CIO and CISO Consulting Services

7/2019 – 12/2019

- Serve as the Interim Global Chief Information Security Officer (CISO)
- Create a global IT security team
- Establish a new global Operating Model for cyber security within the Global IT organization
- Provide expert advice on recruiting and alignment of a global IT security team
- Identify potential internal and external candidates to fill vacancies in the new operating model
- Draft and reconcile a global IT security management framework
- Review the existing ISMS framework and on-board expertise to begin closing gaps and develop a roadmap
- Initiate the development of a global security architecture and related standards
- Initiate the creation of a global Security Operations Center
- Review the existing security architecture and existing security operations center capabilities; on-boarded expertise to begin closing gaps, defining technical standards, and establish a roadmap

Service Management, Certified Information Systems Auditor, Enterprise project management (EPM)

8/2018 – 7/2019

Independent Advisor, Frankfurt and Heidelberg, Germany
Cybersecurity, Compliance, IT Operations and Transformation Consultant
Independent advisor for international client base consisting of small businesses, research firms, and large Dax30 enterprises. Provide advice and support on many topics such as:
§ Security strategies to accelerate behavioral changes and increase adoption rates
§ Optimization of IT processes and technology roadmaps for digital transformation
§ Compliant cloud migration strategies for highly regulated international enterprises
§ Optimization strategies to simplify compliance models in highly regulated industries
§ Leadership development and coaching in highly political intercultural environments
Provide legal and compliance advice to a leading Dax30 Medical company for complex migration of 50K users located in 67 countries and 200 sites into centralized cloud services
§ Managed distribution, signature and adoption of global cloud use, data classification, and data retention policies to all companies and subsidiaries to foster user compliance
§ Harmonized local country assessments of data privacy, cross border data transfer, data localization, and stringent compliance laws with corporate regulations and guidelines
§ Evaluated relevant data protection and data loss prevention technologies to mitigate risks, increase adoption, and improve overall function and security of cloud services
§ Deployed e-learning compliance training in 23 languages to 40k users in 67 countries
§ Designed and managed dashboards and key performance indicators to align stakeholders

Certified Information Systems Auditor, Datenschutz, Microsoft Office 365, MS Office (Anwenderkenntnisse), Compliance management

5/2014 – 8/2017

§ Responsible for building and leading the vision, strategy, and initatives to protect Merck’s IT, data, systems, and intellectual property which generate over €15B in annual revenue
§ Led global security assessment against 10 security benchmarks at 20 locations to establish Merck’s security, risk, and compliance rating in the Pharma and Biotech industry
§ Established and led Board approved multi-million euro “Protect Merck” program which drove Merck’s score to the top 10% for 6 of the assessed benchmarks in under 1 year
§ Revolutionized Merck’s SRC operating model while simultaneously achieving company wide ISO 27001 re-certification; praised by auditors for raising the bar in Pharma/Biotech
§ Gained 700% increase in operational budget to build revolutionary SRC organization which trained and mentored companywide staff, reduced vulnerabilities by 45%, increased system visibility 16 fold, and optimized global risk and compliance processes
§ Built “Protect Merck” Executive Committee of Executive Vice presidents, legal counsel, and business leaders to align Protect Merck initiatives with business strategies; won board and president support to educate 50K employees on new SRC practices
§ Founded Merck’s annual Security, Risk and Compliance Symposium which brings together over 150 technology leaders from 30 countries to collaboratively improve SRC processes
§ Hosted security round table with CISOs from other DAX 30 and public organizations to share knowledge and launch the Merck Security Academy to certify over 1K IT employees
§ Built external partnerships and drove industry innovations in the areas of mobile mail encryption, cloud security encryption, data leakage prevention, vulnerability and application scanning, intrusion detection, and advanced “red-team” testing techniques
§ Responsible for IT integration of Merck’s largest M&A in its 350 year history worth $17B
§ Established board approved multi-year, multi-million euro, M&A IT integration portfolio of 100 broad initiatives; refined synergy targets, and reprioritized CIO’s global initiatives
§ Drove implementation of board level KPIs, dashboards, and global communication campaings to improve transparency and decision making for users, staff, and executives
§ Built matrixed team of 60 internal and external technical experts from both companies; hosted virtual and onsite workshops to build high level of respect, cooperation, and trust
§ Infused IT integration experts into multiple boards and projects of parallel non-IT integration streams to enhance visibility, increase agility, and optimize technical solutions
§ Established executive change advisory board and governance processes to solve unique integration challenges and improve global management of complex architecture changes
§ Drove interoperability of disparate architectures by harmonizing WiFi, crossconnecting networks, and optimizing SSO to improve user satisfaction for 50K users in 66 countries
§ Delivered virtual cloud infrastructures to bridge legacy systems and global ERP harmonization initiatives and provide seamless access to over 26,000 diverse applications

Incident-Management, Service Management, Identitätsmanagement, Cyber Security, It-Governance, Management-Informationssysteme, IT-Strategieberatung, Change Management, Management (allg.), Transformation Management, Programm-Management