Upgrade Post project
Profileimage by Florian Maass IT Security Berater from Schwalbach

Florian Maaß

Schwalbach
available

Last update: 04.12.2023

IT Security Berater

Company: threategic GmbH
Graduation: Fachabitur "Kaufmännische IT", Ausbildung zum IT Kaufmann
Hourly-/Daily rates: show
Languages: German (Native or Bilingual) | English (Full Professional)

Keywords

Computer Security Certified Information Security Manager Information Governance IT Risk Management Information Security Management ISO/IEC 27000-Series Information Security Management System Single-Strand Conformation Polymorphism Risk Management

Skills

I am a highly organised, motivated, and self-sufficient Information Security Consultant with experience in a broad selection of areas within Information Security. I am expanding my knowledge to as many different areas as possible to be able to look at Information Security as a whole, not as a tiny picture in a frame. This, and great skills in teamwork, amazingly fast learning and able to adapt to any situation, makes me a great extension to any team or project.

Skills
  • Risk Management & Assessments
  • Information Security Governance
  • Project Coordination
  • Information Security Officer
Certifications
  • CISM
  • SSCP
  • ISO27k1 foundation
  • ITIL foundation
  • Azure Fundamentals (AZ900)

Project history

04/2022 - Present
IT Risk Management & Assessment Coordination
Financial Service Provider (Banks and financial services, 500-1000 employees)

As part of a BaFin Finding the project is directed to complete risk assessments for all critical applications and infrastructure. Due to the time criticality the customer required additional manpower and know-how to achieve the objectives accordingly. I was integrated into the existing team to review completed assessments before submitting them but also to support assessors to fulfill their task of creating the required documentation and to support the team to develop processes and how-to’s to enhance the overall project quality.

Key Qualifications & Responsibilities

  • Review risk assessments and discuss the results with asset owners.
  • Support asset owner on their task to create documentation and answer the control requirement catalogue.
  • Develop and enhance procedures and processes in the coordinating team to improve performance and communication for the project.
06/2022 - 08/2022
Cloud Solution Architect
Holding Company (Other, < 10 employees)

Planning, Evaluation, Conception, Testing and Implementation of two separate cloud-based solutions. One solution is targeting an archive storage solution with maximal focus on anonymity and security. The second solution is an active productive environment including mail exchange, storage and IAM for the employees of the costumer.

Key Qualifications & Responsibilities

  • Conducting sufficient market analysis to select suitable vendor and provider
  • Planning and Conception of the final environment based on the costumer preferences.
  • Implementation of the infrastructure including all required software and hardware installation.
  • Documentation and Hand-Over to finalize the project.
  • Self-Sufficient Project Management
01/2021 - 03/2022
Information Security Governance & Risk Reviewer
Financial Service Provider (Banks and financial services, 1000-5000 employees)

The customer increased its maturity of cyber security a lot over the last years, rolling out new standards and policies for all entities within its scope. As it is now time to ensure the compliance with those standards all entities are required to self-assess the compliance status and our job is to review these assessments and manage the risk register accordingly.

Key Qualifications & Responsibilities

  • Working remotely and self-sufficient on reviewing self-risk-assessments.
  • Workload management is done by each ISGR review separately. I must balance criticality of assessments, workload and number of assessments with the time available.
  • Working with tight schedules and deadlines under high-pressure.
02/2021 - 03/2021
IT Infrastructure Architect
IT Service Provider (Internet and Information Technology, < 10 employees)

The goal of this project was to provide a fully functional Infrastructure based on Office 365. Due to the size of the costumer MS Azure was not the go to solution. I used the available functionality of Office 365 to provide:

  • A simple Sharepoint Page as Information Gateway to employees and contractors.
  • A cloud storage with role-base access mode.
  • Mailboxes and Certificates
11/2019 - 11/2020
Technology Service Analyst / Project Coordination
Global Financial Service Provider (Banks and financial services, >10.000 employees)

I was part of a team responsible for a new developed Application Connectivity Request System. I was coordinating multiple subprojects, teams, and corresponding stakeholders. As this tool is a huge security gate there was a lot of pressure timewise and content wise. I was responsible for a team working on a subproject which consolidated all common services into one configuration.

Key Qualifications & Responsibilities

  • Communication between project teams, clients, and CIO.
  • Coordination of different teams with different topics, documentation of meetings, capturing and follow-up of progress and communication of solutions to stakeholders.
  • Development of logical solutions to different problems, co-ordination of realization of those solutions.
04/2018 - 11/2019
Information Security Officer
Automotive Supply Industry (Automotive and vehicle construction, >10.000 employees)

Our team replaced the Security Information Team in the headquarters of this global concern with more than 80 sub businesses. We took over the implementation of an ISMS to parts of that concern and developed a Information Security Strategy and Program in alignment with the Business Strategy.
I was also responsible for the global implementation of self-assessment tool to capture the information security situation for the whole concern.

Key Qualifications & Responsibilities

  • Development of an Information Security Strategy and Program in alignment with the business goals.
  • Advising the headquarters on all Information Security relevant topics.
  • Supervising the development of a self-assessment tool in Kansas City USA and the global roll-out.
  • Coordination of a global Information Security Self-Assessment in alignment with ISO/IEC 27001.

Certifications

ISMS Security Officer (ongoing)
ICO
2023
Certified Information Security Manager
ISACA
2019
ISO 27001 Foundation
TÜV Süd Akademie
2019
System Security Certified Practitioner
ISC²
2018

Local Availability

Open to travel worldwide
Primarely remote
Frankfurt Area full-time on-premise possible
Germany partially on-premise possible.
Profileimage by Florian Maass IT Security Berater from Schwalbach IT Security Berater
Register