DORA Senior Lead Manager

Founder & Creator of a cutting-edge Governance, Risk & Compliance SaaS Solution. Developing and executing business development strategies to identify new opportunities and expand market presence. Providing Information Security Consulting Services: Specializing in Governance, Risk, and Compliance (GRC) topics such as Risk Management, ISO 27005, ISO 27001, NIS 2, DORA, PCI DSS, EU-GDPR, and more.

Past Projects:

• Kyndryl Austria GmbH: Delivered IAM blueprint, conducted risk assessments, developed transformation strategy and roadmap for client projects, and provided support in pre-sales activities to align solutions with client needs
• Cashpoint Sportwetten GmbH: Conducted ISO 27001:2022 gap analysis, enhanced ISMS processes, updated security training, aligned with ISO 27001:2022 standards, and improved vulnerability management practices through regular assessments and remediation planning
• Hornbach Baumarkt AG: Supported the CISO in achieving ISO 27001 compliance, implementing a secure software development lifecycle (SDLC), strengthening vulnerability management practices, and enhancing risk management frameworks
• MHP Management- und IT-Beratung GmbH: Created and reviewed security concepts aligned with ISO 27001 standards
• Stromnetz Berlin GmbH: Developed a comprehensive security concept based on ISO 27001 requirements
• dmTech GmbH: Conducted IT security training for employees, fostering awareness and adherence to security best practices
• Finanz Informatik GmbH: Managed PCI DSS-related tasks, including compliance assessments and control implementations
• TIPS Messtechnik GmbH: Conducted NIS2 gap analysis, developed a comprehensive compliance roadmap, and provided supportive actions to address identified gaps and ensure alignment with regulatory requirements

Specializing in Software Engineering (Java, Python), Identity & Access Management, Cryptography, and Internet Security

• Establishment and management of the Information Security Department
• Maintenance of compliance with PCI DSS, ISO 27001, and GDPR standards
• Development and enhancement of the ISMS, including risk assessments and mitigation (ISO 27005)
• Leadership of internal and external audits, ensuring alignment with regulatory requirements
• Executed penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, nmap, Acunetix, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies
• Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices
• Management of IT security projects, vendor security assessments, and policy development
• Development of incident response procedures and assurance of robust risk management