11/10/2025 updated

**** ******** ****
Premium member
100 % available

IT Security- and Data-Privacy Audit, GRC, IT Architecture

Tallinn, Estonia
Germany +11
Mathematics and Computer science
Tallinn, Estonia
Germany +11
Mathematics and Computer science

Profile attachments

20251023 CV_AuditComplianceRisk_JM_DE.docx
20251023_CV_AuditComplianceRisk_JM_EN.docx

About me

Highly certified and multilingual IT security leader in Regulatory Compliance, Risk Mgmt, IT Governance - working across Europe: • IT Governance & Compliance. • Cybersecurity & Data Protection. • (Third-Party) Risk Assessments. • Project & Programme Mgmt. • Multicultural stakeholder management.

IT-Security-AuditorData Privacy OfficerISO 2700x-groupIEC62443ITIL ExpertISO 20000COBITVDA-ISA TISAXGRCEnterprise Architecture
Profile
Experienced Information Security and IT Governance professional with 30+ years of international consulting and leadership in cybersecurity, risk management, regulatory compliance, and IT service management. Proven expertise in critical infrastructure (finance, insurance, telecom, energy) and extensive certifications in ISO, ITIL, COBIT, PRINCE2, CISA, SCRUM. Skilled at aligning IT strategies with business goals, managing complex projects, and ensuring compliance with EU and local regulations (DORA, NIS2, GDPR, AI Act, KRITIS).

Key Experience
• Certified Information Security Officer, Allianz Suisse AG (2024–present)
Supports CISO in compliance, risk assessments, IT security framework management, and regulatory alignment (EU & FinMa).

• Owner/Consultant, ICT Project & Governance Consulting (Estonia & Finland, 2011–present)
Delivered IT governance, compliance, and risk projects for major banks, insurers, and automotive clients across Europe. Conducted audits (ISO 27001, ISO 20000, GDPR, IEC 62443, TISAX).

• Managing Director, Marabu Information Technology (1996–2009)
Led IT consulting and outsourcing services for banks, insurers, and SMEs. Oversaw teams, budgets, ITIL-based process improvements, and IT security projects.


Education & Certifications
• Mathematics, Computer Science minor – Free University of Berlin.
• Certified ISO 27001 Auditor, ISO 20000 Auditor, ITIL Expert, PRINCE2 Practitioner, SCRUM Master/Product Owner, CISA, COBIT (Foundation & Practitioner).
• Ongoing advanced training in IT security, data privacy, and regulatory compliance (latest in 2024).

Languages
• German (native), English (C2), Italian (B2), Dutch (B2), French (B1–B2).

Core Skills
• IT Governance & Compliance (EU & international frameworks).
• Cybersecurity & Data Protection (ISO 27000, GDPR, DORA, NIS2, AI Act).
• Risk Management & Third-Party Risk Assessments.
• Project & Program Management (PRINCE2, SCRUM, SAFe, Kanban).
• Multicultural stakeholder management, leadership, and training.

Languages

GermanNative speakerEnglishFluentFrenchBasic knowledgeDutchBasic knowledge

Project history

Certified Information Security Officer

Allianz Suisse AG - Zurich

Insurance

5000-10.000 team member

- IT Security Risk Management (ISRM):
  1. Controlling the implementation of IT security controls in the SoftwareDevelopment Life Cycle (SDLC) in cooperation with the DPO, IT Architecture and the Project Management Organisation;
  2. Controlling the implementation of IT security controls in IT Operations (Applications- and IT Service Operations, DevOps, Backup and Recovery, DisasterRecovery, Identity and Access Management (IAM), data encryption (data in transfer/rest), key and certificates management, CA operation));
  3. 3rd Party Risk Management (assessing external services against the IT Security Framework).
- Frameworks and Policies:
  1. Supporting CISO, Portfolio and Risk Management in alignment Portfolio-, Project- and Operational Risk Management processes within the SDLC acc. to ITIL/ISO 20000;
  2. Implementation of new/additional IT Security Controls and Quality Gates required by regulatory bodies (FINMA (CH), BaFin (DE), DORA (EU), NIS2 (EU)) into SDLC and CI/CD pipelines like STRIDE Analysis, Security/Cloud Design Pattern, SAST/DAST testing;
  3. Supporting CISO in the adaptation ot the IT Security and IT Risk Management Framework to new technical and organisational requirements (e.g. Cloud-Strategie, Artificial Intelligence (AI));
  4. Evaluation of possibilities to use AI in IT security (e.g. STRIDE Threat Modelling);
  5. Review of documents related to the IT Security and Risk Management Framework.
- Audit related tasks:
  1. Managing Audit Findings (management/controlling of mitigation projects and measures).

IT Security Analyst / Project Manager

BNP Paribas Fortis - Brussels

Banking & Financial Services

5000-10.000 team member

- Responsible for remediation of Audit Findings in the field of Application Vulnerability detection and management (Source Code Scan, DAST, SAST, SCA, Vulnerability Scanning):
  1. Analysis of Audit Findings and requested/agreed remediations,
  2. Analysis and documentation of process-chains, involved applications and interfaces as well as exchanged information artefact as well as organisational topics across the IT organisation,
  3. Development of improvement measures regarding the orchestration of applications and teams (squads),
  4. Alignment of technical details with the involved IT teams and Internal Audit,
  5. Technical and organisational definition of project plans and monitoring the implementation progress.

- Contributing to the migration activities of the Fortis SAST/DAST tool-landscape towards the desired BNP Group tool landscape.

- Involved in the development and roll-out of a software feature validation process (Quality Gates) regarding business related web-applications (Web Application Vulnerability Assessment) within the Release Management Processes.

IT/OT Risk Assessor / GRC Manager

ZF Group - Friedrichshafen, Lommel

Automotive & Vehicle Manufacturing

>10.000 team member

  1. Contribution to review and adjustment of internal IT Security Guidelines (IT Security Policy, IT Security Instructions, IT Security Work Instructions);
  2. Assessed the implementation maturity of generic Security IT Guidelines based on CIS Controls, IT hardening measures based on CIS Benchmarks and IT Security processes and procedures based on BSI Grundschutz recommendations;
  3. Conducting IT/OT Assessments regarding technical and organisational security of IT programmes in the fields of e.g:
  4. Backup and Recovery, Global Backup and Desaster Recovery Concept,
  5. Adjustment of mobile device strategy,
  6. Identity and Access Management for cloud and on-premise applications,
  7. Changes in the fields of production management systems,
  8. Telematics and Predictive Maintenance,
  9. DC consolidation;
  10. IT/OT availability for critical business processes (BCM),
  11. Security Architecture regarding the processing of "strictly confidential" data, documents and artefacts.
  12. Managed File Transfer (MFT), Electronic data interchange (EDI), Product Lifecycle Management Systems (PLM)
  13. Contribution to review and adjustment of internal IT Service Management (ITSM) Guidelines acc. to ITIL and ISO20000;
  14. Project management in the field of mitigation measures:
  15. IT Security Policies und Security Instructions, Hardening Guidelines etc.,
  16. Cloud Computing Security (z.B. AWS, Azure, CASB),
  17. DevOps und DevSecOps,
  18. IT/OT Security and Data Privacy,
  19. MES-, ERP-, CRM-Systeme,
  20. PLM-, MFT- and EDI systems.

Certificates

VDA ISA 6.0 and TISAX

mITSM

2024

IT Compliance with ISAE 3402

mITSM

2023

ITsec audits competencies f. critical infrastr.

Bitkom Akademie

2020

GDPR for Auditors

Quality Austria

2019

IT-Sec. Catalogue acc. KritisV & EnWG f. Auditors

GUTcert

2019

SCRUM Delivery in PRINCE2 Project Organisations

QRP

2017

SCRUM Master and SCRUM Product Owner

TÜV Akademie Germany

2015

EFQM Excellence Assessor

ILEP

2014

TQM Coach

TÜV Akademie Germany

2014

PRINCE2:2009 Practitioner (Recertification)

APMG

2014

Governance, Risk and Compliance acc. to ISO 27000

TÜV Akademie Germany

2013

ISO 27000 Auditor in IT Security Mgmt Systems

TÜV Akademie Germany

2013

COBIT 5 Foundation

ISACA Germany

2012

ITIL v.3 Expert

Loyalists Certification Services USA/Canada

2011

ISO 20000 Auditor in IT Service Mgmt. Systems

TÜV Academy Germany

2011

Portfolio

item-0

IT Audit. Processes and GRC 2010 - today

Consulting projects in the fields of IT Audit (IT Security, Service Management, Data Privacy), Process alignments as well as Governance Risk and Compliance conducted from 2010 until today

Contact form

Log in to get in touch

You need to be logged in to use the contact form.

Sign upLog in