2016 - 2018
Customer: Allianz Technology
Role: AVC Program Manager
Background:
- Allianz Virtual Client (AVC) is the mandatory Workplace solution for all Allianz Entities worldwide with 140K users
- Annual program budget approximate 20M Euro
- Program started in 2013
Tasks:
- Profit and Lost responsibility for AVC program
- Align with Organization Entities (OEs) the rollout plan for AVC
- Escalation counterpart for management of OE
- Steer rollout preparation and rollout execution
- Responsible for the AVC architecture team, package factory, Engineering department, Rollout team, PMO, Finance team with over 70 staff members (internals and externals)
- Reporting to top management of Allianz SE
Achievements:
- Customization of AVC solution to fit 24/7 operation model of Allianz Partners
- Rollout of AVC to over 70K users in Europe and APAC till end of 2018
2015 - 2018
Customer: ZfP Südwürttemberg
Role: Security Officer
Background:
- Zentrum für Psychatrie is a public healthcare organisation that operates several hospitals in Germany.
- Need information security officer to define and implement information security concept.
Tasks:
- Create internal security organization in over 20 locations in Germany
- Define information security policy and consult the management in all topics related to information security
- Execute audits and follow-up audit findings
Achievements:
- BSI 100-1/2 information security concept
2015
Customer: KIVBF
Role: Cloud operations concept
Background:
- KIVBF changes whole service delivery to Cloud solution.
- Need new IT organization and operational concept for service delivery to all public authorities in Baden Württemberg. (3500 Customers)
Tasks:
- Create new IT organizational concept, based on Cobit 5 framework
- Define IT operational handbook with process and role description, based on Cobit5 framework
- IT architecture consulting for Cloud solution
Achievements:
- Pilot successful running since January 2015
- IT organization concept implemented and existing stuff migrated into new structure
- Cloud operations defined and implemented.
2014
Customer: BMW SF China
Role: IT-Governance policy
Background:
- The Chinese banking authorities (CBRC and PBOC) requested an IT Governance Policy from BMW SF in China.
Tasks:
- Defining an IT Governance policy according to CBRC and PBOC requirements, following ISO38500 and COBIT5 standards.
- Align the IT Governance policy with BMW AG and BMW Bank in Germany
- Prepare presentation for Top Management of BMW SF and CBRC
Achievements:
- Approved IT Governance policy for Chinese market
2014
Customer: BMW SF China
Role: web-based customer interaction system
Background:
- BMW SF wants to migrate their business applications to new system, called COFIS. This system has integration of CRM and CIC modules, as well as reporting functions to PBOC, beside of usual SF business applications.
Tasks:
- IT Security concept according to ITPM
- Risk assessment according to ISO 27002
Achievements:
- Finalized security concept
- ITPM review passed for go-live
2014
Customer: TNS Infratest
Role: DLP concept
Background:
- BDSG officer requested a concept to secure customer PII related information
Tasks:
- Create business proposal to collect and summarize all requirements from business, IT and legal.
- Define information protection / DLP concept
Achievements:
- Finalized DLP concept
- Successful PoC with 10 different use cases from TNS
- Project / roll-out and handover to operations.
2013 - 2014
Customer: BMW AG
Role: IT Coordination Butterfly
Background:
- BMW JV in China (BBA) prepare the start of a new Brand in China, focused on NEV (New Energy Vehicle)
Tasks:
- Overall steering of IT related activities at BMW in Munich for the Butterfly project at BBA.
- IT Budget planning
- Identify dependencies and risks within the deliverables of the involved business and IT departments.
Achievements:
- Overview of IT activities within BBA and BMW for Butterfly project
- Synchronize timelines and efforts to secure IT deliverables within the business scope
2013
Customer: Audi China
Role: Security Consultant
Background:
- Audi is in the process to setup an R&D Center in China and needs an information protection concept that fits business and security needs. Focus is on 3rd parties delivering (IT) services to Audi China.
Tasks:
- Organize workshop with Business and IT stakeholder to clarify requirements - Create business and system proposal according to defined requirements, including necessary applications and tools
- Define information security concept
Achievements:
- Definition of an overall information security concept to protect Audi R&D information against unauthorized access from IT suppliers
2012 - 2013
Customer: BMW China
Role: Project Manager/ BCM / TCM phase 2
Background:
- BMW China made a BIA (Business Impact Analysis) and identified several critical applications, hosted in a server room in the office in Beijing.
- The phase2 of the project was responsible to setup a new DC in Beijing according to BMW standards and migrating business critical applications into the new DC.
Tasks:
- Preparation of DC bid and support purchasing in the process of commercial issues
- Make a budget and invest plan for 2012 – 2014 for the setup and migration of BIA related applications
- Create a project plan for the setup of the DC and migration of the BIA related applications till 2014.
- Steer a multinational project team with (20) team members from UK, Germany, ZA, Singapore and China
Achievements:
- Successful setup of new DC in Beijing, operated by central IT team
- Successful migration of all BIA related applications into the new DC
- In time and budget project
2011
Customer: Verdasys / Evangelist
Background:
- Verdasys is the leader of EIP (Enterprise Information Protection) solutions worldwide.
Tasks:
- Leading the Verdasys EMEA team to define customer based use cases to protect sensitive information against unauthorized usage.
- Consult the customers to get work council agreements / company agreements in EMEA. Especially in Austria, France and Germany is the introduction of DLP solutions a very complicated and difficult process.
Achievements:
- Key note speaker at Enterprise Security Exchange in Brussels “Information risk management and information governance”
- Several works council agreements in EMEA
- Presales support EMEA
2011
Customer: BBA
Role: Senior Security Advisor
Background:
- BBA is a JV between BMW AG and Brillicance Ltd, with locations in Beijing (Sales & Marketing) and Shenyang (Plant and HQ).
Tasks:
- Consult BBA in the definition of the newly created CISO function
- Support of the new CISO in the creation of a security policy
- Steer an Audit delivered by E&Y.
- The audit findings needed to be prioritized and categorized to define action plan across the different departments. Furthermore was my job to prepare and lead a security coaching for the top management level and to follow up the implementation of the agreed security policy.
Achievements:
- Definition and implementation of CISO function
- Update of existing (general) security policy, creation of IT security policy
- Data classification policy
- Top level management security awareness coaching
- Finalized ISO 2700x security audit report
- Action plan to eliminate findings out of the audit report
2011
Customer: Siemens China
Role: EIP Senior Consultant
Background:
- SLC (Siemens Limited China) has to implement a DLP (Data Leakage Prevention) solution for all business units.
Tasks:
- Consult the project team to identify use cases
- Explain the CIO’s and CISO’s of all sectors the project scope and advanced possibilities of EIP solutions
Achievements:
- EIP use cases are defined for all business units
- Pilot project started successful in November 2011
- Project start Q1 / 12
2011
Customer: Siemens AG
Role: EIP Senior Consultant
Background
- Siemens HQ picked up the EIP project of Siemens China and started evaluation project for Siemens worldwide.
Tasks
- Definition of the functional requirements that the DLP product has to fulfill
- Best practice work shop to design worldwide operation model
Achievements
- Global frame contract with DLP vendor
- Definition of functional requirements for product customization
- Definition of operation model of DLP infrastructure
2011 - 2010
Customer: BMW AG
Role: Senior Security Consultant
Background
- BMW started a feasibility study to proof if existing DLP solutions can support BMW security requirements.
Tasks:
- Consulting a team from the BMW innovation center in Greenville / US, the Clemson University and RSA to define use cases according to BMW security policies and compliance rules
- Test of defined use cases in pilot environment.
Achievements
- Successful proof of DLP solution
- Defined use cases according to BMW rules
- RFI document to start technical evaluation of Vendors
other projects on request
