration of Windows2012 Servers to latest OS Gen.
▪ Control and follow-up of the implementations by PV / project team members
▪ QS reporting of progress
▪ Maintenance of necessary change data in CMDB, etc.
▪ Technical and procedural documentation of the changes and handover to Operation
associated costs and risks.
▪ Realization of the business case with the goal to dismantle all Windows 2008 legacy systems to the expiry
date of the ESU licenses in 01/23.
▪ Coordination of inhouse operation staff and sourcing provider.
security patch management and security compliance
▪ Define product vision by translating the technology and business strategy into a consistent set of product
objectives and targets with specific focus on security and risk reduction in order to protect I&O
infrastructure, products and ser-vices from internal/external cyber-at-tacks
▪ Manage the product evangelization, presales and post-sales, defining product direction based on the
changing security threat landscape /technology/ market adoption/evolution in collaboration with customers
and tech. leadership
▪ Own and participate in the creation of the technology vision for I&O from a Security PoV.
▪ Identify journeys’ / product key capabilities and features required to evolve towards the technology vision
and deliver expected strategy outcomes, facilitate Product Line teams.
▪ E2E ownership of the “Infrastructure Vulnerability Management” measures to be taken by I&O based on
(Group IT Security) vulnerability reports and findings (analyze findings, define and align measures with
operations line of business and Security
▪ C-level Consulting
decreasing manual effort.
▪ Support building up new Vulnerability Management Group in I&O to work on vulnerabilities found by Security & Vulnerability Scan department.
▪ Support Teams to decrease found vulnerabilities by driving escalations and doing overarching coordination
work within i&o and security if needed.
▪ Consultancy of leadership with personal & vulnerability strategic decisions.
▪ Reporting of measurements and vulnerabilities
permissions for (shared) mailboxes and general mailboxes for users or distribution lists and further.
▪ Operationalizing of defined processes and implementation in ITSM environment
▪ Creation of RBAC concept and documentation
▪ Hands on doing in project (creation of rules within owa, etc)
▪ Coordination of tasks and decisions with the country subsidiaries.
in the future.
▪ Design and definition of new processes to enhance patch management workflows. Enabling old processes
which are not in place and enhancement of those.
▪ Alignment of new processes with Global IT Security - Vulnerability Management Team to ensure
sustainability of the processes defined.
infrastructure (~5,000 servers) across all zones and stages of the enterprise, while reducing network load and
usage of highly privileged users for the remote scanner infrastructure.
▪ Requirements engineering
▪ Coordination of the implementation (stagebased deployment / rollout) and the team
▪ Coordination of the VM procurement
▪ Development and implementation of necessary processes
Tools used, languages: MS Office, tenable Nessus Manager, Tenable
▪ Determining solutions for closing vulnerabilities (Findings vulnerabilities scanner)
▪ Establishment of sustainable processes
▪ Patch management/-optimization
Process tasks
▪ Requirements assessment of processes in the area of vulnerability and incident management
▪ Process design and redesign in the area of vulnerability and incident management
▪ Introduction and establishment of more effective ways of working in different groups
e.g. transparency about and reduction of work-in-progress for IT operations
Coordinative tasks
▪ Mediation between IT security and IT operations
▪ Review of vulnerability reports
▪ Identification of asset managers
▪ Assignment of the vulnerabilities to the identified asset managers
▪ Tracking of the timely processing of vulnerabilities
▪ Coordination of mitigation rollouts / configuration adjustments
▪ Creation of status reports
▪ Incident & Problem Management
▪ Planning of workshops & moderation
▪ Evaluation of a vulnerability management solution
Operational and technical tasks (in cooperation with other external service providers)
▪ Examination and evaluation of vulnerabilities for false positives
▪ Examination of the applicability of recommended remedial actions
▪ If necessary, consideration of alternative remedial measures
▪ Test/documentation of the respective remedial measures
▪ Implementation of remedial measures or application for risk acceptance
▪ Definition & coordination of key figures with the ISO organization
▪ Definition & coordination of threshold values and measures with the ISO organization
▪ Professional and technical conception on the basis of the requirements
▪ Topics for ComplianceGate: Vulnerabilities Scan, DLP, IAM, PAM, Asset Inventory, etc.
▪ Security concept incl. threat modelling
▪ Documentation/compilation of operating manual
▪ Implementation of data aggregations (Kibana)
▪ Vulnerability management
▪ Vulnerability scans
▪ Vulnerability analysis
▪ Security Incident Management
▪ Reporting
▪ Documentation (creation/maintenance of the installation and operating manual)
▪ Process consulting and optimization
▪ Connection to central log management
testing to reduce network load and increase efficiency (coverage of previously known and tested network
segments increased by direct access to all VLANs)
▪ Process consulting and design
▪ Project and network documentation
▪ Documentation/ Preparation of operating and installation manual
▪ Security Concept incl. Threat Modelling
▪ Definition & coordination of measured values for the presentation of compliance (VulScan, DLP, IAM, PAM,..)
▪ requirements analysis
▪ Professional and technical conception on the basis of the requirements (VulScan, DLP, IAM, PAM,..)
▪ Technical implementation
▪ Formulation of Compliance & Security Use Cases (VulScan, DLP, IAM, PAM,.. )
▪ Implementation of data aggregations with ElasticSearch
▪ Visualization of data aggregations with Kibana
▪ Evaluation & connection of data suppliers to the log platform
▪ Enhancement of Python Scripts
▪ Development of Bash / Shell scripts
▪ Log data analysis
▪ Development of threshold logics and evaluations using Elastic Watcher & Painless Script
▪ Test documentation
▪ Execution and analysis of the software tests
▪ Bug tracking
▪ Mobile testing (iOS)
▪ Test status reporting
▪ Creation of technical and functional concepts
▪ Test management
▪ Test analysis & conception
▪ Mobile testing (iOS)
▪ Document testing
▪ End2End testing
▪ Reporting test state
▪ Test process improvement
▪ Consulting in agile work according to SCRUM
▪ Preparation of technical / solution concepts for requirements
▪ Creation of Release Notes and User Manuals
▪ Test case identification and test specification/design according to ISQTB
▪ Determination of regression tests
▪ Execution, documentation and analysis of the software tests
▪ Bug tracking
▪ Test Status Reporting
▪ Acceptance test support
▪ Consulting test approach, test procedure, test process (improvement)
▪ Control of nearshore test teams (Romania)
▪ Control test team & test orders
▪ Creation of documentation and user manuals
▪ Bug tracking
▪ Test status reporting
▪ Acceptance test support
▪ Test environment coordination
▪ Test Status Reporting
▪ Control Test Manager & Offshore Test Team
▪ Control (offshore) Test projects (India)
▪ Test environment management / coordination / planning
▪ Bug tracking
▪ QS/test planning
▪ Load test coordination
Zertifikate
Reisebereitschaft
exali IT-Haftpflicht-Siegel (Sondertarif für Freelancermap-Mitglieder)
Das original exali IT-Haftpflicht-Siegel bestätigt dem Auftraggeber, dass die betreffende Person oder Firma eine aktuell gültige branchenspezifische Berufs- bzw. Betriebshaftpflichtversicherung abgeschlossen hat. Diese Versicherung wurde zum Sondertarif für Freelancermap-Mitglieder abgeschlossen.
Versicherungsbeginn:
01.01.2018
Versicherungsende:
01.01.2026