Unternehmensberater für Informationssicherheit, Datenschutz und Compliance || Senior Security, Data Protection and Compliance...

Results-oriented and self-motivated management consultant with 10
years of experience in data protection, information security and project
management.

• Certified in Risk and Information systems Control (CRISC)
• CISO
• Data Protection Officer
• Datenschutz
• Datenschutzbeauftragter
• DIN ISO/IEC 27001
• GDPR
• Informationssicherheit
• Projektmanagement
• Risikomanagement

Over 10 years of professional experience in the areas of information security, data protection, GRC and project management as an external consultant and internally responsible professional. In addition to a large number of individual consulting projects, I have worked on the following topics:

• Introduction of Information Security Management Systems (ISMS) - e.g. successful full-scope ISO27001 initial certification without any deviations as project and security lead. Covered topics included defining a security strategy and deriving measurable objectives, as well as implementing and optimizing: Risk Management, Business Continuity Management, Change Management, Penetration Testing Coordination, Asset Management, Business Partner Vetting, Internal Audit.
• Establishment of a data protection management system (DPMS) - including requirement analysis, the creation of guidelines, legally required documentation, the implementation of processes, as well as the training of employees for continuous compliance with data protection requirements, primarily the EU Data Protection Regulation (EU-GDPR).
• Security Awareness - Creation and delivery of security awareness training for new employee onboarding, as well as advanced modules and creation of awareness posters, regular speaker at internal jour fixes.
• Workshops and trainings regarding EU Data Protection Regulation for raising general awareness and more specific use cases.
• Conducting GDPR gap analysis, internal and external audits - including IT audits as part of annual financial statement analyses. Planning, and documentation of required actions, introduction of controls and, in some cases, instruction of employees, preparation of results in the form of management reports.
• Negotiations of data processing agreements (GDPR) and agreements regarding information security in the international B2B area with SMEs, universities and Fortune 500 companies.
• Project management and coordination for extensive projects with various internal and external stakeholders.
• As a certified data protection officer and experienced security officer, I am also happy to take on such roles.

Data Protection (GDPR, CCPA) / Datenschutz, ISO 27001, Information Security / Informationssicherheit, Risk and Compliance Management / Risikomanagement, Project Management, Team Lead, Business Process Optimisation, contract negotiations, Microsoft Office & G Suite