Projects

• Definition, initiation and control of the strategic IT Security initiatives as well as ensuring their operational implementation. Initiatives currently under implementation in detail:
  • Secure IT Architectures
  • Secure Software Development Lifecycle
  • Situational Awareness (in particular establishment of an "IT Security Operations Center" as a Managed Service)
• Initiation and roll-out of a Security Education & Awareness program, including crisis management exercises for senior management.

Responsibilities

• Establishment and disciplinary management of the IT Security Management team.
• Definition and implementation of the IT Security Management strategy.
• Design, implementation and optimization as well as European coordination and harmonization of IT Security Management.

• Definition, initiation and control of the strategic IT security initiatives as well as ensuring their operational implementation. Initiatives in detail:
  • Secure IT Architectures
  • Identity Governance & Management
  • Secure Software Development Lifecycle
  • Situational Awareness (in particular establishment of an "IT Security Operations Center" as a Managed Service)
  • IT Supply Chain Management
• Establishing international co-operation, including the harmonization and consolidation of relevant IT solution components
• Definition and establishment of the organizational and procedural interfaces to Information Security functions within RWE.
• Sub-project management for the topic of "Security Governance, Risk & Compliance" (consisting of data protection, information security and IT security management) as part of the sale of RWE IT’s data centers and the transfer of their operation to an Indian IT service provider
• Involvement in the preparation of the strategy paper "IT Security for NRW 4.0" within the corresponding work group of the Ministry of Innovation, Science and Research of the State of NRW.

Responsibilities

• Professional and disciplinary management of the IT Security
  Management team (6 FTEs)
• Restructuring and further development of the IT Security Management function within the CIO Office of RWE IT GmbH
• Design, implementation and optimization as well as transnational coordination and harmonization of IT security management
• Representation of IT Security within RWE IT towards the management and the operational units as well as towards RWE’s Group Security, internal customers and external parties
• Establishment and support of national and international research and development co-operations with universities located in NRW on the subject of IT Security

Projects (Examples)

• Definition of IT security guidelines and IT architecture requirements as well as their implementation. Examples:
  • Restructuring the RWE Corporate Network to establish IT security domains
  • Use and integration of cloud services (IaaS, PaaS, SaaS)
  • Use and integration of mobile devices
• Establishment of the Group’s Corporate IT Security Center (process blocks: Incident Prevention & Handling, Technical Monitoring & Reporting, Standardization & Audit)
• Strategic introduction of vulnerability management and intrusion prevention systems
• Deputy overall project management for the transfer of all TSO (Amprion GmbH) IT systems and IT services to a new IT service provider to meet legal unbundling requirements as well as sub-project management for IT security, including the specification of a new IT security policy for the TSO
• Consulting and support of RWE Power in the development and implementation of an IT security strategy for process control systems of lignite-, coal- and gas-fired plants
• Consulting and support of RWE Power in the implementation of legal and/or official IT security requirements and regulations for nuclear power plants

Responsibilities

• Responsibility for IT Security within Group IT Governance
• Representation of IT Governance in the international bodies for IT Architecture Management