FRATCH
Zur WebsiteProjekt anfragen

Markus Willems

ISMS Implementation Consultant

Markus Willems
 Berlin, Germany

Erfahrungen

Mai 2024 - Dez. 2025
8 Monaten
Switzerland

ISMS Implementation Consultant

Software Services Company

Implementation of ISMS ISO/IEC 27001:

  • Creation of guidelines and processes
  • Creation of ISMS and reporting
  • Employee training
März 2024 - Aug. 2024
6 Monaten
Germany

IT Security Consultant

Investment Bank

Support in design and compliance with DORA requirements in conjunction with ISO 27001

Feb. 2024 - Bis heute
1 Jahr 1 Monate
Germany

IT Security Consultant

Investment House

Support in design and compliance with DORA requirements in conjunction with ISO 27001

Juli 2023 - Okt. 2024
1 Jahr 4 Monaten
Germany

IT Security Consultant

Government Agency

Creation of security, risk and emergency concepts for a nationwide operating authority in multiple locations. Conducting data protection impact assessments and completion of data protection concepts.

Creation of security concept, risk analysis, emergency concepts and data protection impact assessment according to:

  • GDPR
  • BSI Basic Protection 200-2, 200-3
  • ISO 27001
  • ISO 27005
Apr. 2023 - Juni 2023
3 Monaten

Security Consultant

Software and Hardware Manufacturer

  • C5-Cloud-Security consulting
  • Creation of BSI IT baseline security concepts
  • Data protection impact assessment for cloud platform
  • Technical concepts for backup and software programming
  • Analysis of Windows 10 systems in kiosk mode
  • Creation of data protection concept for cloud platform implementation
März 2023 - Dez. 2023
10 Monaten
Germany

KRITIS Consultant

IT Service Provider for Highway Maintenance

Revision of documents according to KRITIS standards. Revision and specification of KRITIS-relevant documentation to prepare for next audit:

  • ISO 27001
  • BSI 200-1, 200-2, 200-3, 100-4 and 200-4
  • KRITIS requirements
Sept. 2022 - Dez. 2023
1 Jahr 4 Monaten
Switzerland

IT Security Consultant

Swiss Federal Administration

Consulting according to ICT basic protection, ISDS responsibility for building a new digitization platform according to:

  • ICT basic protection
  • Swiss data protection law
Juni 2022 - März 2023
10 Monaten
Germany

KRITIS Consultant

Regional Transport Company

Revision of documents according to KRITIS standards. Revision and specification of KRITIS-relevant documentation to prepare for next KRITIS audit:

  • ISO 27001
  • BSI 200-1, 200-2, 200-3, 100-4 and 200-4
  • KRITIS requirements
Apr. 2022 - Dez. 2025
2 Jahren 9 Monaten
Germany

ISO 27001 Consultant

Property Management Company

Preparation for ISO 27001 and BSI IT baseline protection certification (approx. 60,000 residential units)

Key activities:

  • ISO 27001, BSI 200-1, 200-2, 200-3, 100-4 and 200-4 implementation
  • Close coordination with data protection officers
  • Development of data protection concepts
  • Completion of security concepts from compliance perspective
Apr. 2022 - Sept. 2022
6 Monaten
Berlin, Germany

Security Consultant

Bank

Review of security concepts, SFO, guidelines and concepts to prepare for §44 KWG audit:

  • ISO 27001
  • KRITIS
  • BSI basic protection 200-(1,2,3,4)
  • BAFIN
  • BAIT
  • §44 KWG
Apr. 2022 - Mai 2022
2 Monaten

Security Consultant

Software Company

Creation of security concepts:

  • C5-Cloud-Security
  • BSI IT baseline protection concepts
  • Data protection impact assessment for cloud platform (AWS, Azure, RegioIT Aachen)
  • Creation of data protection concepts for platform usage
Feb. 2022 - Dez. 2025
2 Jahren 11 Monaten
Switzerland

IT Security Consultant

Swiss Federal Administration

Creation of information security and data protection concepts according to Si001 ICT basic protection for a government project in Switzerland according to NCSC requirements. Grouping of protection objects according to NATO C3 taxonomy.

Creation of ISDS concepts for test and production environment as well as emergency concept according to P042-Hi03 for production. Project involves multiple releases with adjusted ISDS concepts and standard documents.

Delivered objects for protection groups and individual objects according to P042 standard for enhanced protection requirements:

  • Hi01 protection requirements
  • RINA analysis extension
  • Classification justification according to information protection ordinance
  • Analysis of individual procedures
  • Creation of Hi01-ISDS concept
  • Hi02 risk analysis
  • Consulting project groups on ISDS requirements
  • Communication with ISBO team
  • Project management communication and scheduling
  • Participation in planning meetings
  • Communication with project groups to improve progress
  • Test supervision and continuous security concept optimization
Jan. 2021 - März 2022
3 Monaten

Emergency Management Consultant

Insurance Service Provider

Emergency management and emergency concept creation for healthcare benefits billing in public sector according to:

  • ISO 27005
  • ISO 31000
  • BSI 200-4
Nov. 2021 - Dez. 2021
2 Monaten

IT Security Consultant

Bank Data Center

Review of IT security documentation and preparation for BAFIN Banking Act §44 audit:

  • BAIT
  • MARISK
  • ISO 27001
  • BSI IT baseline protection
  • GDPR
  • Risk analysis
  • Emergency concepts
  • IT compliance
Aug. 2021 - Dez. 2021
5 Monaten

TISAX Consultant

Testing Organization

Review of documents and creation of guidelines in preparation for TISAX audit

Juli 2021 - Dez. 2021
6 Monaten

Data Protection Consultant

Ministry

Data protection impact assessment for introduction of electronic file management system

Juni 2021 - Juli 2021
2 Monaten

IT Security Consultant

University

Creation of IT security concept for implementation of university management application (ca. 3500 employees, 15000 students):

  • Security concept and risk analysis
  • BSI basic protection 200-2, 200-3
  • ISO 27001
  • ISO 27005
  • Private cloud NextCloud integration
Apr. 2021 - Mai 2021
2 Monaten

IT Security Consultant

Charitable Organization

Creation of IT security concept for 60 locations with approx. 45 servers according to:

  • BSI basic protection 200-2, 200-3
  • ISO 27001
  • ISO 27005
März 2021 - Juni 2021
4 Monaten
Berlin, Germany

Security Architect

Fintech Startup

IT environment conception according to Zero Trust Architecture model:

  • NIST 800-207 Zero Trust Architecture
  • PCI-DSS
Feb. 2021 - Dez. 2022
1 Jahr 11 Monaten
Germany

IT Security Consultant

Government Agency

Creation of security, risk and emergency concepts for nationwide operating authority:

  • Security concept and risk analysis
  • Emergency concepts
  • Data protection impact assessment
  • GDPR
  • BSI basic protection 200-2, 200-3
  • ISO 27001
  • ISO 27005
Jan. 2020 - Jan. 2021
1 Monate

Security Consultant

Pentesting web application and app:

  • Security analysis of web application and iOS/Android app
  • Vulnerability assessment
  • Coordination of remediation measures
  • Security DevOps
  • Ethical hacking
Dez. 2020 - Jan. 2021
2 Monaten

Security Consultant

Medical Assessment Platform

Creation of IT security concept:

  • Security concept and risk analysis
  • Data protection impact assessment
  • GDPR
  • BSI basic protection 200-2, 200-3
  • ISO 27001
  • ISO 27005
Juli 2020 - Okt. 2020
4 Monaten

Interim Security Manager

Bank

Review and revision of security concepts in preparation for audit:

  • Creation of concepts and guidelines
  • ISO 27001
  • BSI basic protection 200-1,2,3 and 100-4
Juni 2020 - Juni 2020
1 Monate

IT Security Consultant

Manufacturing Company

Assessment and optimization of IT security settings

Mai 2020 - Juni 2020
2 Monaten

Security Consultant

Library Solution Provider

Analysis and security concept creation:

  • BSI basic protection concepts
  • Risk analysis and data protection impact assessment
  • Employee training
  • Cloud services analysis (AWS and Azure)
Feb. 2020 - Dez. 2020
11 Monaten
Germany

Security Architect

Public Broadcaster

Network zoning concept development:

  • IT environment security through network rezoning
  • Concept creation considering BSI-GS, ISO 27001 and NIST recommendations
  • Project management for security zone model implementation

Mitigation of pentest findings and vulnerability analyses under forensic and incident response aspects

Jan. 2020 - Juni 2020
6 Monaten

ISO 27001 Consultant

Bank

ISO 27001 audit preparation:

  • Migration from GS 15.EL to GS Compendium 2020
  • Review of ISO 27001 required documents
  • BAFIN §44 KWG audit follow-up
  • Process landscape analysis and optimization
  • Cloud services analysis
  • CMDB i-doIT analysis
Nov. 2019 - Nov. 2019
1 Monate

Security Training Consultant

5-day training on security concept creation according to BSI basic protection compendium including:

  • Risk analysis
  • Emergency concept
  • Concept creation according to BSI 200-1, 200-2, 200-3 and 100-4
Sept. 2019 - Dez. 2020
4 Monaten
Berlin, Germany

ISO 27001 Consultant

Data Center

Preparation for ISO 27001 certification:

  • Creation of relevant documents
  • Pre-audits based on IT baseline protection compendium
Aug. 2019 - Aug. 2019
1 Monate

Incident Response Consultant

Financial Sector Company

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Recommendations implementation
  • Vulnerability assessment
  • Coordination of internal/external service providers
  • Emergency organization management
Aug. 2019 - Aug. 2019
1 Monate

Incident Response Consultant

IT System House

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Security DevOps
  • IT security consulting
  • Ethical hacking
Juni 2019 - Juli 2019
2 Monaten

Incident Response Consultant

Logistics Company

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Emergency organization management
Juni 2019 - Juli 2019
2 Monaten

Incident Response Consultant

Production Company

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Emergency organization management
Mai 2019 - Mai 2019
1 Monate

Data Protection Consultant

Architecture Firm

Setup of all GDPR-relevant documents and processes as external data protection consultant

Apr. 2019 - Okt. 2019
7 Monaten

Security Consultant

University

Security concept creation for Windows Server 2016/2019, Office 365 and Azure rollout:

  • Security concepts and process review
  • Security incident handling procedures
  • Works council approval documentation
März 2019 - März 2019
1 Monate
Germany

Incident Response Consultant

Facility Services Company

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Emergency organization management
März 2019 - März 2019
1 Monate

Incident Response Consultant

Healthcare Provider

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Emergency organization management
Feb. 2019 - März 2019
2 Monaten

Incident Response Consultant

Consulting Firm

Post-hack recovery:

  • IT operations restoration
  • Security analysis
  • Business security requirements analysis
  • Vulnerability assessment and remediation
  • Emergency organization management
Apr. 2018 - Bis heute
6 Jahren 11 Monaten

Data Protection Consultant

Data protection consulting and external data protection officer for various clients according to EU-GDPR

Jan. 2018 - März 2019
1 Jahr 3 Monaten

IT Security Consultant

Bank

Creation of security processes and review of existing processes:

  • Security incident handling procedures for SOC
  • MaRisk and BAIT requirements implementation
  • Standards: COBIT, ITIL, ISO 27001/27002, PCI-DSS, BSI basic protection, NIST, MaRisk, BAIT, SOX
  • SIEM and SOC implementation for bank data center with over 40,000 servers and 25,000 ATMs
Nov. 2017 - Dez. 2017
2 Monaten
Brandenburg, Germany

Security Mentor

Municipality

Review of security concepts and mentoring for new concept creation

Aug. 2017 - Dez. 2017
5 Monaten

ISMS Consultant

University

Review and optimization of ISMS after one year:

  • Security analysis and concept based on BSI 200-(1-3) and EU-GDPR
  • Security improvement measures
  • ISMS implementation

Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools

Jan. 2016 - Nov. 2017
11 Monaten
Germany

Security Consultant

Security consulting for 3 projects:

  • BSI basic protection consulting
  • Process optimization and ISO 27001 audit preparation
  • Risk analysis
  • PCI-DSS optimization
  • Security concepts creation
  • Cloud security concepts

Project scope: 8 million Euro

Juli 2016 - Dez. 2017
1 Jahr 6 Monaten

Security Consultant

Transport Sector

Security analysis, auditing and creation of IT security concepts

Juni 2016 - Nov. 2016
6 Monaten

Security Consultant

Direct Bank

Security analysis and auditing:

  • BSI basic protection optimization for web environment
  • Creation of operational concepts and manuals
  • Customer focus: approx. 5 million daily users
Apr. 2016 - Juli 2016
4 Monaten

ISMS Consultant

University

Security analysis, concept and ISMS implementation based on ISO 27001/BSI basic protection analysis:

  • Security measures improvement
  • ISMS establishment

Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools

Jan. 2015 - Sept. 2016
9 Monaten
Brandenburg, Germany

ISMS Consultant

Municipalities

Security analysis, concept and ISMS implementation based on ISO 27001/BSI basic protection analysis for multiple municipalities:

  • Security measures improvement
  • ISMS establishment

Tools/Methods: ISO 27001, BSI basic protection, security scanners/pentest tools

Sept. 2015 - Jan. 2016
5 Monaten
Luxembourg

Process Consultant

Process design and consulting for RENITA project (digital radio network):

  • ITIL process design
  • Continual service improvement
  • Implementation of new processes
  • Customer acceptance testing

Tools: ITIL, COBIT, Office products, ServiceNow

Jan. 2015 - Sept. 2015
9 Monaten
Switzerland

Project Manager

Swiss Federal Authority

Server migration project management:

  • Hardware server virtualization
  • Latest server OS implementation
  • Server security hardening

Tools: HERMES 5, Microsoft Project, Visio, Office Suite

Jan. 2015 - Aug. 2015
8 Monaten
Switzerland

Security Consultant

Swiss Federal Authority

Security analysis and ISMS implementation:

  • Security analysis and measures plan
  • Regular system analysis procedures

Tools: HERMES 5, BSI basic protection, ISO 27001, COBIT, pentest tools

Dez. 2014 - Dez. 2015
1 Monate

ISO 27001 Consultant

Government Agency

ISMS auditing and ISO 27001 certification preparation:

  • Pre-certification audit
  • Gap analysis
  • Remediation measures
  • Certification support
Aug. 2014 - Aug. 2014
1 Monate

ISO 27001 Consultant

ISMS auditing and ISO 27001 certification preparation:

  • Pre-certification audit
  • Gap analysis
  • Remediation measures
  • Certification support
Apr. 2014 - Mai 2014
2 Monaten
Switzerland

ISO 27001 Consultant

Swiss Federal Administration

ISMS auditing and ISO 27001 certification preparation:

  • Pre-certification audit
  • Gap analysis
  • Remediation measures
  • Certification support
Jan. 2013 - Dez. 2015
2 Jahren
Switzerland

Web Platform Administrator

Swiss Federal Administration

Administration of LAMP web platform on SLES 9,10,11:

  • Regular security analysis
  • Security measures implementation
Jan. 2013 - Dez. 2014
1 Jahr
Switzerland

Technical Project Manager

Swiss Federal Administration

Server migration project management using HERMES 5 methodology

Jan. 2011 - Dez. 2013
1 Jahr

Systems Administrator

Administration of large SUSE Linux Enterprise Server farm (ca. 500 servers):

  • Security analysis
  • Penetration testing
  • BSI basic protection optimization
Juli 2009 - Dez. 2011
2 Jahren 6 Monaten

Systems Administrator

Public Sector

Administration of SUSE Linux Enterprise Server farm (ca. 800 servers):

  • Security analysis
  • Penetration testing
  • BSI basic protection optimization
  • Server monitoring with Check_MK
Jan. 2008 - Dez. 2009
2 Jahren

Process Consultant

Mid-sized Company

Continual service improvement of existing processes using COBIT, ITIL, PRINCE2

Jan. 2008 - Juni 2009
1 Jahr 6 Monaten
Germany

Project Manager

Government Agency

Sub-project management for nationwide migration at 4 of 750 locations

Jan. 2007 - Dez. 2008
1 Jahr

Web Platform Administrator

Bank

Administration of web platform using Apache Tomcat and Apache web server on SUSE Linux Enterprise Server

Juli 2006 - Dez. 2006
6 Monaten

Linux Systems Engineer

Manufacturing Company

Conceptual setup of standardized Linux server systems using RedHat Enterprise and Advanced Server

März 2006 - Juni 2006
4 Monaten
Bern, Switzerland

Project Manager

Transport Company

Sub-project management for large project at SBB

Aug. 2005 - Aug. 2005
1 Monate

Systems Engineer

IT System House

Fine concept creation, test implementation and production deployment of Microsoft Operations Manager 2005

März 2005 - Juni 2005
4 Monaten

Systems Engineer

IT System House

Creation of rough and detailed concepts for Windows Server 2003 migration

Jan. 2004 - Dez. 2005
1 Jahr

Systems Engineer

IT System House

Infrastructure migration from NT 4.0 Server to Windows Server 2003

Feb. 2004 - Nov. 2005
1 Jahr 10 Monaten
Germany

Project Manager

Government Agency

Project management for complete migration of government environment including clients and server infrastructure

Okt. 2003 - Feb. 2004
5 Monaten

Systems Engineer

Manufacturing Company

Migration of company network from Windows NT 4.0 to Windows Server 2003 and Windows XP including infrastructure services and VMware virtualization

März 2001 - Okt. 2002
1 Jahr 8 Monaten

Trainer and Consultant

Training and Consulting Company

Training, administration (Windows and Linux servers), consulting and coaching

Dez. 1999 - März 2001
1 Jahr 4 Monaten

Network Engineer

Project implementation for small and medium businesses:

  • Network planning
  • Network construction
  • Maintenance
Dez. 1999 - März 2000
4 Monaten
Vor Ort

Support Engineer

IT Retailer

Collaboration with IT retailer:

  • Network construction
  • Delivery
  • On-site customer support
Apr. 1999 - Dez. 1999
9 Monaten

System Administrator

University

Administration of student computer pool and Office project consulting

Jan. 1998 - Aug. 1999
8 Monaten

System Administrator

Adult Education Center

Administration of training and production networks

Juli 1998 - Aug. 1998
2 Monaten
Vor Ort

Linux Systems Engineer

Setup of Linux servers using SuSE Linux and integration into heterogeneous networks:

  • PC service
  • On-site customer support

Sprachen

Deutsch
Muttersprache
Englisch
Verhandlungssicher
Französisch
Fortgeschritten
Niederländisch
Grundkenntnisse

Zertifikate & Bescheinigungen

Microsoft Certified Trainer (Mct: 2002, 2003, 2004,2005)

Auditor Nach §8a Bsig (Kritis-Auditor Und Berater)

Bsi Praktiker

Cert. Ethical Hacker

Cio-Compliance Und Integrity Officer

Datenschutzbeauftragter

Hermes Advanced Projektleiter

Hermes Hsptp

Iso 27001 Isms Auditor/ Isms Lead Auditor

It-Forensik Cert Spezialist (Iuk Forensik, Incident Response & It-Recht)

Itil Expert In Service Management

Ki-Manager

Linux Professional Institute Lpi Level 2

Microsoft Certified Database Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator On Windows Server

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Windows

Microsoft Isa-Server 2000 Certified

Offensive Security Certified Professional

Prince 2 Practitioner

Redhat Certified Engineer (Rhce)

Redhat Certified Examiner (Rhcx, Z.Zt Inaktiv)

Ähnliche Freelancer

Verifizierter Experte
Pierre Gronau

IT Security and IT Compliance Consultant

Profil ansehen
Verifizierter Experte
Nikolaus Betzler

Cyber Security Consultant

Profil ansehen
Verifizierter Experte
Valeri Milke

Senior IT Security & Compliance CISO ISO 27001 TISAX NIS2 DORA AI Act CRA BSI IT-Grundschutz Penetration Testing ISMS BCM

Profil ansehen
Verifizierter Experte
Christian Fritsch

IT-Komplettlösungen

Profil ansehen
Verifizierter Experte
Andreas Fischer

Senior Projekt Manager

Profil ansehen
Verifizierter Experte
Alagi Mansaray

Project Manager & IT Security Architect

Profil ansehen
Verifizierter Experte
David Reitz

Interim IT Consultant

Profil ansehen
Verifizierter Experte
Mirco Schmidt

Gesellschafter-Geschäftsführer

Profil ansehen
Verifizierter Experte
Guido Schmetkamp

Project Manager / Business Analyst / IT Security Consultant / Test Manager

Profil ansehen
Verifizierter Experte
Christine Schmitt

Cybersecurity | IEC 62443 | GRC | IT/OT Project Management

Profil ansehen
Verifizierter Experte
Andreas Antoni

Project Manager for Network and Infrastructure Project Migration EU/US/MEX

Profil ansehen
Verifizierter Experte
Henryk Orantek

Security Consultant

Profil ansehen
Verifizierter Experte
Samir Soliman

Senior Projekt Manager & Cybersecurity Consultant

Profil ansehen
Verifizierter Experte
David Bleyer

Koordinator Für Datenschutz, Sicherheit Und IT-Sicherheit, BSI Grundschutz Praktiker, FIAE

Profil ansehen
Verifizierter Experte
Matthias Steinmann

ISO/IEC 27001 Lead Auditor, CEH, PMP, Datenschutz

Profil ansehen
Deutsch
WebseiteProjektlisteLoginAnmelden Impressum AGBs Datenschutz
Powered by FRATCH.IO GmbH