Henryk Orantek

Security Consultant

Blankenfelde-Mahlow, Germany
Experience
Jun 2024 - Present
1 year 2 months

Security Consultant

Daimler AG

  • Developed a Cloud Security Strategy
  • Introduced Cloud Security Governance to meet ISO/IEC 27017 and CSA CCM
  • Created a management system to steer cloud security, focusing on process design and roles and responsibilities
  • Defined security measures to protect cloud solutions
  • Conducted requirement analyses and defined the scope for cloud security projects
  • Achievements: Built an effective, NIS2-compliant cloud security governance that meets industry requirements and minimizes cloud security risks
May 2024 - Jun 2024
2 months

Security Consultant

Thyssenkrupp AG

  • Conducted requirement analysis and concept design for a Security Master Data Platform
  • Stakeholder management
  • Achievements: Systematically captured relevant requirements and created a clear concept for centralized management of security-critical data
Nov 2023 - Present
1 year 9 months
Berlin, Germany

University Lecturer

University of Applied Sciences for Engineering and Economics

  • Information Security, Data Governance, Data Security and Privacy (eng.)
Nov 2023 - Present
1 year 9 months

Strategic Business Advisor

Kertos GmbH

  • Advised on designing and developing an ISMS tool to support security processes
  • Developed templates for key documents
  • Achievements: Co-created a practical ISMS tool that helps companies efficiently implement security management systems
Jul 2023 - Feb 2024
8 months

Security Consultant

Alte Leipziger Lebensversicherung

  • Addressed findings from a BaFin audit and implemented improvement measures
  • Created and updated key documents to meet regulatory requirements
  • Advised management on security-related decisions
  • Achievements: Improved audit compliance through clear guidelines and efficient implementation of security measures
Nov 2022 - Mar 2024
1 year 5 months
Berlin, Germany

Security Consultant

Messe Berlin GmbH

  • Integrated a Managed Incident Response Service (SOC+SIEM as a Service)
  • Prepared requirements and supported the tender process and vendor selection
  • Planned and coordinated the implementation of the new service
  • Achievements: Introduced an efficient incident response system that greatly improved security monitoring
Jul 2022 - Dec 2022
6 months

Security Consultant

HABA Group B.V. & Co. KG

  • Conducted internal and external vulnerability scans
  • Performed penetration tests and recommended follow-up actions
  • Carried out the program in cooperation with the tester, Pavel Andreyeu
  • Presented results at management level
  • Achievements: Strengthened the IT security infrastructure through detailed vulnerability analyses and targeted measures
Apr 2022 - Present
3 years 4 months
Berlin, Germany

Coordinator

Messe Berlin GmbH

  • Developed a Technical Assessment Program including internal and external vulnerability scans, penetration tests, technical security audits, re-checks, re-scans and re-tests
  • Carried out the program with tester Pavel Andreyeu
  • Recommended measures
  • Created reports and presented them at management level
  • Produced a risk-based annual report
  • Achievements: Made the entire IT attack surface visible, built senior management’s understanding of issues, and outlined action options
Apr 2022 - Dec 2022
9 months
Berlin, Germany

Security Consultant

Messe Berlin GmbH

  • Conducted internal and external vulnerability scans
  • Planned and performed penetration tests on critical systems and recommended actions
  • Worked with tester Pavel Andreyeu
  • Presented results at management level
  • Achievements: Identified and fixed critical vulnerabilities to boost IT security
Mar 2022 - Sep 2022
7 months

Interim Manager – CISO

HABA Group B.V. & Co. KG

  • Built and implemented an Information Security Management System (processes, structures, policies and security concepts)
  • Handled security incidents
  • Conducted penetration tests to find and fix vulnerabilities
  • Worked with tester Pavel Andreyeu
  • Assessed and raised overall information security level
  • Developed and ran a training and awareness program
  • Designed system hardening measures
  • Procured a Managed Incident Response Service (SOC+SIEM as a Service)
  • Achievements: Successfully built a structured ISMS that improved IT security sustainably and defined clear responsibilities
Mar 2022 - Mar 2022
1 month
Berlin, Germany

Security Consultant

DIB of Messe Berlin GmbH

  • Planned and carried out a penetration test of a web platform according to OWASP
  • Created action plans and result reports
  • Worked with tester Pavel Andreyeu
  • Achievements: Identified critical vulnerabilities and developed countermeasures to boost security
Oct 2021 - Oct 2021
1 month
Berlin, Germany

Security Consultant

Smart Country Convention (Messe Berlin GmbH)

  • Conducted a custom technical test of the deployed IT
  • Uncovered and assessed vulnerabilities
  • Recommended countermeasures
  • Achievements: Delivered thorough penetration tests with vulnerability assessments
Jul 2021 - Dec 2021
6 months
Berlin, Germany

Security Consultant

Messe Berlin GmbH

  • Developed a custom audit format
  • Assessed the technical and physical IT structures based on ISO 20000
  • Proposed improvement and optimization measures
  • Produced a tailored report and presented findings
  • Achievements: Identified improvement measures and optimized IT through custom audits
Nov 2020 - Sep 2021
11 months

Security Consultant, IT Project Manager

Daimler AG

  • Replaced a COBOL-based legacy time and performance system
  • Developed security requirements
  • Supported the tender process and POCs, evaluated offers, advised on vendor selection, and assisted with contract negotiations
  • Helped introduce a cloud-based time management system
  • Advised on cloud security and supported the cloud risk process
  • Achievements: Successfully implemented a secure cloud solution
Oct 2020 - Sep 2023
3 years
Berlin, Germany

Information Security Officer

Messe Berlin GmbH

  • Managed information security incidents and developed a comprehensive incident response process
  • Designed and delivered an awareness program for staff
  • Advised senior management on information security and supported decision making
  • Achievements: Built a security culture that led to noticeable improvements in security levels
Mar 2020 - Dec 2023
3 years 10 months
Berlin, Germany

Security Consultant

Messe Berlin GmbH

  • Established an information security governance structure (roles, processes) according to ISO/IEC 27001 and BSI IT Baseline
  • Added other management system components
  • Risk management
  • Business continuity management
  • IT emergency management
  • Awareness management
  • Audit and test management
  • Conducted trainings and workshops
  • Achievements: Built effective information security governance that meets industry needs and minimizes risks
Feb 2020 - Apr 2020
3 months
Munich, Germany

Security Consultant

Versicherungskammer Bayern

  • Supported the setup of a Security Operations Center (SOC)
  • Wrote and quality-checked runbooks
  • Assisted with tenders and vendor selection
  • Coordinated and planned penetration tests
  • Achievements: Successfully supported SOC setup
Sep 2019 - Dec 2020
1 year 4 months

Security Consultant

Zertificon Solutions GmbH

  • Led cryptography projects for secure data transmission and encryption
  • Implemented a project management structure for efficient IT security projects
  • Prepared security approvals and CC certifications for critical IT systems
  • Achievements: Optimized security architectures through clear project management and reliable encryption solutions
Mar 2019 - Present
6 years 5 months
Blankenfelde-Mahlow, Germany

Independent Security Consultant

APASEC Consulting

  • Advised on information security and cyber security topics
  • Security interim management
  • Security coaching
  • Supported procurement and IT projects
  • Coordinated security tests
Mar 2019 - Jan 2020
11 months
Munich, Germany

Interim Manager – Risk Manager

Versicherungskammer Bayern

  • Built a VAIT-compliant risk management system with clear roles and processes
  • Performed protection need analyses and created structured risk reports
  • Supported a KRITIS audit and implemented required security measures
  • Achievements: Established a robust risk management system that met regulatory requirements and optimized security processes
Mar 2019 - Aug 2019
6 months

Security Consultant

Douglas / Softline Solutions GmbH

  • Implemented an ISMS
  • Created security policies and ran workshops
  • Advised on cloud security and cyber policies
  • Achievements: Successfully introduced an ISMS to optimize security processes
Oct 2018 - Aug 2019
11 months
Berlin, Germany

University Lecturer

Berlin School of Economics and Law

  • Organizational Design (eng.)
Aug 2016 - Feb 2019
2 years 7 months
Kiel, Germany

Sales Management Cyber Security

Consist Software Solutions GmbH

  • Developed a service portfolio
  • Managed client relationships
  • Negotiated and closed contracts
Jun 2015 - Jul 2016
1 year 2 months
Berlin, Germany

IT Account Manager

Ferchau Engineering GmbH

  • Recruiting and leading staff
  • Managing client relationships
  • Negotiating and closing contracts
Oct 2014 - Aug 2018
3 years 11 months
Berlin, Germany

University Lecturer

Beuth University of Applied Sciences Berlin

  • Basics of business management
  • Operations and personnel management
Jan 2014 - May 2015
1 year 5 months
Berlin, Germany

Account Manager

Euro Engineering AG

  • Recruiting and leading staff
  • Managing client relationships
  • Negotiating and closing contracts
Jan 2013 - Dec 2015
3 years
Berlin, Germany

Scientific Project Work

Institute for Value-Based Management, Beuth University of Applied Sciences Berlin, North Atlantic Doctoral Academy

  • In the field of business management (part-time)
Oct 2010 - Sep 2012
2 years
Berlin, Germany

Tutor for Financial Accounting and Cost and Performance Accounting

Berlin School of Economics and Law

Sep 1998 - Aug 2010
12 years
Germany

Officer in the Air Force (Captain)

German Armed Forces

  • IT Officer
  • Data Processing and Programming Officer
  • Air Force Security Troops Officer
Summary
  • Steering Cyber Security projects
  • Building Information Security Management Systems (ISMS)
  • Creating security concepts
  • Information risk management; setting up BAIT- and VAIT-compliant risk management
  • Project management for SOC implementations
  • Consulting: SIEM and SOAR, Identity Management and Privileged Access Management, Cloud Security etc.
  • Consulting: ISMS – ISO/IEC 27001, BSI IT Baseline, ZDv A 960/1, CISIS12
  • Internal audits, awareness trainings, protection needs and level assessments, structural analyses
  • Process design and modeling
  • Agile project management
  • Management and organizational concepts
  • BAIT, KAIT and VAIT compliance
  • DORA, NIS2, KRITIS compliance
Languages
German
Native
English
Advanced
Education
Oct 2012 - Jun 2013

Beuth University of Applied Sciences Berlin

Master of Science · Industrial Engineering – Mechanical Engineering · Berlin, Germany

Oct 2009 - Sep 2012

Berlin School of Economics and Law in cooperation with Beuth University of Applied Sciences Berlin

Bachelor of Engineering · Industrial Engineering – Environment and Sustainability, Process Engineering · Berlin, Germany

Certifications & licenses

AgilePM (DSDM)

Certified Cyber Security Incident Manager SOC/CDC CERT/CSIM

Certified ISMS-Lead Implementer ISO/IEC 27001

Certified IT-Risk Manager ISO/IEC 27005/31000

Certified Information Security Officer ISO/IEC 27001

Certified Information Systems Security Professional (CISSP)

Certified Lead Auditor ISO/IEC 27001

Certified TISAX Implementer

Certified TISAX Lead Auditor

Certified TISAX Professional

Certified Technical Security Analyst CERT/TSA

DORA Foundation

ITIL

SCRUM

Certified BSI IT Baseline Expert

Certified Business Continuity Manager ISO 22301/27031

Certified CISO

Certified IT Security Officer

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions