Flamur Abdyli - Fractional Chief Information Security Officer

Q: Where is Flamur based?

Flamur is based in Berlin, Germany .

Q: What languages does Flamur speak?

Flamur speaks the following languages: English (Native), Albanian (Native), German (Elementary) .

Q: How many years of experience does Flamur have?

Flamur has at least 24 years of experience. During this time, Flamur has worked in at least 8 different roles and for 4 different companies . The average length of individual experience is 3 years . Note that Flamur may not have shared all experience and actually has more experience.

Q: What is Flamur's latest experience?

Flamur's most recent position is Fractional Chief Information Security Officer at VR Smart Guide GmbH .

Q: What companies has Flamur worked for in recent years?

In recent years, Flamur has worked for VR Smart Guide GmbH , Amazon Web Services , and N26 .

Q: Which industries is Flamur most experienced in?

Flamur is most experienced in industries like Banking and Finance and Information Technology (IT) .

Q: Which business areas is Flamur most experienced in?

Flamur is most experienced in business areas like Information Technology (IT) , Legal and Compliance , and Audit . Flamur also has some experience in Project Management , Strategy and Planning , and Operations .

Q: Which industries has Flamur worked in recently?

Flamur has recently worked in industries like Banking and Finance and Information Technology (IT) .

Q: Which business areas has Flamur worked in recently?

Flamur has recently worked in business areas like Information Technology (IT) , Audit , and Project Management .

Recommended expert

Berlin, Germany

Experience

Jan 2025 - Present

1 year 1 month

Fractional Chief Information Security Officer

VR Smart Guide GmbH

Enhance and develop the Information Security Management System (ISMS) in compliance with ISO 27001 and TISAX standards by continuously updating and refining the ISMS to align with evolving global standards.
Ensure that security practices and policies are integrated into all business processes to achieve and maintain certifications.
Lead the effort to identify, evaluate and mitigate risks across the organization, setting benchmarks for security measures.
Oversee and refine security processes, with an emphasis on incident management and rapid response by developing and enforcing policies for rapid detection, investigation and remediation of security incidents.
Train and lead the incident response team to handle breaches effectively, minimizing impact and ensuring swift recovery.
Implement continuous monitoring solutions to detect and respond to threats in real time.
Conduct comprehensive security assessments for internal and external IT projects, ensuring adherence to GDPR, DORA and other relevant standards.
Oversee security evaluations for all IT projects to ensure they comply with legal and regulatory requirements.
Integrate security measures from the planning phase through deployment to ensure all projects uphold the organization’s security standards.
Collaborate with project teams to address findings and ensure that security risks are managed effectively.
Serve as the principal security advisor to the IT department and senior management, offering insights on potential security challenges.
Facilitate a culture of security awareness throughout the organization through training and regular communication.
Lead security initiatives that align with the organization’s long-term strategic goals.
Establish and oversee a robust third-party risk management framework to mitigate external security threats by regularly assessing third-party security practices and compliance and developing contingency plans and mitigation strategies.
Provide regular updates and security briefings to the executive leadership and relevant committees, highlighting recent security incidents, responses, lessons learned and recommending strategic improvements.

Mar 2024 - Present

1 year 11 months

Berlin, Germany

Principal of Security Assurance Team

Amazon Web Services

Serve as the security assurance leader for all components within the cloud capability, guiding and overseeing assurance and authorisation activities to ensure adherence to standards, EMEA regulations and protocols.
Responsible for DORA regulation audit readiness for EMEA region internally and customer assurance.
Responsible for NIS-2 regulation audit readiness for EMEA region internally and customer assurance.
Responsible for customer assurance on BaFin regulations on security, risk management, third party risk management and IT compliance.
Collaborate with internal teams and customers to establish baselines and level-set security requirements, security controls, security objectives and regulatory readiness.
Develop and implement strategies to drive security outcomes across the cloud capability, determining methodology for collecting evidence for submission and ensuring compliance with relevant frameworks.
Implement and build on frameworks such as PCI DSS, HITRUST CSF, NIST, SOC 2, HIPAA, ISO 27001, GDPR and CCPA into design and build baselines to achieve agreed security posture.
Create, optimise and support cross-functional working groups and projects aimed at enhancing security efficiency and effectiveness across the organization.
Utilise domain expertise to develop thought leadership material on cloud and emerging technologies.

Jan 2022 - Mar 2024

2 years 3 months

Global Head of Information Risk Management

N26

Lead the Information Risk Management segment at group level, managing functions for information risk assessment, information security controls, ICT risk management, project excellence and tech audit management.
Oversee identification of potential threats and vulnerabilities to N26 data and information assets, evaluating impact and likelihood, prioritising risks and recommending mitigation strategies.
Develop, implement and maintain security measures, controls and procedures to protect against unauthorized access, data breaches and other security incidents.
Develop strategies to effectively manage technology-related risks and ensure compliance with regulatory requirements, collaborating with tech teams to integrate risk management into technology strategy.
Establish best practices and standards using GRC tools, offering guidance and training on monitoring performance and testing effectiveness.
Plan and conduct audits of tech teams and processes to assess effectiveness and compliance of technology controls, making recommendations for improvements and ensuring audit findings are communicated to stakeholders.
Influence governance and risk management, security compliance, controls and audit management, security program operations, information security core concepts, strategic planning, finance and vendor management, data loss and fraud prevention, identity and access management, investigations and forensics, program management, security governance and cyber resilience.

Jan 2020 - Dec 2022

3 years

Global Information Risk Management Lead

N26

Develop, document and mature global information security programs within the IRM team to deliver on strategic commitments and reduce risk.
Align GRC programs with industry regulations and best practice standards and frameworks.
Design metrics and reporting strategies to track effectiveness of programs as they are developed.
Establish credibility and maintain strong working relationships with stakeholders and partners to understand enterprise objectives, initiatives and delivery issues related to GRC services.
Effectively communicate and demonstrate emotional intelligence to positively influence change.
Collaborate with subject matter experts within departments to effectively execute GRC strategies.
Lead and build trust with employees across enterprise teams to ensure effective implementation and adoption of GRC programs.
Set priorities for a variety of tasks with flexibility to adjust as required.

Jan 2019 - Dec 2020

2 years

Senior IT Compliance Manager

N26

Provide guidance to internal stakeholders on information security from risk management, IT compliance and governance perspective.
Implement the security strategy within the N26 Group, directing projects and initiatives towards strategic objectives and advising on cybersecurity project prioritization.
Develop IT and information security policies, procedures and controls to ensure compliance with regulatory and legal requirements as well as international security standards including ISO 27001, NIST, SOC, PCI DSS and COBIT.
Report on GIRM topics and implementation status of security projects to founders.
Lead business technology planning by providing knowledge and vision of technology and systems to founders.
Develop and implement a GRC framework on information security requirements covering internal, global and third-party risk assessments and vendor risk management processes.
Maintain expertise on security trends through training, research and development to mitigate potential exposures.
Create and maintain Technical and Organizational Measures (TOMs) as required by Article 32 of GDPR.
Conduct security risk assessments and on-site assessments with product owners, develop, implement and monitor a comprehensive enterprise information security and IT risk management program.
Liaise with internal audit, corporate compliance, office of general counsel and risk management to remediate issues and track security-related issues in the electronic GRC system.
Promote and monitor the security awareness program and electronic records retention program, ensuring proper data classification.
Ensure compliance with MaRisk, BaIT and other regulatory requirements and implement incident response process and plan, conducting awareness sessions for responsible stakeholders.

Jan 2018 - Dec 2019

2 years

Information Risk Manager

N26

Develop and implement a GRC framework on information security requirements, ensuring all policies and procedures are communicated and compliance enforced.
Report on GRC topics and implementation status of security projects to C-Level.
Develop and implement security, business continuity, disaster recovery and privacy strategies, communicating them to bank employees, contractors, vendors and partners.
Implement business continuity policies, coordinate updates and testing of business continuity plan.
Deliver onboarding IT security trainings and annual awareness trainings on GRC requirements for employees, contractors and vendors.
Operate as the CISO of the bank, reporting regularly to the board of directors risk committee.
Work with executives and departments to ensure security systems reduce risks of security attacks.
Provide leadership to the enterprise’s information security organization.
Implement requirements from ISO 27001, SOC 2, PCI DSS and COBIT as IT governance framework, developing and enhancing global information security management framework.
Create and develop risk management program covering local, global and third-party risk assessments and vendor risk management processes.
Conduct third-party risk assessments, due diligence, site assessments and maintain third-party risk assessments outside the EU.
Develop, implement and monitor a comprehensive enterprise information security and IT risk management program.
Develop patch management and vulnerability process based on security strategy requirements.
Ensure regulatory compliance with relevant bodies and enforce security practices.
Implement identity and access management to ensure only authorized personnel have access to restricted data and systems.
Review and adjust security controls as needed.
Serve as the organization’s representative for law enforcement and regulatory requirements, especially data privacy under German privacy law and GDPR.
Assist with business technology planning by providing knowledge and future vision of technology and systems to C-Level.

Jan 2014 - Dec 2019

6 years

CISO - Chief Information Security Officer

ProCredit Bank

Develop, implement and oversee an information security program aligned with the company's business strategy.
Develop and maintain information security policies, standards, procedures and risk management plans.
Ensure compliance with BaFin and EBA regulations, industry standards and best practices including BaIT, MaRisk, ZAIT, ISO 27001, NIST and COBIT.
Implement and manage security solutions such as firewalls, intrusion detection/prevention systems, endpoint protection, data loss prevention and encryption.
Orchestrate and conduct penetration tests and vulnerability assessments to identify potential threats and security exposures and develop countermeasures and controls.
Develop and implement security incident response plans, monitor security incidents and conduct incident response and investigations as needed.
Collaborate with internal and external stakeholders to ensure security integration into all operations.
Provide security guidance to software, data, AI/ML and infrastructure engineers throughout the software development lifecycle.
Develop and deliver security awareness and training programs to educate employees on security policies and procedures.
Develop and maintain relationships with external security experts and vendors.
Develop strategy to build, scale and manage security team and operations in line with company growth.
Stay up-to-date with developments in information security, risk management, compliance and governance and incorporate them into the security program.

Jan 2008 - Dec 2014

7 years

Senior Information Security Officer

ProCredit Bank

Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
Develop and enhance an information security management framework and interact with stakeholders through committees to ensure consistent application of policies and standards across all technology projects, systems and services.
Provide leadership to the enterprise’s information security organization and partner with business stakeholders to raise awareness of risk management concerns.
Assist with business technology planning by providing knowledge and future vision of technology and systems.
Implement and maintain a corporate-wide information security awareness and training program.
Cooperate with other security and governance areas such as privacy, compliance and risk.
Develop security policies and procedures that provide adequate business application protection without interfering with core business requirements.
Plan and test responses to security breaches, including potential communications with customers, partners or the public.
Oversee selection, testing, deployment and maintenance of security hardware and software products as well as outsourced arrangements.
Work directly with business units to facilitate risk assessment and risk management processes.

Summary

Experienced with more than 17 years as CISO & Global Head of Information Risk Management

With a robust background spanning multiple leadership roles in cybersecurity, I bring a wealth of experience as a strategic CISO and Head of Information Risk Management. Throughout my career, I have spearheaded comprehensive security strategies, mitigated complex risks, and fostered a culture of resilience within banks.

Strategic Vision: With a deep understanding of the rapidly changing threat landscape, I have developed and executed forward-thinking security strategies that align with business objectives while fortifying the organization's digital assets.
Leadership Excellence: My leadership style is characterized by a collaborative and empowering approach. I have mentored and guided multiple diverse teams, fostering a culture of continuous learning, adaptability, and innovation.
As a Chief Information Security Officer (CISO), I've consistently driven cybersecurity excellence by devising and executing visionary strategies. My collaborative leadership style empowers teams to excel while aligning security initiatives with business goals.
Risk Management Mastery: In my current role as Global Head of Information Risk Management, I've navigated intricate landscapes, identifying and mitigating risks that could impact the business operations. My proactive approach has ensured that banks are well-prepared to handle evolving threats.
Risk Mitigation: Leveraging my extensive experience, I have identified, assessed, and mitigated risks across complex environments. My insights have played a pivotal role in reducing vulnerabilities and minimizing potential disruptions
Regulatory Compliance: Ensuring adherence to industry standards and regulations has been a cornerstone of my tenure. I am consistently guiding banks through intricate compliance landscapes, maintaining a strong focus on maintaining airtight security measures. I am guiding banks through audits and assessments, ensuring adherence to industry standards and protecting reputations.
Thought Leadership: Recognizing the importance of knowledge sharing, I actively contribute to the cybersecurity community through speaking engagements, articles, and mentorship. By staying at the forefront of industry trends, I help banks remain resilient in the face of emerging threats.

I am passionate about leveraging my multifaceted expertise to drive cybersecurity maturity, enhance risk management, and foster a security-conscious culture.

Skills

Ciso
Security
Grc
Risk Management
Information Security
Integration
Information Security Management
It Management
Process Improvement
Iso 27001
Information Security Policy
Operational Risk Management
Operational Risk
Risk Assessment
Business Continuity
Information Technology
It Service Management
Banking
Cybersecurity
Iso Standards
Certified Information Security Manager (Cism)
Risk Governance
Cyber-security
Compliance Management
It Risk Management
Information Security Standards
Security Awareness
Information Protection
Security Technologies
Strategy Work
It Optimization
Disaster Recovery
Cloud Computing
Governance And Risk Management
Information Security Compliance, Controls, And Audit Management
Security Program Operations And Management
Information Security Core Concepts
Strategic Planning, Finance, And Vendor Management
Data Loss And Fraud Prevention
Identity And Access Management
Investigations And Forensics
Program Management
Governance
Increase Cyber Transparency
Build Cyber Resilience
Manage Cyber Risk Effectively
Unlock The Value Of Data

Languages

English

Native

Albanian

Native

German

Elementary

Education

Oct 2023 - Present

University of Cambridge

Chief Technology Officer (CTO) Programme

Oct 2010 - Jun 2012

Faculty of Economics Ljubljana

Master in Information Security & Bank Management · Information Security & Bank Management · Ljubljana, Slovenia

Oct 2005 - Jun 2008

UBT

Business Administration

Certifications & licenses

CCNA From CISCO

Certified In Risk And Information Systems Control (CRISC)

Certified Information Security Manager (CISM)

Certified Management Consultant (CMC)

CompTIA Security+

ISO/IEC 27001 Lead Implementer

ISO/IEC 27002 Lead Implementer

ISO/IEC 27005 Lead Risk Manager

ISO/IEC Senior Lead Cyber Security Manager

Project Management Professional (PMP)

SEC440: Critical Security Controls: Planning, Implementing And Audit

SEC566: Implementing And Auditing The Critical Security Controls

SEC579: Virtualization And Private Cloud Security

SSCP - System Security Certified Practitioner

Profile

Created

January 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Flamur based?

Flamur is based in Berlin, Germany.

What languages does Flamur speak?

Flamur speaks the following languages: English (Native), Albanian (Native), German (Elementary).

How many years of experience does Flamur have?

Flamur has at least 24 years of experience. During this time, Flamur has worked in at least 8 different roles and for 4 different companies. The average length of individual experience is 3 years. Note that Flamur may not have shared all experience and actually has more experience.

What roles would Flamur be best suited for?

Based on recent experience, Flamur would be well-suited for roles such as: Fractional Chief Information Security Officer, Principal of Security Assurance Team, Global Head of Information Risk Management.

What is Flamur's latest experience?

Flamur's most recent position is Fractional Chief Information Security Officer at VR Smart Guide GmbH.

What companies has Flamur worked for in recent years?

In recent years, Flamur has worked for VR Smart Guide GmbH, Amazon Web Services, and N26.

Which industries is Flamur most experienced in?

Flamur is most experienced in industries like Banking and Finance and Information Technology (IT).

Which business areas is Flamur most experienced in?

Flamur is most experienced in business areas like Information Technology (IT), Legal and Compliance, and Audit. Flamur also has some experience in Project Management, Strategy and Planning, and Operations.

Which industries has Flamur worked in recently?

Flamur has recently worked in industries like Banking and Finance and Information Technology (IT).

Which business areas has Flamur worked in recently?

Flamur has recently worked in business areas like Information Technology (IT), Audit, and Project Management.

What is Flamur's education?

Flamur holds a Master in Information Security & Bank Management from Faculty of Economics Ljubljana.

Does Flamur have any certificates?

Flamur has 14 certificates. Among them, these include: CCNA From CISCO, Certified In Risk And Information Systems Control (CRISC), and Certified Information Security Manager (CISM).

What is the availability of Flamur?

Flamur is immediately available full-time for suitable projects.

What is the rate of Flamur?

Flamur's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.