Informationssicherheit, Informationsicherheitsmanagement, ISO27001, Secure Development Lifecycle
Aktualisiert am 10.11.2025
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.12.2025
Verfügbar zu: 80%
davon vor Ort: 50%
Informationssicherheit
Sicherheitsmanagement
Sicherheitsanforderung
ISO 27001
IT-Grundschutz
OWASP SAMM
Secure Development Lifecycle
Threat Modeling
Auditor
UML
COBIT
TOGAF
Enterprise Architect
Requirements Engineering
ISO 27017
ISO 27018
ISO 27019
Cyber Threat Intelligence
English
business fluent

Einsatzorte

Einsatzorte

München (+50km) Garmisch-Partenkirchen (+50km)
Deutschland
möglich

Projekte

Projekte

2020 - heute: Development and implementation


Rolle: IT Security Consultant and Co-Founder

Kunde: [Firmenname auf Anfrage]


Projekte

  • Development and implementation of a CTI Lifecycle for a large and global company in the logistics sector
  • Chief Information Security Officer at various companies
  • Security checks and audits based on ISO27001 and IT-Grundschutz
  • Lead Auditor ISO/IEC 27001 (certification audits)
  • Development and implementation of an ISMS for multiple companies and different industry sectors
  • Structural Analysis (IT-Grundschutz Strukturanalyse)for a large insurance company
  • Development and implementation of a Secure Development Lifecycle (SDLC, OWASP SAMM)
  • Lecturer at HDBW in Munich for Secure Software Engineering and Threat Modeling
  • Workshops and trainings on Secure Development Lifecycle and Threat Modeling
2020 ? 2021: Development of the overall security architecture


Rolle: Lead Security Architect

Kunde: FI-TS GmbH & Co. KG


Aufgaben:

  • Consultant for the 1st line of defense in order to derive security measures from high level security requirements
  • Cryptograhy Officer

2016 ? 2019: Development and validation of security KPIs


Rolle: Senior IT Architect in IT Innovation

Kunde: on request


Aufgaben:

  • IT Lead, Business Analyst and IT Architect in innovation initiatives, e.g. automatic underwriting platform for primary insurance and reinsurance business, cyber insurance pricing, mobile app for applicants
  • Development and validation of security KPIs for cyber risk assessment Engagement in digital transformation as speaker for ?Digital Insurance
  • Platforms? (as part of a training series ?Digital Business?)
  • Quality improvement in IT innovation initiatives by implementing threat modeling

2006 - 2016: Application Development


Rolle: Senior IT Architect

Kunde: auf Anfrage


Aufgaben:

  • Senior IT Architect for the overall application architecture of the reinsurance core applications (risk assessment, pricing, accumulation, policy management und reporting)
  • Technical Lead and Coach for up to 30 Requirements Engineers and IT Architects
  • Head of the global Requirements Engineering Community consisting of representatives from all IT locations

2000 - 2006: Application Development and IT Strategy


Rolle: IT Architect

Kunde: auf Anfrage


Aufgaben:

  • Design and implementation of different underwriting applications for the reinsurance business
  • Design and implementation of a tool to manage the global IT landscape (Enterprise Architecture)
  • Customization and implementation of a software engineering process for object oriented development based on the Rational Unified Process

1997 - 2000: including project consulting and coaching


Rolle: IT Architect and IT Auditor

Kunde: IZB Soft GmbH & Co. KG


Aufgaben:

  • Developer, Designer and Project Manager for Java frameworks, including project consulting and coaching
  • Internal and external audits with focus on client/server applications andnetwork infrastructure

1994 - 1997: requirements engineering, process and data modelling

Rolle: IT Consultant

Kunde: Danet GmbH


Aufgaben:

  • Business analyst responsible for requirements engineering, process and data modelling and user interface design

Aus- und Weiterbildung

Aus- und Weiterbildung

6 Jahre
1987-11 - 1993-10

Informatik

Diplom Informatiker, Technische Universität München
Diplom Informatiker
Technische Universität München
8 Jahre 9 Monate
1978-09 - 1987-05

Schülerin

Allgemeinen Hochschulreife, Mathematisch-Naturwissenschaftliches Gymnasium in München
Allgemeinen Hochschulreife
Mathematisch-Naturwissenschaftliches Gymnasium in München

Kompetenzen

Kompetenzen

Top-Skills

Informationssicherheit Sicherheitsmanagement Sicherheitsanforderung ISO 27001 IT-Grundschutz OWASP SAMM Secure Development Lifecycle Threat Modeling Auditor UML COBIT TOGAF Enterprise Architect Requirements Engineering ISO 27017 ISO 27018 ISO 27019 Cyber Threat Intelligence

Produkte / Standards / Erfahrungen / Methoden

PERSONAL PROFILE
I offer consulting, coaching und training in information security. My focus is on information security management (ISO27001, IT-Grundschutz), secure software development and security architecture. As ISO 27001 Lead Auditor I perform external and internal audits for companies.

As Lead Security Architect and Senior IT Architect with over 20 years experiences in large, global and complex IT projects, I provide an extensive and deep technical know-how, strong communication skills and competencies in technical leadership, coaching and training.


AREAS OF EXPERTISE

  • Information Security Management
  • ISMS (ISO 27001, IT-Grundschutz)
  • Secure Software Development
  • Threat Modeling/Threat Intelligence
  • Security Architecture
  • Enterprise Architecture (Archimate)
  • Requirements Engineering and UX
  • UML Modeling
  • Agile Methods (SCRUM, Lean Start Up)
  • Insurance Business Processes

Branchen

Branchen

Insurance (Primary and Re-Insurance), Banking

Einsatzorte

Einsatzorte

München (+50km) Garmisch-Partenkirchen (+50km)
Deutschland
möglich

Projekte

Projekte

2020 - heute: Development and implementation


Rolle: IT Security Consultant and Co-Founder

Kunde: [Firmenname auf Anfrage]


Projekte

  • Development and implementation of a CTI Lifecycle for a large and global company in the logistics sector
  • Chief Information Security Officer at various companies
  • Security checks and audits based on ISO27001 and IT-Grundschutz
  • Lead Auditor ISO/IEC 27001 (certification audits)
  • Development and implementation of an ISMS for multiple companies and different industry sectors
  • Structural Analysis (IT-Grundschutz Strukturanalyse)for a large insurance company
  • Development and implementation of a Secure Development Lifecycle (SDLC, OWASP SAMM)
  • Lecturer at HDBW in Munich for Secure Software Engineering and Threat Modeling
  • Workshops and trainings on Secure Development Lifecycle and Threat Modeling
2020 ? 2021: Development of the overall security architecture


Rolle: Lead Security Architect

Kunde: FI-TS GmbH & Co. KG


Aufgaben:

  • Consultant for the 1st line of defense in order to derive security measures from high level security requirements
  • Cryptograhy Officer

2016 ? 2019: Development and validation of security KPIs


Rolle: Senior IT Architect in IT Innovation

Kunde: on request


Aufgaben:

  • IT Lead, Business Analyst and IT Architect in innovation initiatives, e.g. automatic underwriting platform for primary insurance and reinsurance business, cyber insurance pricing, mobile app for applicants
  • Development and validation of security KPIs for cyber risk assessment Engagement in digital transformation as speaker for ?Digital Insurance
  • Platforms? (as part of a training series ?Digital Business?)
  • Quality improvement in IT innovation initiatives by implementing threat modeling

2006 - 2016: Application Development


Rolle: Senior IT Architect

Kunde: auf Anfrage


Aufgaben:

  • Senior IT Architect for the overall application architecture of the reinsurance core applications (risk assessment, pricing, accumulation, policy management und reporting)
  • Technical Lead and Coach for up to 30 Requirements Engineers and IT Architects
  • Head of the global Requirements Engineering Community consisting of representatives from all IT locations

2000 - 2006: Application Development and IT Strategy


Rolle: IT Architect

Kunde: auf Anfrage


Aufgaben:

  • Design and implementation of different underwriting applications for the reinsurance business
  • Design and implementation of a tool to manage the global IT landscape (Enterprise Architecture)
  • Customization and implementation of a software engineering process for object oriented development based on the Rational Unified Process

1997 - 2000: including project consulting and coaching


Rolle: IT Architect and IT Auditor

Kunde: IZB Soft GmbH & Co. KG


Aufgaben:

  • Developer, Designer and Project Manager for Java frameworks, including project consulting and coaching
  • Internal and external audits with focus on client/server applications andnetwork infrastructure

1994 - 1997: requirements engineering, process and data modelling

Rolle: IT Consultant

Kunde: Danet GmbH


Aufgaben:

  • Business analyst responsible for requirements engineering, process and data modelling and user interface design

Aus- und Weiterbildung

Aus- und Weiterbildung

6 Jahre
1987-11 - 1993-10

Informatik

Diplom Informatiker, Technische Universität München
Diplom Informatiker
Technische Universität München
8 Jahre 9 Monate
1978-09 - 1987-05

Schülerin

Allgemeinen Hochschulreife, Mathematisch-Naturwissenschaftliches Gymnasium in München
Allgemeinen Hochschulreife
Mathematisch-Naturwissenschaftliches Gymnasium in München

Kompetenzen

Kompetenzen

Top-Skills

Informationssicherheit Sicherheitsmanagement Sicherheitsanforderung ISO 27001 IT-Grundschutz OWASP SAMM Secure Development Lifecycle Threat Modeling Auditor UML COBIT TOGAF Enterprise Architect Requirements Engineering ISO 27017 ISO 27018 ISO 27019 Cyber Threat Intelligence

Produkte / Standards / Erfahrungen / Methoden

PERSONAL PROFILE
I offer consulting, coaching und training in information security. My focus is on information security management (ISO27001, IT-Grundschutz), secure software development and security architecture. As ISO 27001 Lead Auditor I perform external and internal audits for companies.

As Lead Security Architect and Senior IT Architect with over 20 years experiences in large, global and complex IT projects, I provide an extensive and deep technical know-how, strong communication skills and competencies in technical leadership, coaching and training.


AREAS OF EXPERTISE

  • Information Security Management
  • ISMS (ISO 27001, IT-Grundschutz)
  • Secure Software Development
  • Threat Modeling/Threat Intelligence
  • Security Architecture
  • Enterprise Architecture (Archimate)
  • Requirements Engineering and UX
  • UML Modeling
  • Agile Methods (SCRUM, Lean Start Up)
  • Insurance Business Processes

Branchen

Branchen

Insurance (Primary and Re-Insurance), Banking

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.