Cybersecurity consultant (DevOps, GRC) Aarhus, Danmark

Peut être disponible

(Mis à jour 2022-10-05)

Cybersecurity consultant (DevOps, GRC)

Aarhus, Danmark

Natif Danish, Courant English, Intermédiaire German, Débutant French

  • 20+ års erfaring med cybersikkerhed
  • Ekspert i secureSDLC
  • DevSecOps practitioner

Compétences (60)

PKI

Compliance Auditing

SYSTEM SECURITY

CISA

VULNERABILITY ASSESSMENT

RISK ASSESSMENT

Network Architecture

VPN

METRICS

DevOps

SECURITY POLICIES

INFOSEC

Scada

SECURITY AUDITS

CISSP

Risk Management

GOVERNANCE

SUBJECT MATTER EXPERT

PIPELINE

Strategic planning

INTRUSION DETECTION

BUSINESS DEVELOPMENT

FIREWALLS

SECURITY DESIGN

RISK ASSESSMENTS

ISO27001

AUDITING

Dev ops

AUTOMATION CONTROL PROTOCOLS

SME

FISMA

Project Management

RETAIL

PCI

WINDOWS SERVER 2003

GxP

BUDGETS

HEALTHCARE

API

BUDGET

FORENSICS

SARBANES-OXLEY (SOX)

CHEF (ALL)

Azure DevOps

Fieldbus

TRADING

TypeScript

RAILWAY

CHIEF OPERATING OFFICER

PUPPET

Active Directory

ESTIMATION

CHEF

SARBANES OXLEY

NETWORKING

ACCOUNT MANAGEMENT

Cisco

SPLUNK

FINANCE

Recruitment

Résumé

I like to think of myself as "the Swiss army-knife" of cybersecurity (or information security). Because
I have been aboard the security journey most of the way and consequently I have the practitioner’s approach to solving problems they are of strategic or practical nature at an operational level.

Recently, emphasis has been on the CHANGE needed to get and stay in control of the increasingly important cybersecurity area, particularly on improving security and quality of the software being developed, resulting in focus moving from “infrastructure to software security”. Leading smaller technical teams into changing minds, attitudes and culture or even management teams and entire organizations, has mainly been the task, as the cultural aspect of cybersecurity in the digital society has turned out to be more important than ever. Therefore, I master agile management/development methods, where SCRUM has been the primary choice. I started on the “BLUE team” back in the CISO-days, but as the “interpreter”, I now primarily work in the “blended” teams (PURPLE, GREEN, ORANGE), where OT/OIT security has been in focus recently. Whether a traditional IT-organization, a start-up or in IoT/OT development, I have become the CHANGE AGENT for security on operational, tactical as well as strategic level.

My primary skill is to quickly understand my clients’ business and assess their organization. And from there, identify the value- adding actions. And always from a business perspective, but equally as the technical Subject Matter Expert on the threats towards the digital economy. Therefore, I have expert knowledge on the technical and complex aspects of information security in a modern company, having become an SME in fields like the ISO2700x suite, secure SDLC, NIST CSF/SP800, Risk Management etc.

I am also a leader with T-shaped skills, coming from a long career within IT, where I have obtained both general management skills as well as expert skills. I have kept it all up2date through market leading certifications like CISSP, CISM, CEH, CIPP/E, CIPT, PROSCI/ADKAR etc. My academic background is an MsC (Political Science), which basically taught me how to learn (fast). My professional experience comes from both large international companies, start-ups and from the SMB segment.

My personal values are characterized by honesty and credibility, and I am a firm believer in leadership based on dialogue. I have a very curious nature with an eager for professional and personal development, and I believe that everyone can “learn for life”. I work in a very structured and systematic way and have strong analytical skills. I am used to a hectic business environment and working within IT for years has taught me how to perform in an environment of constant change.

Follow me on: https://www.linkedin.com/in/jensroedandersen/

Expérience professionnelle

Senior Cybersecurity Consultant
Jens Roed Andersen Aps

2015-01 - Actuel

(founder/freelancer) Responsibilities: Subject Matter Expert on Cybersecurity, GRC, OT/IoT security, secure software development and Agile Security/DevSecOps as well as GDPR specialist and security bootstrapping "helper & servant" advising large to medium sized businesses at all levels
Security Advisor
DLG A/S

2019-05 - Actuel

Project Description Corporate IT-security program: IT security assessment, review of IT strategy, Governance, Architecture & and primary tasks design, Information Security Policies & Guidelines, Project estimation, Frameworks/Standards.
Sector & Role Agriculture sector as Security Advisor Tech/framework Network architecture, Cloud architecture (MS/Amazon), CIS20, ISO27001, MS WIN, MS AD/AADFS, MS365
Security Advisor
DBIO/Danske Bioanalytikere

2022-07 - Actuel

Project Description Incident forensics, Post-mortem analysis, post incident remediation: IT security assessment, review of IT and primary tasks strategy, Governance, Risk & Compliance analysis.
Sector & Role NGO sector as Security Advisor Tech/framework CIS20, ISO27001, MS WIN, MS AD/AADFS, MS365
Security Advisor
Nissen Energy A/S

2022-08 - Actuel

Project Description Corporate IT-security program: IT security assessment, review of IT strategy, Governance, Architecture & and primary tasks design, Information Security Policies & Guidelines, Project estimation, Frameworks/Standards.
Sector & Role Manufacturing sector as Security Advisor Tech/framework Network architecture, Cloud architecture (MS/Visma), CIS20, MS WIN, MS AD/AADFS, MS365
Senior Security Advisor, Assessor and Architect
ETU forsikring A/S

2020-01 - 2022-05

Project Description Cybersecurity assessment, strategic planning & implementation of cybersecurity program, built on the and primary tasks latest Microsoft cloud technology, set up in a "Zero-Trust" architecture.
Sector & Role Insurance sector as Senior Security Advisor, Assessor and Architect Tech/framework Misc. MS technologies ie. AzureAD, Azure Sharepoint, Azure VPN, MS365, CIS20, ISO27001
Advisor to Metroselskabets
Metroselskabet A/S

2021-06 - 2021-10

"Corporate IT-security Task force": IT security assessment & roadmap, review and primary tasks of IT/OT strategy, setup of new organization, recruitment of staff, architecture & design, Information Security policies & guidelines, project estimation, implementation of new frameworks and Standards, pentest planning, setup of future unified cybersecurity governance with main service provider.
Sector & Role Railway sector as Trusted Cybersecurity Advisor Tech/framework OT/IACS/SCADA/ tech, IEC62443, EN50126-1, CIS20/Benchmarks, NIST SP800-suite, ISO27001/27002, MS
Senior Cybersecurity & Compliance Advisor
Region Nordjylland

2020-09 - 2021-05

Project Description Cybersecurity consulting (particularly in GRC) and compliance project (ISAE3000): Assessment, advisory and primary tasks and implementation in an agile environment, building digital integrated risk management in ServiceNow.
Specific risk assessment on new Electronic Health Record (EHR) system "NordEPJ".
Sector & Role Public healthcare sector as Senior Cybersecurity & Compliance Advisor Tech/framework ServiceNow (GRC and SecOps modules), NIST SP800-53/SP800-171ISO27001/27002, ISO27005, ISAE3000, Deloitte Privacy Framework, CIS20/Benchmark, IRAM2, Azure DevOps, MS365 suite.
Senior Security Advisor, Assessor and Architect
Lægefællesskabet I/S

2016-09 - 2021-03

Project Description IT security assessment, advice and review of IT-strategy & design of new 3-5 years strategy: and primary tasks Future Governance, InfoSecurity Policies & Guidelines, Cloud & Security Audits & Assessments.
Sector & Role Healthcare sector as Senior Security Advisor, Assessor and Architect Tech/framework CIS20, MS WIN, MS AD/AADFS, MS O365, Azure Sharepoint, EG Clinea, Patientsky, XMO Period: November 2019
Senior Security Advisor, Assessor and Architect
Haderslev Municipality (kommune)

2019-02 - 2021-03

Project Description Municipal Infosec program: IT security assessment, review of IT strategy & design and implementation of and primary tasks program: Future Governance, Architecture & design, Information Security Policies & Guidelines.
Sector & Role Public Sector as Senior Security Advisor, Assessor and Architect Tech/framework Network architecture, Cloud architecture (MS/Amazon), CIS20, ISO27001, NIST SP-800 suite, MS WIN10, MS AD/AADFS, MS O365
Azure & O365 tech
FACIT Bank A/S

2020-09 - 2021-03

Project Description Infosec policy improvements, re-organization and GRC/Risk Management consulting. and primary tasks Sector & Role Finance sector as Senior Security Advisor Tech/framework Misc. technologies MS on-prem/Azure cloud, IRAM2, CIS20, ISAE3000
Security Advisor & Assessor
Stibo DX A/S (for C2IT A/S)

2020-06 - 2020-12

Project Description Consulting on implementation of a secure SDLC, implementation of a "shift left" test pipeline, improving and primary tasks SW quality, by building a security champion organization and improving Risk Management in a DevSecOps context.
Sector & Role Publishing software sector as Security Advisor & Assessor Tech/framework OWASP10, CIS20, CMMI, ISO27005, IRAM2, Redhat OpenShift, SaltStack, AWS, Angular, AngularJS, Protractor, Gherkin, Checkmarxx, Netsparker, Nessus, Lint, Contrast, SonarQube.
Public Sector as Security Assessor
Herning Municipality

2019-09 - 2019-10

(kommune) (for Improvento A/S) Project Description GDPR & IT security assessment, advice and review of GDPR strategy & design of program: and primary tasks Future Governance, InfoSecurity Policies & Guidelines, Security Assessments, Standards (ISO27K).
Sector & Role Public Sector as Security Assessor Tech/framework CIS20, ISO27001, MS WIN, MS AD/AADFS, MS O365
Security Technology and Process Advisor
Danske Færger A/S

2017-09 - 2018-08

Project Description Corporate GDPR project: Future Governance, security/privacy assessments, Enterprise Architecture, DPIA, and primary tasks Datamapping, Vulnerability Assessment, Privacy by Design/Default.
Sector & Role Transportation sector as Security Technology and Process Advisor Tech/framework MS O365, MS Compliance Manager, Tempus Serva GDPR,
Senior Security Advisor & Project Manager
Bestseller A/S

2017-08 - 2018-07

Project Description Corporate IT GDPR project: Project organization & design, future governance, security/privacy and primary tasks assessments, DPIA, Datamapping, Privacy by Design/Default, Enterprise Architecture integration, IAM project advisory and coordination.
Sector & Role Retail sector as Senior Security Advisor & Project Manager Tech/framework ISO27001, SCRUM, MS AD/AADFS, O365, MS Compliance Manager, RSA SecurID, CIS20 et.al.
Project Manager, Security Advisor and Architect
Danfarm Group s.r.o

2017-04 - 2018-06

Project Description Danfarm Security and GDPR program: and primary tasks Initial Risk Assessment, enterprise architecture, Program Management.
Sector & Role Agriculture sector as Project Manager, Security Advisor and Architect Tech/framework MS client/server technology, ESET AV, Fortinet HW, CIS20
Senior Security Advisor
Billetten.dk A/S

2017-08 - 2018-06

Project Description Corporate GDPR program: Project organisation & design, future Governance, Security/Privacy Risk and primary tasks Assessments, DPIA, Datamapping, Privacy by Design/Default, Enterprise Architecture integration.
Sector & Role Online ticketing sector as Senior Security Advisor Tech/framework Google Authentication, Application architecture, multiple vendors
Tech
Linak A/S

2017-05 - 2017-06

Risk Assessments and advisory.
Sector & Role Manufacturing sector as Security Advisor & Assessor
Security Consultant
Nets A/S

2016-01 - 2017-03

Project Description Vendor Risk Management project, assistant to the local CISO, System Security Officer for NemID and primary tasks (compliance and auditing of NemID processes and hardware and edition order administration) Sector & Role Finance & Digital Payment Services sector as Project Manager, System Security Officer & Advisor Tech/framework PCI DSS/PIN, ISO27001/2, SCRUM, JIRA, MS Active Directory, FIPS140-2 level3
Security Advisor
Realdania A/S (for KonsensIT A/S)

2016-02 - 2016-06

Project Description Realdania IT security program: and primary tasks Risk Assessments, ISO27001 Governance & Program Design, awareness, Enterprise Architecture.
Sector & Role Philanthropy sector as Security Advisor Tech/framework Multiple
Security Advisor
LM Wind Power A/S

2015-04 - 2015-09

Project Description LM Wind Power Information Security Program: and primary tasks Risk Assessments, Governance & Program Design, awareness, enterprise Architecture.
Sector & Role Manufacturing sector as Security Advisor Tech/framework Multiple
Project Management, documentation, ISMS "librarian", SOA
Atos Denmark A/S

2015-03 - 2015-06

Project Description Multisite ISO27001 implementation: Project Management, documentation, ISMS "librarian", SOA, and primary tasks interviews, international coordination.
Sector & Role IT Services sector as Project Manager ad Compliance Expert Tech/framework Multiple
Chief Information Security Advisor
Energinet.dk A/S

2013-01 - 2014-01

Responsibilities: Project management of information security development/infrastructure projects, international standardization, participant in creating the Danish national cybersecurity strategy for the energy sector.
Chief Information Security Officer (CISO)
Energinet.dk A/S

2012-01 - 2013-01

Responsibilities: Implementation of Information Security Governance and ISMS, Change Management, new ISO 27001 policy ruleset, implementation of Acceptable Use Policy and awareness campaigns, IT audit responsible.
2012 - 2013 CEO and co-founder, Top Ten Garage AG Responsibilities: General management & strategy, business and product development, technical project management (IOS platform), financial controlling, sales & marketing.
Project Manager and Risk Management Expert
Novo Nordisk A/S

2012-01 - 2012-04

Project Description IT Risk Management project: and primary tasks Risk Assessments, ISO27001 Governance & Project Design.
Sector & Role Pharma sector as Project Manager and Risk Management Expert Tech/framework Multiple
Principal Consultant and owner
Roed & Infosec Consulting Aps

2011-01 - 2012-01

Responsibilities: Subject Matter Expert on Cloud Computing Security, Production IT Security and IT Outsourcing, skilled Risk Management specialist, Information Security Management and policy/compliance specialist. Branch focus: Pharmaceuticals, healthcare, SMB.
Chief Information Security Officer (CISO)
Arla Foods amba

2003-01 - 2011-01

Responsibilities: Member of Arla Top300 Management team, Strategic Information Security Management, IT Security Governance & Controlling, Strategic Risk Management, responsible for global IT Audit, implementation of IT Security program, deployment of global Compliance program, vendor contact and coordination, project management.
Group IT Security Manager, Arla Foods amba Responsibilities: Strategic IT Security Management, Team manager for specialist team, implementation of IT Security Governance, Risk and Crisis Management, deployment of international Compliance program, vendor contact, project management.
IT Security Manager, Infrastructure Services, Arla Foods amba Responsibilities: Risk and Crisis Management, development of IT Security Governance model, training and setup of IT Security and User-admin. Dept., vendor contact, project controller, project management.
User Administration Manager, IT Services, Arla Foods amba Responsibilities: training and setup of Useradmin. Dept., vendor contact, project management.
Staff sergeant
Jutland Dragoneers Regiment

1988-01 - 2005-01

Director of Business Development
Grey Odense Business Consulting

2001-01 - 2002-01

Responsibilities: Strategic business development, management consultancy, project sales/key account management, partner networking, pre-sales, project- and programme management, local IT manager.
Chief Operating Officer
Plejdrup.com A/S

2000-01 - 2001-01

Responsibilities: Strategic business development with reference to the CEO, annual budget: DKK 10 mill. Pre-sales, project sales, consultancy, project management, financial control and IT management, responsible for partner network, staff management.
Head of Department
Merkantildata Interactive

1999-01 - 2000-01

Project- and analysis Responsibilities: Business development, member of management team, annual budget: DKK 2 mill. IT projects management, consultancy, systems architecture, financial control, staff management.
Project Manager/Contract Manager, Consultancy Division, Merkantildata Responsibilities: IT projects management, contract management, pre-sales/project estimation.
Sergeant
Prince's Life Guard Regiment

1985-01 - 1986-01

Parcours scolaire

Diploma
Haas School of Business, University of Berkeley

2022-10 - 2002-01

Master's Degree in Political Science
University of Aarhus

2022-10 - 1994-01

Baccalaureate
Viborg Katedralskole

2022-10 - 1984-01

Formations

Certified Ethical Hacker
Board Certificate for professional Board Members (Board Company)
PROSCI Certified ADKAR Change Management Practitioner (PROSCI)
CIPP/Europe (International Association of Privacy Professionals)
CIPT (International Association of Privacy Professionals)
"SAP Nordic Academy, HR module" (SAP Denmark)
Certified Information Security Systems Professional (ISC²)
"Certified Cloud Security Professional"
Certified in Information Risk & Control (ISACA)
Certified Information Security Manager (ISACA)
Certified Information Security Manager
IT Security Management I-III (Protego A/S)
Certified Ethical Hacker (EC Council)

Contact prestataire

/