Arndt Schürg - Information Security Officer according to TISAX

Recommended expert

Ludwigshafen, Germany

Experience

Aug 2025 - Present

6 months

Information Security Officer according to TISAX

Automotive Supplier

Jan 2023 - Jun 2024

1 year 6 months

Interim CISO

EnBW

Steering the information security management system with KRITIS relevance according to ISO/IEC 27001 and ISO 27019 in the role of interim CISO/ISB
Aligning information security objectives with executive management (management reviews)
Coordinating and planning information security with the group CISO and BCM officers
Aligning information security in complex group and stakeholder structures

Nov 2021 - Jun 2022

8 months

Security Consultant for Supplier Management and Supplier Audits

Deutsche Bahn

Advising the supplier management of DB Networks on creating policies in line with ISO 27001 requirements
Developing, advancing, and reviewing implementation guidelines
Aligning purchasing processes to ensure compliance with corporate policies
Evaluating and coordinating supplier self-assessments as a basis for risk assessment

Oct 2021 - Present

4 years 4 months

Lead Auditor Internal Audit ISO/IEC 27001 and ISO/IEC 27019

Gas Network Operator in NRW

Planning audits and preparing documents according to ISO 19011
Conducting audits by checking the ISMS against ISO/IEC 27001 combined with the requirements of the T-Security Catalog under § 11 (1a) and (1b) EnWG of the Federal Network Agency (BNetzA)

Jul 2021 - Present

4 years 7 months

Trainer and Designer for Incident and Business Continuity Management Trainings

TÜV Süd

Developing a training concept based on ISO 27035 incident management, ISO 22301 business continuity management, and BSI 200-4
Continuously updating content according to state-of-the-art and evolving standards
Delivering trainings both in-person and online

Jun 2021 - Dec 2022

1 year 7 months

Consultant and subproject manager KRITIS logging IT/OT

Deutsche Bahn

Capture logging requirements for subsystems
Coordinate with system owners on connecting the systems
Develop detection patterns/use cases for potential attack scenarios
Design and execute tests
Coordinate organizational and technical processes with the central SOC
Prepare audit-related documentation

Nov 2020 - Present

5 years 3 months

Information Security Officer/ISB

Senftenberg Public Utilities

Manage the information management system based on the IT security catalog ISO/IEC 27001 and ISO 27019 as interim CISO/ISB
Align information security objectives with management (management reviews)
Identify, categorize, and handle security incidents
Serve as the point of contact for stakeholders regarding information security

Sep 2020 - Aug 2021

1 year

Consultant Identity and Access Management

Insurance Company

Establish IAM monitoring based on a SIEM/Splunk according to VAIT

Jul 2018 - Apr 2019

10 months

Mannheim, Germany

Interim Information Security Officer/CISO

Caterpillar Energy Solutions GmbH

Lead information security management
Implement and operate the ISMS according to ISO/IEC 27001
Advise business units on compliance with KRITIS requirements

Nov 2017 - Feb 2018

4 months

Senior Security Consultant

Local Electricity Provider

Implement the IT security catalog (IT-SiKat)
Conduct security analyses and gap analyses
Develop technical and organizational security concepts

Jan 2016 - Present

10 years 1 month

ISO 27001 Certification Consultant

Various SMEs

Supported SMEs in ISO 27001 certification
Developed security policies and technical security concepts
Conducted information security trainings and workshops

Feb 2013 - Jul 2015

2 years 6 months

Hanover, Germany

Security Consultant & Project Manager

VW Commercial Vehicles

Advised on the implementation and operation of the ISMS according to ISO/IEC 27001
Managed IT security projects
Prepared for certifications and conducted audits

Summary

Our expert (born 1971) has over 25 years of experience as a consultant and project manager in IT and information security. His main areas include implementing Information Security Management Systems (ISMS), preparing for certifications, conducting ISO 27001 trainings, and performing IT security analyses. He is certified as an ISO 27001 Lead Auditor. His extensive experience in IT and information security is demonstrated by his CISSP certification from ISC2 and as a Certified Security Practitioner from ISACA.

With his diploma in Business Administration (FH) focusing on IT, he has in-depth knowledge of information security in the context of business requirements and processes. His professional practice includes advising companies on introducing and operating ISMS, especially within the framework of legal and regulatory requirements, e.g., under the IT Security Act.

Skills

Industries: Kritis, Local Energy Suppliers, Energy Producers, Aggregators, Long-distance Gas Pipeline Operators, Transport And Logistics, Insurance, Consulting, Automotive, Mechanical Engineering, Telecommunications, It Service Providers, Finance.
Security: Isms According To Iso 27001, Bsi Basic Protection Approach, B3s District Heating, Nis-2, Cyber Resilience Act, Vda-isa, Data Protection/gdpr, Compliance, Business Continuity, Iec 62443.
It Security Audit Tools: Verinice, Vda-isa, Metasploit/icssploit, Wireshark, Owasp, Openvas/nessus, Splunk, Kali, Nmap.
Training And Security Awareness: Author And Trainer For Trainings On Incident And Business Continuity Management (Tüv Süd), Trainer For Iso 27001 Foundation, Officer, And Tisax Foundation Personal Certifications (Tüv Süd), Workshops, Trainings, And Events On (It) Security.
Software, Frameworks, Skills: Ms Office (Word, Excel, Powerpoint, Access), Ms Visio, Ms Project, Aris Process Modeling (Epk), Adonis, Vmware, Cyberark, Atlassian Jira, Confluence, Bitbucket, Splunk, Elastic Stack, Sap Solution Manager, Crm, Fi, Mm, Xi, Sql, Php, Javascript, Identity & Access Management (Iam/pam).
Hardware And Architectures: Pc & System Components, Hardware Architecture, Vpn, Firewall Architecture, And Network Segmentation.
Project Management: It Project Management, Project Planning, Project Controlling According To Ipma, Pmbok, Prince2, Kanban, And Scrum.
Documentation: Experience With Organizational Structures, Audit Reports According To Iso/iec 27001, Emergency Manuals, Security Policies, Technical Security Concepts, Industry-specific Security Standards (B3s), Operating Manuals, Work Instructions, Process Modeling In Epk, Pap (Aris, Visio, Adonis), Corporate Structures, Smes, Complex Stakeholder Structures, Complex Supplier And Customer Structures (Energy Suppliers).

Languages

German

Native

English

Advanced

Education

Lorem ipsum dolor sit amet

Diploma in Business Administration (FH), focus on IT · Business Administration, IT

Certifications & licenses

Compliance Fundamentals according to ISO37301

NIS-2 information sessions by BSI

BSI

Advanced training for trainers at TÜV Süd

TÜV-Süd

Audit Competence according to § 8a (3) BSIG

Trainer for Incident and Business Continuity Management Trainings

TÜV Süd

Accreditation as TISAX Trainer

TÜV Süd

Expert training in IT security for control and automation technology according to IEC 62443

Certified Security Practitioner

ISACA

Accreditation as ISO 27001 Trainer

TÜV Süd

ISO 27001 Lead Auditor

TÜV Rheinland

Data Protection Officer: Fundamentals of Data Protection

CISSP

ISC2

ITIL Foundation

AEVO

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Similar Freelancers

Discover other experts with similar qualifications and experience

Experience

Information Security Officer according to TISAX

Automotive Supplier

Interim CISO

EnBW

Security Consultant for Supplier Management and Supplier Audits

Deutsche Bahn

Lead Auditor Internal Audit ISO/IEC 27001 and ISO/IEC 27019

Gas Network Operator in NRW

Trainer and Designer for Incident and Business Continuity Management Trainings

TÜV Süd

Consultant and subproject manager KRITIS logging IT/OT

Deutsche Bahn

Information Security Officer/ISB

Senftenberg Public Utilities

Consultant Identity and Access Management

Insurance Company

Interim Information Security Officer/CISO

Caterpillar Energy Solutions GmbH

Senior Security Consultant

Local Electricity Provider

ISO 27001 Certification Consultant

Various SMEs

Security Consultant & Project Manager

VW Commercial Vehicles

Summary

Skills

Languages

Education

Diploma in Business Administration (FH), focus on IT · Business Administration, IT

Certifications & licenses

Compliance Fundamentals according to ISO37301

NIS-2 information sessions by BSI

BSI

Advanced training for trainers at TÜV Süd

TÜV-Süd

Audit Competence according to § 8a (3) BSIG

Trainer for Incident and Business Continuity Management Trainings

TÜV Süd

Accreditation as TISAX Trainer

TÜV Süd

Expert training in IT security for control and automation technology according to IEC 62443

Certified Security Practitioner

ISACA

Accreditation as ISO 27001 Trainer

TÜV Süd

ISO 27001 Lead Auditor

TÜV Rheinland

Data Protection Officer: Fundamentals of Data Protection

CISSP

ISC2

ITIL Foundation

AEVO

Similar Freelancers

Owner and Managing Director

ISO – Senior Consultant Quality & Information Security

Project Manager NIS-2

Consultant in Information Security, Data Protection and Business Continuity Management

Interim CISO (Germany, Austria, US, APAC), Auditor

Lead Auditor

KRITIS Consultant

Project coordination, consulting, IT security, ISMS, NIS2, continuous improvement

IT-Security Manager

Project Manager AOS

ICT Risk Management and Information Security

Deputy Chief Information Security Officer

Consultant

Compliance Consultant

OT Security Champion Europe

Security Consultant

Interim Project Manager

Managing Director and Senior Consultant

Webinar Leader - Blackout Prevention and Preparation

Senior Consultant / PM Infrastructure Services & Workplace Migration

Senior Consultant

Consultant and Trainer, Managing Partner

Senior Security Architect

IT Security Consultant – Creation & Management of the IT Security Roadmap

Consultant/Coach ISO/SAE 21434 / UNECE R-155

ITIL 4 Master