• Define security concept for all relevant applications running on the platform.
• Connect applications to BMW central SOC / Splunk.
• Regular Pen tests, IAST / SAST / DAST scans.
• Assure compliance with BMW regulations.

Background:

• BMW Group provides B2B and B2C services like CarData, FleetData, or Catena X via AWS cloud apps. 

Achievements (so far):

• Security KPI of over 95% achieved.
• Compliance KPI of over 90% achieved.

• Cloud Vendor Assessments (CVA) based on DCSO defined security domains (NIST/ISO)

Background:

• DCSO conducts the Cloud Vendor Assessments (CVA) for VW, BASF, Bayer and Allianz.
• All cloud-based solutions that shall be used, needs to pass a CVA

Achievements:

• Conduct successful over 10 assessments in 2022
• Conduct successful over 10 assessments in 2023

• Define Information Security (IS) roadmap till 2025.
• Implement an ISMS according to ISO 27001, enriched with NIST-800 and NIST CSF controls.
• Setup worldwide IS organization.
• Setup of a worldwide 24/7 Incident Response Team.
• Conduct a Business Impact Analysis and TCM/BCM concept.

Background:

• Ottobock is a healthcare company with more than 400 locations in over 50 countries with 8K plus employees.

Achievements:

• Approved Information Security (IS) strategy/policy.
• Approved and published IS und GRC policies.
• IS awareness concept in place.
• IS Management Cockpit with defined KPIs.
• PMI Risk Assessment defined.
• Security Incident Response Team established.
• MDR Security Operation Center established.

• Interim CISO for EMEA

Background:

• Evident Scientific is a spin-off from Olympus.
• During 2022 the curve out was prepared and executed end of 2022.

Achievements:

• Defined PPP Framework
• IT-risk register EMEA established.
• UK Cyber Essentials certificate accomplished
• ISO 27001:2022 Maturity Assessment conducted 

• Conduct Data Privacy Audits.
• Implement technical and organizational measurements.
• General GDPR officer activities.

Background:

• Linkando.com offers a workplace solution with team rooms and call/video conference function
• Data Privacy Officer needed according to GDPR

Achievements:

• Implemented Data Privacy Management System.
• Create and maintain RPA
• Establish DPA with all sub-contractors and suppliers.

Background:

• BMW Group provides B2B and B2C services like CarData or FleetData via connected drive /OpenShift infrastructure.
• OpenShift platform hosted in AWS Cloud.

Achievements:

• Security concept passed BWM internal Audit without any major or medium issue.
• Interface to BMW SOC/Splunk established.

• As-is analysis of existing IT-Infrastructure and IT-Services
• As-is analysis of Business processes and mapping of Business process to IT-Services
• Evaluate options for future IT Strategy and -organization
• Propose future IT Strategy, based on the evaluated options

Background:

• Allianz Warranty (AZWA) is an independent Business Unit of Allianz Partners in Germany.
• Decision about the IT Strategy for the next 5 years outstanding (Integration into Allianz World, staying independent, Hybrid model).

Achievements:

• As-is documentation created
• Business processes reviewed with Business Impact Analysis
• IT-Strategy defined
• Handover to IT Manager to prepare rollout of defined IT-services and processes.

• Responsible for the alignment of the different project pillars.
• Responsible for the overall project budged controlling.
• Responsible for the alignment between projects and local CIO´s for whole APAC region.
• Responsible for the steering of the project execution.

Background:

• Allianz Information Transition (AIT) projects are mandatory for all Allianz entities worldwide.
• Including DCC (Data Centre), AVC (Virtual Client), GM (Global Mail), AGN (Network), AGN security services (VPN, RAS, Proxy).

Achievements:

• Successful rollout of AGN, AGN security services and GM in 2018.
• Rollouts for AVC and DCC in 2019.

• Profit and Lost responsibility for AVC program.
• Align with Organization Entities (OEs) the rollout plan for AVC.
• Escalation counterpart for management of OE.
• Steer rollout preparation and rollout execution.
• Responsible for the AVC architecture team, package factory, engineering department, rollout team, PMO, finance team (internals and externals).
• Reporting to top management of Allianz SE.

Background:

• Allianz Virtual Client (AVC) is the mandatory Workplace solution for all Allianz OEs worldwide with 140K users.
• Annual program budget approximate 20M Euro.
• International project team with over 70 members.
• Program started in 2013.

Achievements:

• Customization of AVC solution to fit 24/7 operation model of Allianz Partners.
• Rollout of AVC to over 70K users in Europe and APAC till end of 2018.

• Create internal security organization for over 20 locations/business units in Germany.
• Define information security policy according to BSI and ISO standards and consult the management in all topics related to information security.
• Execute audits and follow-up audit findings.

Background:

• Zentrum für Psychatrie is a public healthcare organization with several thousand employees.
• Need information security officer to define and implement information security concept.
• Security concept based on BSI 100-x and ISO 27xxx.
• Setup and maintain ISMS.

• Collect and align all IT-Security relevant requirements within BMW Group.
• Create a new SAP IT-Security concept as blueprint.
• Test new SAP IT-Security concept in production and define worldwide rollout plan.

Background:

• BMW Group need new IT-Security blueprint for all SAP systems worldwide.

Achievements:

• New SAP IT-Security concept created.
• Proof of concept with one productive SAP system in Munich.
• Create worldwide rollout plan and align with all relevant parties.
• Handover to Rollout Manager.

• Create new IT organizational concept, based on Cobit 5 framework.
• Define IT operational handbook with process and role description, based on Cobit5 framework.
• IT architecture consulting for Cloud solution.

Background:

• KIVBF changes whole service delivery to Cloud solution.
• Need new IT organization and operational concept for service delivery to all public authorities in Baden Württemberg. (3500 Customers).

Achievements:

• Pilot successful running since January 2015.
• IT organization concept implemented, and existing staff migrated into new structure.
• Cloud operations defined and implemented.

• Define and align overall project plan.
• Prepare decision paper for CIO after initial analysis of as-is and definition of business and IT requirements.
• Align with involved stakeholders from suppliers, internal IT, and business the execution of the project plan.
• Project controlling (cost, budget, resources, milestones).

Background:

• Design new DC concept based on business and IT requirements collected during the design phase.
• BIA with RTO / RPO.
• Regulatory requirements of several countries, including Luxembourg, France, Germany, Italy, UAE, Malaysia.

Achievement:

• Consolidation of DC infrastructure from worldwide 6 to 2 data centers.
• Introduction of DR concept for all business lines.
• Improvement in the overall operations and reduction of IT costs

• Create business proposal to collect and summarize all requirements from business, IT and legal.
• Define information protection / DLP concept.

Background:

• BDSG officer requested a concept to secure customer PII related information.

Achievements:

• Finalized DLP concept.
• Successful PoC with 10 different use cases from TNS.
• Project / roll-out and handover to operations.

• Overall steering of IT related activities at BMW in Munich for the Butterfly project at BBA.
• IT Budget planning.
• Identify dependencies and risks within the deliverables of the involved business and IT departments.

Background:

• BMW JV in China (BBA) prepare the start of a new Brand in China, focused on NEV (New Energy Vehicle).

Achievements:

• Overview of IT activities within BBA and BMW for Butterfly project.
• Synchronize timelines and efforts to secure IT deliverables within the business scope.

• Organize workshop with Business and IT stakeholder to clarify requirements.
• Create business and system proposal according to defined requirements, including necessary applications and tools.
• Define information security concept.

Background:

• Audi is in the process to setup an R&D Center in China and needs an information protection concept that fits business and security needs. Focus is on 3rd parties delivering (IT) services to Audi China.

Achievements:

• Definition of an overall information security concept to protect Audi R&D information against unauthorized access from IT suppliers.

• Preparation of DC bid and support purchasing in the process of commercial issues.
• Make a budget and invest plan for 2012 ? 2014 for the setup and migration of BIA related applications.
• Create a project plan for the setup of the DC and migration of the BIA related applications till 2014.
• Steer a multinational project team with (20) team members from UK, Germany, ZA, Singapore and China.

Background:

• BMW China made a BIA (Business Impact Analysis) and identified several critical applications, hosted in a server room in the office in Beijing.
• The phase2 of the project was responsible to setup a new DC in Beijing according to BMW standards and migrating business critical applications into the new DC.

Achievements:

• Successful setup of new DC in Beijing, operated by central IT team.
• Successful migration of all BIA related applications into the new DC.
• In time and budget project.