Strategic Information Security leader with a proven track record of managing governance, risk, and security architectures in large-scale corporate environments (> ?1bn revenue). As an independent consultant, I bridge the gap between complex regulatory requirements (CRA, NIS2, EU AI Act) and scalable, business-aligned  securityoperations.

SKILLS

• Security Governance
• ISMS Control
• Risk management
• Regulatory compliance
• Security strategy
• IAM strategy
• Cyber Resillience Act (CRA)
• EU AI Act
• Project management
• Program management
• Personnel management & development
• Stakeholder management
• Incident governance
• Zero trust strategy
• ISO/IEC 27001 Lead Auditor
• NIS 2

2018 ? 2022

Customer: ISO 27001 ISMS Establishment & Certification 

Task

• Designed and implemented a group-wide Information Security Management System (ISMS)
• Conducted risk assessments, defined policies, and established Continuous Improvement Processes (CIP)
• Result: Successful initial certification and creation of a robust governance framework

2024 ? 2026

Customer: Strategic Implementation of the Cyber Resilience Act (CRA) 

Task

• Led cross-functional execution of regulatory requirements across the entire product portfolio
• Integrated threat modeling and security-by-design as standard procedures in product development
• Expertise: Active contributor to CRA guidance within Bitkom at the EU level

2024 ? 2026

Customer: Zero Trust Architecture & Strategy 

Task

• Planned and executed a multi-phase Zero Trust roadmap to secure hybrid environments.
• Focused on Identity & Access Management (IAM), micro-segmentation, and Conditional Access policies

2024 - 2025

Customer: SIEM Transition & SOC Establishment (QRadar to MS Sentinel) 

Task

• Managed the migration of the legacy SIEM (IBM QRadar) to Microsoft Sentinel
• Built and managed a Security Operations Center (SOC), including end-to-end incident response workflows

2019 - 2020

Customer: Vulnerability Management with Rapid7 InsightVM 

Task

• Architected and rolled out a global automated vulnerability management program
• Integrated scanning and remediation into IT operations to measurably reduce the attack surface

2020 - 2021

Customer: Threat Intelligence System Implementation 

Task

• Implemented and configured threat intelligence platforms (e.g., OpenCTI, MISP)
• Result: Improved the efficiency of threat intelligence and analysis processes by 35%

Experience

• NIS-2: Proven track record in implementing NIS-2 requirements within ISO 27001-based environments. Expert in conducting gap analyses and executing remediation projects to ensure full compliance, with a particular focus on Supply Chain Security
• EU Cyber Resilience Act (CRA): Extensive experience leading the strategic and operational execution of the CRA for large-scale product portfolios. Specialized in managing cross-functional teams to integrate regulatory requirements into standard product development. I leverage the CRA as a driver for long-term product resilience by establishing "Security by Design" as a corporate standard
• EU AI Act: Subject matter expert for the implementation of the EU AI Act. Experienced in aligning AI-driven business initiatives with emerging European regulatory frameworks and governance standards Strategic level (Bitkom/EU): Actively contributing to the development of EU security regulations
• ISO 27001 & ISMS development: Deep expertise in designing and maturing Information Security Management Systems (ISMS). As a certified ISO 27001 Lead Auditor, I regularly conduct high-stakes audits of suppliers, service providers, and corporate locations
• CISO Alliance: Active member of the CISO Alliance e.V., engaging in high-level knowledge exchange on regulatory trends (NIS-2, AI Act, CRA) and modern security leaderships

IT-Skills

MS Office | Office 365 | Azure Cloud | Palo Alto Firewall | Vulnerability Management | Entra Suite | MS Defender XDR | MS Sentinel | Threat Intelligence (OpenCTI, MISP) | ServiceNow | React Software Development | Gitlab | AzureDevOps