Andreas Rühl - Principal Consultant Information Security

Q: Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

Q: What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies . The average length of individual experience is 2 years and 7 months . Note that Andreas may not have shared all experience and actually has more experience.

Q: What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting .

Q: What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG .

Q: Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology (IT) , Professional Services , and Healthcare . Andreas also has some experience in Pharmaceutical , Metals and Mining , and Retail .

Q: Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology (IT) , Project Management , and Strategy and Planning . Andreas also has some experience in Customer Service , Audit , and Quality Assurance (QA) .

Q: Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology (IT) and Professional Services .

Q: Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology (IT) , Project Management , and Strategy and Planning .

Recommended expert

Berlin, Germany

Experience

Jan 2025 - Dec 2024

Germany

Freelance Information Security Consultant

A-R-C Andreas Rühl Consulting

Development and implementation of customized information security strategies
Introduction and further development of ISMS according to ISO 27001, BSI IT Baseline Protection, and other standards
Risk management and creation of security concepts
Consulting for KRITIS, PCI DSS, TISAX, and VdS 3473/10000
Building and optimizing security organizations
Creating and implementing guidelines, policies, work instructions, and process descriptions
Audit support and certification preparation
Conducting training, workshops, and awareness campaigns
Selection and consulting for implementing IT security solutions like SIEM, DLP, IDS/IPS, firewalls, and encryption technologies
Performing penetration tests and vulnerability analyses
Consulting on selection, integration, and management of security architectures in complex IT environments
Consulting on ITSM, managed security services, and SOC
Leading and managing complex projects to improve information security
Process analysis, optimization, and management following ITIL, ISO 27001, and cybernetics
Introduction and quality assurance of management, documentation, and knowledge management systems
Supporting compliance with regulatory information security requirements (e.g., GDPR, HIPAA, SOX, GMP, KRITIS)
Developing and implementing risk analysis procedures
Organizing initial response, forensic investigations, and organizational measures in security incidents
Designing and conducting targeted workshops on topics like ISMS, IT risks, and current threat scenarios
Awareness campaigns to promote security culture in companies
Specialized training on ISO 27001, BSI IT Baseline Protection, KRITIS, and other relevant standards
Simulations and exercises to prepare for information security incidents
Interim management for leading information security projects or IT security organizations
Acting as an external CISO (Chief Information Security Officer)
Supporting development and implementation of IT security and corporate strategies
Coaching and mentoring executives in information security
Building and leading security departments as well as recruiting and qualifying staff
Temporary assumption of management responsibility in critical situations

Jan 2019 - Dec 2024

6 years

Germany

Head of Security Solutions Business Unit / Technical Lead Information Security Consulting

Profi Engineering Systems AG

Building the Security Solutions business unit
Engaging with client representatives from all functional areas
Technical leadership of the consulting team's information security staff
Leading proposal and technical teams from the initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions during escalations
Proactive communication and accountability for projects
Strategic development of topics with direct reporting to management
Further development and coaching of team members
Leadership in line with corporate culture
Building and expanding the consulting service offering
Project management and information security consulting
ISMS development and audit support
Consulting on B3S, NIS2, KRITIS, ISO 27001, BSI IT Baseline Protection, PCI DSS, VdS 3473, TISAX
Creating and implementing policies, work instructions, process descriptions, operational documentation, and manuals
ITSM and process consulting
Consulting on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting and selection of suitable tools, processes, and methods
Expanding the client network and contributing to the business unit strategy
Acting as client contact for further inquiries and ensuring successful project delivery
Developing strategies and processes around the deployment of IT staff
Supporting the expansion of the managed services business unit
Establishing the penetration testing business unit
Supporting departments in analyzing and identifying opportunities for improved control of business processes
Recruiting staff and planning further development and qualification

Oct 2017 - Jan 2019

1 year 4 months

Germany

Principal Consultant Information Security

Profi Engineering Systems AG

Establishing information security consulting as a new service area
Engaging with client representatives from all functional areas
Technical leadership of the consulting team's information security staff
Leading proposal and technical teams from initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions during escalations
Proactive communication and accountability for projects
Strategic development of topics with direct reporting to management
Further development and coaching of team members and other staff
Leadership in line with corporate culture
Building and expanding the consulting service offering
Consulting on information security, project management, ISMS development, and audit support
Consulting on KRITIS, ISO 27001, BSI IT Baseline Protection, PCI DSS, VdS 3473
Creating and implementing policies, work instructions, process descriptions, operational documentation, and manuals
ITSM and process consulting
Consulting on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting
Selecting suitable tools, processes, and methods
Expanding the client network and contributing to the business unit strategy
Acting as client contact for further inquiries and ensuring successful project delivery
Developing strategies and processes around the deployment of IT staff
Supporting the expansion of managed services
Supporting departments in analyzing and identifying opportunities for improved control of business processes and preparing the analysis results
Recruiting staff and planning further development and qualification

Jan 2016 - Apr 2017

1 year 4 months

Germany

Senior IT and Information Security Officer

Klöckner und Co AG

Managing information security for the Klöckner Group
Establishing the information security organization and the ISMS
Designing, planning, and reviewing infrastructure measures and managing implementation (IDS/IPS, SIEM, honeypots, firewalls)
Preparing and presenting information security topics to the executive board
Conducting information security audits
Conducting penetration tests and vulnerability scans
Consulting and reporting on information and IT security
Process analysis, documentation, and design, including alignment with security standards
Selecting, testing, and implementing comprehensive security solutions
Performing risk analyses according to ISO 27001 and developing custom risk analysis procedures
Creating and implementing an ISMS and related policies and guidelines
Conducting structural analyses regarding information security
Project management for the implementation of information security policies
Serving as the Information Security Officer
Coordinating and monitoring contracted service providers
Forensic and organizational investigation of information security incidents and measures

Apr 2015 - Oct 2015

7 months

Germany

Senior Consultant, Auditor, and IT Security Engineer Information Security

Kai Viehmeier Consulting GmbH

Consultant, board member, and co-author of the VdS 3473 Cyber Security guideline for SMEs
Developing and implementing ISMS for clients
Structural and organizational analyses of companies regarding information security and legal requirements
Process analysis, documentation, and design, including adaptation to security standards
Conducting information security audits
Performing penetration tests and vulnerability scans
Advising clients on information and IT security according to ISO 27001, BSI IT Baseline Protection, and VdS 3473
Conducting risk analyses and developing custom risk analysis procedures
Project management for implementing VdS 3473 requirements
Serving as the Information Security Officer
Configuring and installing Cisco-based network components

Nov 2013 - Mar 2015

1 year 5 months

Germany

Manager in the Quality and Training Team

Siemens Healthcare (ISK Personaldienstleistungs GmbH)

Project management for introducing new services and processes
Service quality management according to ITIL, ISO 27001, and ISO 9001: design and implementation of the ticket review process, conducting ticket reviews, statistics, analytics, reporting, initiating corrective and preventive actions
Employee training, certification, and testing
Document management according to ITIL, ISO 27001, and ISO 9001: design and implementation, management, and quality assurance of documents
Knowledge management according to ITIL, ISO 27001, and ISO 9001: design and implementation, management, and quality assurance of content
Process management according to ITIL, ISO 27001, and ISO 9001: recording, documentation, and improvement of various processes (incident, problem, change, knowledge management, employee training)

Jan 2012 - Jul 2013

1 year 7 months

Germany

Network Administration and IT Security Consultant

Pamec Papp Ingenieurgesellschaft

IT security consulting
Site-to-site VPN IPSec tunnel configuration and troubleshooting
Network configuration and troubleshooting in a global heterogeneous IT infrastructure with Cisco products
Firewall and perimeter administration (Cisco ASA, Checkpoint, FortiGate)
Network administration and support in customer networks (Cisco, Juniper, Huawei)
Technical application, service portal, and customer system support
ITIL v3 service operation and continual service improvement (CSI)
Multilingual 1st and 2nd level support in an ISO 27001 organization
Incident and problem management
Project management
Support and configuration of medical equipment (CT, MR, AS, HS, DICOM, HL7)
Syngo service software configuration and support
System management support and configuration based on HP OpenView and CA Unicenter
Information and data security concepts and principles: PHI/ePHI, HIPAA security standard
User and knowledge base management
Process recording, documentation, and optimization

Jul 2010 - Dec 2011

1 year 6 months

Austria

IT Security Manager Austria

Sandoz-Novartis International GmbH (Pidas GmbH)

IT security management consulting
Reporting to the CIO and CISO
Project management for IT infrastructure and IT security
Creation, review, and adjustment of processes, SOPs, and policies
Information security officer in Sandoz IT
Management of LAN, WAN connections, and perimeter security
Vulnerability management and penetration testing
Single point of contact for suppliers, service providers, and external companies
Antivirus and malware management
Process documentation, optimization, and implementation according to GxP, SOX, and ITIL
IT security incident and problem management
Forensics in case of attacks or infections
Management of cross-company IT and IT security incidents
Audits of third-party companies and partners
Encryption of storage media, network connections, and network storage
Adapting Sandoz systems for standards compliance in other environments
Consulting on hardware and software rollouts and execution
Consulting on the IT integration of EBEWE into Sandoz/Novartis systems
IT quality management
Training of the Sandoz help desk

Apr 2010 - Jul 2010

4 months

Germany

Remote

Project network and rollout engineer and network integration

HWS-Projekt-Engineering

In-house and remote support for hardware, software, peripheral, and network issues
Hardware and software rollouts
Active Directory administration and support
Software distribution and licensing

Dec 2009 - Jul 2010

8 months

Germany

Lecturer for construction and IT technology

Berufsförderungswerk Weißenburg

Teaching construction and IT technology topics
Developing teaching materials and practical exercises

Jun 2009 - Dec 2009

7 months

Germany

Remote

Project Network and System Engineer

Landesgewerbeanstalt (Staff Placement)

Guidance and training of additional project team members
In-house, remote, and phone support (2nd level) for hardware, software, peripheral, and network issues
Support and management of hardware and software rollouts
Migrating from Novell Directory Services to Active Directory during integration into the TÜV Rheinland Group
Troubleshooting and onboarding colleagues into processes
Network and user administration
Leading the rollout team

May 2008 - May 2009

1 year 1 month

Germany

Remote

Senior PC Technician Southern Germany, Consultant, and Acting Branch Manager

Arlt Computer GmbH Nürnberg

1st and 2nd level support (on-site and remote) for hardware, software, and network
Warranty handling with manufacturers
Installation, configuration, and repair of various operating systems (Windows XP, Vista, 2000, 98, Mac OS X, Linux)
Customer consulting and sales in network and server technology, hardware, software, internet technology, and multimedia
Working with the inventory management system
Internal knowledge transfer and information exchange using Novell GroupWise
Onboarding other technicians to internal processes
Acting branch manager (cash register balancing, inventory checks, staff management)

Sep 2003 - May 2008

4 years 9 months

Germany

IT/Network Technician and Consultant for Private Clients and SMEs

Self-employed

Network support and setup of TCP/IP networks and internet integration
Technical PC support: assembly, setup, expansion, upgrades, troubleshooting, and repair
IT consulting: procurement and upgrade of hardware, software, and security solutions
Management, creation, and organization of websites and web servers (Dreamweaver, Flash, Linux game servers)
Organization and technical support of LAN parties (10–50 participants)
Project management and leadership for integration and roll-out projects

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (15.5 years), Professional Services (7.5 years), Healthcare (3 years), Metals and Mining (1.5 years), Pharmaceutical (1.5 years), and Retail (1 year).

Information Technology

Professional Services

Healthcare

Metals and Mining

Pharmaceutical

Retail

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (20 years), Project Management (18.5 years), Strategy (6 years), Customer Service (5.5 years), Audit (3 years), and Quality Assurance (3 years).

Information Technology

Project Management

Strategy

Customer Service

Audit

Quality Assurance

Summary

With over 15 years of experience in information security, I help companies implement and improve ISMS based on standards like ISO 27001. My focus is on developing and implementing IT security strategies, information security audits, and risk analyses to ensure security and compliance.

Currently, I work as an information security and cybersecurity consultant and advise clients on topics like data protection (GDPR), TISAX, and IT project management. With my expertise in leading teams, strategically developing business areas, and proactive communication, I help create sustainable security solutions.

Skills

Strategic Consulting And Project Management: Implementation Of Patch Management
Support In Setting Up An Isms Following Bsi It Baseline Protection
Revision Of Data Center It Security
Implementation Of Identity And Asset Management
Revision Of Isms And Implementation According To German Standards When Entering The German Market
Security Review And Isms According To Vds 3473 And Isms Implementation
Implementation Of Iso 27001
Handling A Cyber Attack And Advising On Bafin Security Standards
Advising On Iso 27001 And It Security
Information Security Consulting
Development Of A Data Protection Management System
Revision Of Internal Kritis Policies
Revision Of Internal Policies In The Context Of Kritis And Iso 27001
Market Analysis Of Siem And Monitoring Solutions
Handling An Information Security Incident And Closing The Security Gaps
Advising On Gdpr During The Adoption Of Cloud Solutions
Development Of An It Emergency Manual
Cyber Security Incident
Designing And Documenting A Secure Backup Environment
Project Management Of It Security Projects
Tisax Consulting And Support
Consulting And Project Management In Developing A Security Operations Center (Soc)
Consulting In The Context Of Iso 27001 And Bsi It Baseline Protection In Software Development
Auditing Internal Processes And Parts Of The It Security Landscape
Principal Consultant Information Security

Languages

German

Native

English

Advanced

Education

Sep 2006 - Sep 2007

Georg-Simon-Ohm-Fachhochschule Nürnberg

Architecture · Nuremberg, Germany

Sep 2004 - Sep 2006

Georg-Simon-Ohm-Fachhochschule Nürnberg

Civil Engineering · Nuremberg, Germany

Sep 2003 - Sep 2004

Georg-Simon-Ohm-Fachhochschule Nürnberg

Electrical Engineering · Nuremberg, Germany

...and 6 more

Certifications & licenses

ISMS Officer – ISO 27001

VOREST AG

Führerscheinklasse: A und B

ITIL v3 Zertifikat

Profile

Created

March 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced).

How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies. The average length of individual experience is 2 years and 7 months. Note that Andreas may not have shared all experience and actually has more experience.

What roles would Andreas be best suited for?

Based on recent experience, Andreas would be well-suited for roles such as: Freelance Information Security Consultant, Head of Security Solutions Business Unit / Technical Lead Information Security Consulting, Principal Consultant Information Security.

What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting.

What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG.

Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology (IT), Professional Services, and Healthcare. Andreas also has some experience in Pharmaceutical, Metals and Mining, and Retail.

Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology (IT), Project Management, and Strategy and Planning. Andreas also has some experience in Customer Service, Audit, and Quality Assurance (QA).

Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology (IT) and Professional Services.

Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology (IT), Project Management, and Strategy and Planning.

What is Andreas's education?

Andreas holds a Bachelor in Civil Engineering from Georg-Simon-Ohm-Fachhochschule Nürnberg.

Does Andreas have any certificates?

Andreas has 3 certificates. These include: ISMS Officer – ISO 27001, Führerscheinklasse: A und B, and ITIL v3 Zertifikat.

What is the availability of Andreas?

Andreas is immediately available full-time for suitable projects.

What is the rate of Andreas?

Andreas's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.