Head of Privacy - SUSE Group- leading the Head of Privacy Office- managing SUSE’s data privacy compliance programme and SUSE’s privacy projects/priorities- leading the relationship with PIMS certification auditors, including reviewing and addressing audit findings- developing and maintaining PIMS policies & procedures, monitoring organization’s adherence- reviewing (and creating) privacy templates, privacy notices (including cookie management policy & notices)- reviewing… Show more Head of Privacy - SUSE Group- leading the Head of Privacy Office- managing SUSE’s data privacy compliance programme and SUSE’s privacy projects/priorities- leading the relationship with PIMS certification auditors, including reviewing and addressing audit findings- developing and maintaining PIMS policies & procedures, monitoring organization’s adherence- reviewing (and creating) privacy templates, privacy notices (including cookie management policy & notices)- reviewing CAB/service requests- participating in architecture working group and demand management- deciding on the need of DPIAs, guiding the processing owners on writing the DPIAs, reviewing the DPIAs- reviewing and drafting DPAs- reviewing and approving third party supplier assessments, third party privacy questionnaires- incident response team member- developing data privacy training materials- participation in data privacy training, including incident simulations- provision of data privacy advice and consultancy- mapping of the processing activities, managing personal data deletion Show less

GRC Security Practice and Team Lead, ISMS Owner, Manager (Cybersecurity Design & Engineering) - SUSE Group- designing security and privacy strategies and preparing roadmaps, managing/overseeing all projects within the GRC security practice- chair of the Cybersecurity and Privacy Working Group- ISMS Owner- coordinating ISO 27001 and 27701 audits, supporting SOC 2 and Common Criteria audits- responsibility for ISMS certification- managing risks in IT, information security… Show more GRC Security Practice and Team Lead, ISMS Owner, Manager (Cybersecurity Design & Engineering) - SUSE Group- designing security and privacy strategies and preparing roadmaps, managing/overseeing all projects within the GRC security practice- chair of the Cybersecurity and Privacy Working Group- ISMS Owner- coordinating ISO 27001 and 27701 audits, supporting SOC 2 and Common Criteria audits- responsibility for ISMS certification- managing risks in IT, information security and privacy and personal data protection areas- monitoring new legislation, case law and best practices and implementing them into internal processes and documents- selecting and managing external vendors (law firms, consultants and auditors), coordinating them and reviewing their deliverables- cooperating with legal and IT departments- preparing and reviewing contractual documentation and negotiating contractual terms- designing metrics and reporting on security and privacy posture and projects/initiatives progress to steering committees, oversight committee and C-level executives- preparing awareness campaigns, communications and trainings- designing penetration tests and tabletop exercises programs- conducting security assessments/audits of suppliers- managing security business continuity- advising on demand and change management- reporting to the CIO Show less

Security Engineer, ISMS & PIMS Manager, Expert (Cybersecurity Design & Engineering) - SUSE Group- managing the ISO 27001 and 27701 implementation project, including leading the team of ISMS & PIMS experts and external contractors- defining organizational and technical measures for both information security and privacy and overseeing their operation for all entities within the SUSE group- coordinating with numerous stakeholders and teams- managing external vendors such as law… Show more Security Engineer, ISMS & PIMS Manager, Expert (Cybersecurity Design & Engineering) - SUSE Group- managing the ISO 27001 and 27701 implementation project, including leading the team of ISMS & PIMS experts and external contractors- defining organizational and technical measures for both information security and privacy and overseeing their operation for all entities within the SUSE group- coordinating with numerous stakeholders and teams- managing external vendors such as law firms, consultants, and auditors, coordinating their activities, and reviewing their deliverables- collaborating with the legal and IT departments- preparing and reviewing contractual documentation and negotiating contractual terms- organizing awareness campaigns, communications, and training sessions- conducting security assessments and audits of suppliers- performing personal data protection mapping, conducting and reviewing DPIAs (Data Protection Impact - assessments), managing personal data deletion and anonymization, and handling data subject requests- reporting to the CISO Show less

Lawyer focusing on ICT law, IP and data and information protection, public procurement and FDIRelevant experience:- defining new legal products and participating in business development- client facing advisory and project management- providing comprehensive legal services to technological companies, incl. corporate law services- advising on public procurement, in particular ICT procurement (focusing on the issue of vendor lock-in)- drafting legal memoranda (for example… Show more Lawyer focusing on ICT law, IP and data and information protection, public procurement and FDIRelevant experience:- defining new legal products and participating in business development- client facing advisory and project management- providing comprehensive legal services to technological companies, incl. corporate law services- advising on public procurement, in particular ICT procurement (focusing on the issue of vendor lock-in)- drafting legal memoranda (for example on topics such as virtualization or use of digital signatures)- providing legal assistance to mobile apps developers and providers, as well as to virtual reality developers- consulting in the legal aspects of cryptocurrency, blockchain and tokenization- drafting and revising license agreements- advising on trademarks and intellectual property rights in general- performing "gap" analyzes / audits / due diligence- implementing personal data and privacy protection systems- advising in the field of personal data and privacy protection in accordance with GDPR and other laws- advising in the field of cyber security law, PSD2 and e-Privacy- serving as a data protection officer- conducting trainings and workshops on personal data protection and privacy- preparing and negotiating personal data processing agreements- publishing professional articles (topics: data migration, personal data protection, vendor lock, ICT public procurement, artificial intelligence ...)- leading the project and author team, and co-authoring professional peer-reviewed book/commentary: “Personal Data Processing Act - Practical Commentary” Show less

- Providing legal advisory and support in IT/IP law, public procurement, corporate and labor law- member of Data Protection Officer (DPO) team

- Participating in a time-limited research and development project on cybersecurity certifications

- Providing legal advisory and support in the area of ICT public procurement