Christian Charles available

Christian Charles

Project Manager (DevSecOps SABSA, ISO27001/2, CISSP, CEH, ITIL, Lean Six Sigma Blackbelt).

Profileimage by Christian Charles Project Manager (DevSecOps SABSA, ISO27001/2,  CISSP, CEH, ITIL, Lean Six Sigma Blackbelt). from Alsdorf
  • 52477 Alsdorf Freelancer in
  • Graduation: SABSA, ISO27001/2, CISSP, CEH, MCSE, ITIL, Lean Six Sigma Blackbelt, Scrum Master
  • Hourly-/Daily rates: not provided
  • Languages: German (Full Professional) | English (Native or Bilingual) | French (Elementary)
  • Last update: 07.09.2020
Profileimage by Christian Charles Project Manager (DevSecOps SABSA, ISO27001/2,  CISSP, CEH, ITIL, Lean Six Sigma Blackbelt). from Alsdorf
IT SicherheitsExperte

You need an account to view this information.

Security Manager, Risk Manager, Program Manager, Project Manager, ISO27001  Lead Auditor, Information Security, ISO27001, Cloud, Office 365, SCCM, ITIL, Release Management, Big Data, SharePoint, Exchange, Policies, Excel, scalability, COBIT, IT Security, FMEA, SABSA, IBM, network design, Usability, SOX, ISOC, NOC, SaaS, Togaf, ISO 27002 frameworks, Data Processing, GxP, CISM, SAP, databases, SIEM, SAP & Azure, PKI, Security services, Enterprise Architecture, Symantec, Identity Management, POC proxy/web, HSM, Windows Server 2000, VERITAS, Backup Exec, Windows Server BEWS, Active Directory, Windows & Linux, Autodidact
  • 01/2020 - 05/2020

    • IT ERGO
    • 5000-10.000 employees
    • Insurance
  • Project Manager
  • Security Endpoint Harmonization

  • 11/2019 - 11/2019

  • Business Analyst, Information Security Consultant, Project & Service Manager
  • (Diverse EMEA Projects; ISO27001/2, Process Management; Service Manager, Application Migration)
    * Over 38 years' experience with designing, analyzing, implementing and managing complex
    projects within time and budgetary constraints
    * Responsible for development and implementation of IT & Business solutions, involving companies
    from small to enterprise in size:
    * Security Consultant at Gazprom
    * Security Consultant at Computacenter
    * Global Enterprise Security; supporting the CISO, Novartis
    * Cloud, Standalone business solutions; (complete office environment (Office 365))
    * Data Centre solutions (transition of physical to virtual (Centralization,
    * Software project management; supporting using SCCM (Deployment / Change Management)
    * Managing Changes; to enable Improved IT processes & Delivering Value to the Customer
    * Manage external providers & partners; SLAs´, event & incident management
    * Change Management, Problem Management, Escalations (ITIL)
    * Release Management (ITIL) SCCM
    * Software proof of concept (ensuring suppliers deliver as expected (IAM))
    * Defining expectations (ITIL (Lean Six Sigma DMAIC, DFSS, DMADV))
    * Measuring progress (GAP analysis & Continuous Improvement)
    * Analyzing process and data flow. (S.I.P.O.C)
    * Continuous Improvement; Improving upon all areas where possible
    * Implementing controls to ensure all are up to date
    * Continuous research of data output (Big Data)
    * Design implement and control SLA´s & OLA´s (With Vendors & Service Providers)
    * Day to day office 365 administration (SharePoint, Exchange; Policies etc.)
    * Excel Specialist; concerting mass information into well-defined dashboards
    * Consistent Management & Delivery of Quality
    * Stakeholder Management (KANO)
    * Measuring service quality (ITIL)
    * Analyzing GAP; Eliminating waste and reducing variation of service delivery
    * Reducing none value added processes to only essential (reducing costs)
    * Ensuring workflows are delivered as per customer demands
    * Continuous Improvement (Ensuring customer demands / satisfaction are met KANO)
    * Maintaining continuous control of processes, demands and delivery to SLA / OLA
    * Focus on stability and performance (System Optimization)
    * Risk Management
    * Communication
    * Constant communication with Sponsors & Stakeholders (Single point of contact)
    * Ensuring scalability is possible (Capacity Management)
    * Communication & Time Plan
    * Direct contact with all stakeholders and partners
    * Escalation Management (Dissolving conflicts)
    * Direct link between stakeholders and suppliers
    * Delivering customer satisfaction by understanding the voice of the customer
    * KANO
    * Coaching where necessary
    * Gap Management;
    * Ensuring root issues are solved as soon as possible
    * Being aware of deficiencies and how to reduce them to a level of acceptance
    * Recent Methodologies used:
    * Lean & Six Sigma
    * ITIL
    * COBIT
    * ISO 9000 & 27001
    * Lessons learned to turn information into knowledge
    * Comprehensive Reports
    * Celebrating and recognizing success

  • 11/2019 - 11/2019

  • * Security Manager, ISMS; Hands-On Incident handling
    * Handling sensitive cases including personal data (GDPR)
    * On-Site Security Incident Manager (Project & BAU)
    * On-Site Security Architect assisting workplace projects (SPOC for security)
    * On-site IT Security Service Manager for Bombardier Transport (Security as a Service Manager
    (End to End Service Delivery))
    * Define, Design, Implement and Operate SOC & ISMS
    * Project & Day to Day Risk Analysis; (FMEA) end to end lifecycle management (events &
    * Responsible for project reviews and advising stakeholders on security and compliance

  • 11/2019 - 11/2019

    • Bombardier Transport
  • * Security advisor for major endpoint rollout coordination
    * Security advisor for all applications (from requirement, design and implementation)
    * Stakeholder Management; SPOC for all security matters both internal and external
    * Frameworks used SABSA, ITIL, ISO27001/2
    * Methodology used Lean Six Sigma
    * On-site security manager; reporting direct to Novartis Global CISO
    * Security liaison officer for Novartis; working with IBM and BT (3rd Party Service Providers)
    * Best practice and continuous improvement (PDCA (ITIL))
    * SPOC; Main focal point of contact for both internal and external stakeholders (Meeting Weekly
    to ensure problems were solved asap and root causes were investigated to prevent repetition
    where possible)
    * Security Quality control to ensure 3rd party providers were meeting SLA´s
    * Security Project compliance advisor, risk assessment (POC (Low level design assessment))
    * Responsible for POC for security applications (IAM)
    * Recommending initiatives for Business, IT and Security sensitive assets
    * Providing analysis for development of policies and standards to meet infrastructure,
    application and network design, including 3rd Party due diligence
    * Asses key trends and reports those findings as and when they arise
    * Providing analytical support for planning, execution, monitoring and ramification of Security
    policy and standards
    * Dealing with conflicts: Security, Usability and Cost Control
    * Contextual, Conceptual, Logical, Physical and Component Security Architecture configuration
    * Methodologies and Compliance / Regulations used
    * GxP, SOX, ITIL, ISO 27001/2, SABSA, ICE, Lean & Six Sigma
    * Framework SABSA (SOC, ISOC, NOC, SaaS)
    * Leads others to resolve complex administrative, logical and technical problems
    * Innovates and optimizes processes in alignment with customer SLAs, OLAs, Objectives and
    * Project planning and supporting technical and resource issues, goals, standards and procedures
    * Implement appropriate framework (ISO 27001), end-to-end lifecycle management
    * Global Standardization with Togaf, SABSA, COBIT, ITIL and ISO 27002 frameworks
    * Consultation on local and global Business, Application, System and Information architectures
    * Consultation on Management and Governance: Risk Management Architecture
    * Project Manager: Operation Service Management, Applications, Service Integration, Information
    Transfer and Data Processing (IAM)
    * New technology evaluation to propose improvements in efficiency, agility and service levels
    * Technical know-how to provide in-depth analysis and subsequent C level presentation
    * Presenting technologies to all levels of management and technical staff
    * Ensuring efficiency by design, implementation and after support
    * Monitoring and evaluating current data (input and outputs), to recommend performance
    * Experience within validation environments: ISO, ITIL, Basel II, SOX, GxP, COBIT
    * Security Consultant; Gazprom
    * Process Quality Management; Wood Green
    * CISM; Computacenter
    * IT & IS Transition Advisor; Thyssenkrupp (Security Lead Project coordinator for SAP and all

  • 11/2019 - 11/2019

    • AXA-Tech
  • On-Site Security SIEM Project Manager & Security Incident Manager
  • * Defining & Designing SIEM & Handling day to day Security Incidents

  • 11/2019 - 11/2019

    • AXA
  • On-Site Security Incident Manager
  • * On-site Project Manager; Application Readiness (Global Data Centre & Application
    * On-site Project Manager & Lead Security Architect for Bombardier Transport
    * On-site IT Security Service Manager for Bombardier Transport
    * On-site Security reviewer for Global 200,000 user rollout coordination
    * SAP & Azure Hybrid Office 365
    * On-site Security reviewer for all IT migration projects (from requirement, design and
    implementation (Data Centre, Applications, Data)
    * Areas of responsibility; Concept, Physical, Logical, Component & Administrative layers
    * Methodologies used:
    * Lean & Six Sigma, Agile, SABSA, TOGAF, COBIT, ITIL
    * Logical Security Architecture (SABSA)
    * Certificate management architecture (PKI)
    * Directory service architecture (AD)
    * Access Control architecture
    * Service Management architecture
    * Incident response architecture
    * Business Information Model
    * Information architecture
    * Static & Dynamic Information
    * Business Transactions
    * Security Policies
    * Theoretical perspective
    * Security policy architecture
    * Security services
    * Prevention services
    * Containment services
    * Detection and notification services
    * Event collection & tracking services
    * Recovery & restoration services
    * Assurance services
    * Security service integration
    * UID, registration, PKI, certification, directory service, information model etc

  • 01/2019 - 11/2019

    • Wood Green
  • Information Security Consultant
  • * HR Process (Improvement)

  • 01/2016 - 11/2019

    • AXA
  • Incident Manager

  • 01/2016 - 11/2019

    • AXA
  • Security Architect

  • 01/2015 - 11/2019

    • None-Standard Requests
  • Service Manager

  • 04/2018 - 01/2019

    • Computacenter; ThyssenKrupp
  • Security Consultant
  • * Security Project advisor; ISO 27001
    * Proof of concept auditor (proofing multiple service provider solutions)
    * Defining Security Concept design to align with ISO27001
    * Measuring & Analyzing Service Provider service quality

  • 10/2017 - 04/2018

    • Celesio
  • On-Site Security SIEM Project Manager
  • * Define & Design SIEM
    * February 2017 to March 2017

  • 10/2014 - 01/2017


  • 01/2014 - 01/2015

    • Bombardier
  • IT Security Project and Service Manager

  • 03/2013 - 09/2014

  • Users):
    * Security Service Manager for 3rd Party Suppliers e.g. IBM and BT
    * CTQ (BYOD) Business and Security Process (Value Added and None Value Added)
    * KRI / KPI Reporting
    * Risk Management
    * BYOD Security concept, implementation and support
    * Global Information Technology Security Manager (BYOD, Procurement
    * Security Risk Assessments (Internal infrastructure and external products)
    * Security concepts and architect solutions
    * Security contracts with 3rd Party suppliers
    * Using Lean Six Sigma methodology - ICE Methodology

  • 01/2013 - 01/2014

    • Novartis
  • IT Security Manager Solutions

  • 07/2012 - 02/2013

  • * Information Technology Security Manager
    * Business Security Architecture (Strategy Alignment)
    * Data Lifecycle Migration (Data Centre, DR, BIA, GDPR)
    * Business continuity and Disaster Recovery
    * Enterprise Architecture Solutions
    * Operational awareness and to ensure all processes and procedures alignment
    * Quality and Compliance Control, SOX GxP
    * IT Security Audits ISO 27001

  • 01/2012 - 01/2013

    • Solutions
  • IT Security Manager

  • 02/2009 - 07/2012

  • Server Security Analyst (Global Data Centers) Project Manager (Data Centre)
  • * Single point of contact for security, incidents, compliance and stakeholder/sponsor adviser
    * Internal Security Audit, Risk Analysis and Report with recommendations
    * Global Security Infrastructure and Architecture, planning, implementation and support
    * Global event and risk handling, reporting and support
    * Collation of threat information and informing management on current security risk levels and
    available solutions
    * Creation of Senior Security Role, creation of security analyst role
    * High quality documentation: Policies, Standards, Procedure and Guidelines
    * Global Symantec Endpoint Protection Implementation, replication and support
    * SCCM concept and best practice for implementation to manage a large global Server
    * Access and Identity Management, Biometric, remote access, AAA
    * BYOD
    * Data loss prevention, POC proxy/web security solutions
    * Application compliance, (Security Baseline - SOX, GxP, Basel)
    * Security Strategies, Analysis and POC for the security software and recommendations (GAP
    analysis and Solution presentation). Continuously in contact with leading vendors to give
    security agility
    * HSM Security concept, installation and continuous maintenance
    * Windows Server 2000 to 2008
    * Symantec Security Products
    * 3rd Level Support - Security events, issues and problems (working alongside product

  • 05/2008 - 02/2009

  • Projects:
    * On-Site Security Consultant, ensuring managed services aligned with regional and global
    * Ensuring policy definition and scope were consistent and agreed upon by multiple
    * Conflict handling (with both and or between) internal and external stakeholders
    * IT Solutions for Small, Middle and Enterprise size companies
    * Information Security and Risk Management analysis with solution recommendations
    * Identity and Access Management
    * Asset management; organization, governance and compliance of information ISO27001, GxP and
    * Small, Medium and Enterprise Security Architecture Design
    * Physical Security analysis, with solution recommendations (CCTV)
    * Small, Medium and Enterprise Business Continuity Solutions
    * Disaster Recovery Solutions and Good Practices
    * Data Life-cycle Management Solutions
    * High-level documentation for Compliance (Policy, Procedures and Guidelines
    * Operations Security (Incident Management)

  • 02/2005 - 04/2008

  • EMEA Senior Trainer & Consultant
  • * Customer orientated, training, consulting and or pre-sales responsibilities
    * Customer satisfaction via after sales support
    * General Consultancy (Best Practices)
    * EMEA Backup Exec Trainer & Consultant
    * Enterprise Vault Trainer & Consultant (Archiving & Compliance)

  • 08/2003 - 02/2005

    • Veritas (Now Symantec)
  • Senior Support Engineer & Trainer
  • * Global Windows Server BEWS Support Engineer
    * Fast and predictable response times
    * EMEA Backup Exec Trainer & Consultant
    * Enterprise Vault Trainer & Consultant (Archiving & Compliance)

  • 01/2001 - 12/2003

  • EDV TRAINER IT Trainer / Coach
  • * Security and Access Control Design and Infrastructure (Active Directory)
    * Windows & Linux environment

  • 01/1997 - 01/2001

    • Self-Employed
  • Golf Professional Trainer
  • Diploma Certificate (10 years required)

  • 01/1995 - 01/1996

    • United Friendly Financial Planning
  • Financial Advisor

  • 01/1989 - 01/1995

    • Sussex Police Force
  • Police Constable
  • * Work under pressure
    * Analysis (Thinking outside of the box)
    * Conflict resolution
    * Handling Emergency life & death situations
    * Results driven (top achiever)

  • 01/1979 - 01/1989

    • British Army, 2nd Battalion Parachute Regiment & Queens Life Guards
  • None-Commissioned Officer
  • * Team Leader.
    * Out of the box, Out of the comfort zone, Attention to detail
    * Team work, leadership, responsibility, discipline, initiative, setting goals and
    achieving them
    * Top achiever
    * Physical Training Instructor
    * Combat Medic, Weapons Instructor

If you take the time to visit my website (link above), you will benifit by seeing the vast quality and experience that I bring to assit you in the areas of information and quality process management.

Wenn Sie sich die Zeit nehmen, meine Website zu besuchen (Link untern), werden Sie von der enormen Qualität und Erfahrung profitieren, die ich ihnen in den Bereichen Information und Qualitätsprozessmanagement einbringe.