Federico (F.) Leefhelm-ISO – Senior Consultant Quality & Information Security

Daimler Truck Financial Services is moving from traditional data centers to the Azure Cloud. As part of the Cloud Data Center project (CDC), DTFS is migrating traditional data centers in Europe (EMEA), Asia & South Africa (APAC), Canada, South, Central and North America (NAFTA) and transferring the service to the Azure Cloud. DTFS supports the global sale of Daimler commercial vehicles through leasing, financing and insurance and is, with a contract volume of 25.4 billion euros, one of the world's largest financial service providers for commercial vehicles [link]  Worked as Senior PMO and Senior Management Consultant with the Global IT Director and Head of Innovation Projects  Worked as Senior PMO and Management Consultant with international PM and PO teams (Project Management/Project Owner)  Created a master plan based on MS Project for the CDC project, which allowed DTFS to gain a clear overview and transparency of the project after one year  The master plan provided management and teams with clear and accurate information about the status of the overall project and each subproject, both by region and by country  The reports from the master plan enabled management and teams to take measures to correct deviations so that the project could be completed on time, on budget, and on quality  Regular reporting of project progress to the Global IT Director and PM teams  Handed over the CDC master plan to the DTFS PM at the end of the contract period

• Northland Power is a developer, operator and owner of clean wind power plants
• Member of the security team, co-responsible for the cyber & information security of the wind power plants
• Responsible for creating all documentation and measures (policies, security concepts, cryptography, key management) to deploy SzA according to BSI IT-SiG 2.0 and EnWG
• Preparation and creation of measures (policies, SOP, ISMS manual, BCM, IT emergency concepts, IAM, backup & recovery, MDM, supplier, password, patch, asset & configuration, network management) to build an ISMS according to ISO 27001:2022
• Identification, assessment, and treatment of critical and potential attack scenarios for the wind power plants in risk management
• Risk analysis, risk treatment, determination of protection needs, and vulnerability analysis of the IT/OT infrastructure
• Creation of IT/OT emergency concepts, incident response processes & rebuilding of IT/OT systems as part of BCM (BIA, RIA & DRP)
• The project was stopped early because the wind turbines were sold and the company was closed in Germany

• UKD is the largest hospital in the state capital and one of the key medical centers in North Rhine-Westphalia.
• Operator of critical infrastructures (KRITIS according to §8a BSIG) with an ISMS certified to ISO 27001:2022.
• Working directly as Senior Management Consultant to the IKMT (CIO) division head and leader of innovation projects.
• Responsible for the entire IT department in information security as ISO.
• Developing, maintaining, and improving ISMS policies and SOPs.
• Conducting training and awareness for IT staff in IT security, incident response processes, and rebuilding IT systems.
• Creating and being the main contact for the new IT strategy at UKD, plus a BIA and DRP for rebuilding IT systems.
• Preparing for the next implementation of business continuity management according to ISO 22301 for the IKMT division and UKD.
• Developing an IT cyber security strategy and roadmap for implementing additional tools and solutions for UKD's cyber security.
• Developing an IT emergency plan (as part of the DRP), IT security concept, incident response, and related supporting plans (data protection, antivirus, cryptography, configuration and hardening measures, asset & configuration management, patch management, roles and rights (IAM), IT disaster recovery, etc.).
• Contributing to defining measures to make IDS (intrusion detection systems) compliant with BSI IT Security Act 2.0.
• Developing a security concept, conducting a proof of concept (PoC), evaluating and assessing up to procurement and implementation of a medical device monitoring security system.
• Setting up a security operations center (SOC) with a working concept and definitions for preventive measures, threat detection, and incident response.
• Building a security information and event management (SIEM) system using Splunk.
• Senior PMO of the division management since February 2023, responsible for overseeing all IT-related projects (>2K projects).
• Creating and managing Gantt charts for all IT-related projects (IT & healthcare, IT security, SAP, etc.).
• Developing a patch management security concept & processes and standard operating procedures (SOP).
• Contributing to the continuous improvement process (CIP) of the certified ISMS in preparation for the first surveillance audit.
• Regular reporting of project progress to the division management and board.

• Preparing and conducting awareness training for the company and its subsidiaries.
• Reviewing penetration test (PenTest) results and creating a list of measures to address identified vulnerabilities.
• Optimizing IT processes to support business operations.
• Contributing to ensuring the availability of IT services.
• Reviewing existing ISMS documents for as-is assessment and gap analysis to implement an ISMS according to ISO 27001.

• Responsible for the certification (attestation) of the new cloud services of the Police Service Platform (PSP) to the international C5 standard.
• Conducting gap analysis and contributing to building and improving an ISMS according to ISO 27001, IT-Grundschutz, and the new BSI compendium.
• Developing and adapting policies and SOPs for the entire federal office (BCM, BIA, RIA, DRP, IT emergency plans).
• Developing and improving information security (SiKo) and IT emergency plans for IT operations and cloud services (IAM, backup & recovery, patch management, crypto & key management, asset & configuration management).
• Collaborating with the SOC team to update the threat landscape.
• Conducting internal trainings, workshops, and awareness activities.
• BKA security review SÜ2.
• The project was terminated early due to the COVID-19 pandemic.

• Conducting ISO 27001 audits for various clients.
• Conducting EU GDPR workshops and pre-audits for TÜV SÜD Munich and its clients.

• Planning, expansion, and establishment of the new Compliance Services & Solutions division.
• Advising clients on implementing ISMS (ISO 27001), BCM (ISO 22301), IT baseline protection, BaFin & MaRisk requirements.
• Successfully implementing and dual-certifying an ISMS (ISO 27001) and a BCM (ISO 22301) within 14 months.
• Achieving ISO 27017 / ISO 27018 certification to protect personal data as a cloud service provider (CSP).
• Conducting IT security assessments (pen tests, vulnerability scans) and developing IT emergency plans.
• Conducting seminars, training sessions, and workshops on GDPR and information security.
• Conducting information security audits according to ISO 27001, ISO 27006, and ISO 19011.

• Senior Project Manager, Business Analyst and Senior PMO as an interim manager for banks, insurance companies, retail and industry.
• Technical rollout and change management for an international mining company during the introduction of new ERP systems.
• Strategic further development of ITSCM, IT services and IT security as interim CISO.
• Implementation of ISMS according to ISO 27001 and BCM according to ISO 22301 in Chile, Argentina and Brazil.
• Interim Business Development Manager for various IT companies.
• Business Analyst and interpreter for IT projects (Spanish/German/English).

• Responsible for preparing, programming and securing wireless solutions for digital data collection for the 2011-2012 census.
• Conducting training sessions for external staff on digital data collection.
• Strategic development of ITSCM, IT services and IT security and leadership of all innovation projects.
• Restructuring the IT department and negotiating with management and the works council.
• Introducing policies in line with ISO 27001, ISO 22301, ITIL, COBIT and OECD.
• Setting up and launching the first SOC with a SIEM platform for automated Threat Lifecycle Management (TLM).
• Introducing PMO, development and project methodologies (PMI, CMMI, CMMN).
• Leading the cross-border improvement of the telecommunications network (RFP).
• Interim personnel responsibility for over 50 employees.

• Introduction of an electronic money card (eWallet) using smart card technology as a subsidiary of the banks.
• Managing the technology platform for eWallet administration as an open innovation project.
• Licensing the money card with Mondex International (MasterCard).
• Introducing and leading an interbank committee for operational and technology topics.
• Developing the model for production, operation and settlement of electronic money in collaboration with banking regulators and the central bank.
• Developing the financial model for investment and profit distribution considering money market stability.
• Acting as the interface (Business Analyst) between banks for project implementation.
• Personnel responsibility for over 20 employees.

• Developed, implemented, and managed all electronic banking products for the corporate sector.
• Developed and introduced e-commerce solutions for the bank.
• Advised on secure development of e-commerce and EDIFACT in Chile.

• Responsible for COMEX, Financial EDIFACT, and e-commerce for German and European banks.
• Responsible for the financial institutions sector at CeBIT.
• Developed and promoted e-commerce among German banks.
• Member of the European interbank committees in Frankfurt, Paris, and London.
• Led an e-commerce project between commercial banks and the State Central Bank (LZB) in Frankfurt.