Sascha Leitner
DORA Senior Lead Manager
Erfahrungen
Juli 2022 - Bis heute
2 Jahren 8 Monaten Austria
CEO
SEComply
Founder & Creator of a cutting-edge Governance, Risk & Compliance SaaS Solution. Developing and executing business development strategies to identify new opportunities and expand market presence. Providing Information Security Consulting Services: Specializing in Governance, Risk, and Compliance (GRC) topics such as Risk Management, ISO 27005, ISO 27001, NIS 2, DORA, PCI DSS, EU-GDPR, and more.
Past Projects:
- Kyndryl Austria GmbH: Delivered IAM blueprint, conducted risk assessments, developed transformation strategy and roadmap for client projects, and provided support in pre-sales activities to align solutions with client needs
- Cashpoint Sportwetten GmbH: Conducted ISO 27001:2022 gap analysis, enhanced ISMS processes, updated security training, aligned with ISO 27001:2022 standards, and improved vulnerability management practices through regular assessments and remediation planning
- Hornbach Baumarkt AG: Supported the CISO in achieving ISO 27001 compliance, implementing a secure software development lifecycle (SDLC), strengthening vulnerability management practices, and enhancing risk management frameworks
- MHP Management- und IT-Beratung GmbH: Created and reviewed security concepts aligned with ISO 27001 standards
- Stromnetz Berlin GmbH: Developed a comprehensive security concept based on ISO 27001 requirements
- dmTech GmbH: Conducted IT security training for employees, fostering awareness and adherence to security best practices
- Finanz Informatik GmbH: Managed PCI DSS-related tasks, including compliance assessments and control implementations
- TIPS Messtechnik GmbH: Conducted NIS2 gap analysis, developed a comprehensive compliance roadmap, and provided supportive actions to address identified gaps and ensure alignment with regulatory requirements
Dez. 2020 - Bis heute
4 Jahren 3 Monaten Austria
Senior Information Security & Compliance Manager
Qenta Payment CEE GmbH
- Establishment and management of the Information Security Department
- Maintenance of compliance with PCI DSS, ISO 27001, DORA and GDPR standards
- Development and enhancement of the ISMS, including risk assessments and mitigation (ISO 27005)
- Leadership of internal and external audits, ensuring alignment with regulatory requirements
- Execution of penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies
- Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices
März 2020 - Bis heute
5 Jahren Austria
Lecturer, Information Security
CAMPUS 02 Fachhochschule der Wirtschaft GmbH
Specializing in Software Engineering (Java, Python), Identity & Access Management, Cryptography, and Internet Security
Nov. 2019 - Nov. 2020
1 Jahr 1 MonateHead of Information Security & Compliance
MarineXchange Software GmbH
- Establishment and management of the Information Security Department
- Maintenance of compliance with ISO 27001 and GDPR standards
- Development and enhancement of the ISMS, including risk assessments, treatment plans, and ongoing improvement (ISO 27001 and ISO 27005)
- Leadership of internal and external audits, ensuring alignment with ISO 27001 requirements
- Execution of vulnerability assessments, security reviews, and risk analysis for ISO 27001 compliance
- Execution of penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies
- Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices
- Management of IT security projects, vendor security assessments, and ISO 27001 policy development
- Development of incident response procedures and assurance of robust risk management aligned with ISO 27001 standards
Jan. 2018 - Okt. 2019
1 Jahr 10 MonatenInformation Security Manager (Teamlead)
Wirecard CEE GmbH
- Establishment and management of the Information Security Department
- Maintenance of compliance with PCI DSS, ISO 27001, and GDPR standards
- Development and enhancement of the ISMS, including risk assessments and mitigation (ISO 27005)
- Leadership of internal and external audits, ensuring alignment with regulatory requirements
- Executed penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, nmap, Acunetix, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies
- Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices
- Management of IT security projects, vendor security assessments, and policy development
- Development of incident response procedures and assurance of robust risk management
März 2016 - Aug. 2017
1 Jahr 6 MonatenIT Project Manager
Energie Steiermark Service GmbH
- Development and management of project scope, goals, and deliverables with stakeholders
- Creation and oversight of project plans, timelines, and resource allocation
- Coordination of cross-functional teams and supervision of the development lifecycle
- Identification and mitigation of project risks to maintain schedule and budget
- Communication of progress through regular updates and reports
- Assurance of quality through testing and management of deployment and post-launch support
Mai 2015 - Feb. 2016
10 MonatenJava Enterprise Software Developer
Netconomy Consulting GmbH
Aug. 2014 - Juni 2016
1 Jahr 11 Monaten Austria
IT Support / Java Smart Card Development
NXP Semiconductors Austria GmbH & Co KG
Sept. 2013 - Feb. 2014
6 MonatenDatabase Administrator
SSI Schäfer Peem GmbH
Zusammenfassung
With over a decade of experience in Information Security and Compliance, I specialize in GRC and technical IT security.
- Governance, Risk, and Compliance (GRC): Proficient in ensuring compliance with standards like ISO 27001, ISO 27005, NIS 2, DORA, PCI-DSS, EU-GDPR, and more, reducing compliance risks and strengthening governance
- Leadership: Proven ability to lead and develop IT security teams, ensuring the integration of security initiatives with business objectives
- Project Management & Implementation: Experienced in leading IT security projects using agile methodologies and tools such as Jira, Confluence, and MS Office
- Security Strategy: Adept at crafting and implementing security programs that align with regulatory requirements and drive business success
- ISMS Management: Skilled in setting up, improving, and enhancing ISMS (ISO 27001), significantly strengthening security posture
- Risk Management: Successfully introduced and implemented ISO 27005 frameworks to align security strategies with organizational goals
- Incident Response: Developed and led incident response strategies, including crisis management and post-incident analysis, minimizing impact and improving resilience
- Vendor Risk Management: Conducted thorough assessments of third-party vendors, ensuring compliance with security standards and reducing supply chain risks
Technical Expertise
- Security Testing: Conducted penetration tests, network scans, code reviews, and security assessments
- Software Security: Ensured compliance with SSDLC, OWASP, and ASVS standards and conducted static/dynamic code analysis using tools like SonarQube, Fortify, and Burp Suite
- Security Architecture: Designed and implemented robust security architectures and managed IAM systems to ensure secure and efficient access control
- Programming Languages: Proficient in Java, Python, JavaScript, and MySQL for modern, secure software development
- Cloud Technologies: Expertise in AWS, Azure, and Office365, focusing on secure cloud deployment and management
Sprachen
Deutsch
Muttersprache
Englisch
Muttersprache
Ausbildung
Sept. 2015 - Juli 2017
FH Joanneum
Master of Science · IT & Mobile Security · Austria
Sept. 2012 - Juli 2015