Management Consultant

For over a decade, I have supported companies in information security, data protection, governance, risk management, compliance (GRC) and project management. Working as an external consultant and internal security officer has given me not only a solid understanding of compliance management but also taught me how to handle the various organizational challenges that come with it. I am highly committed and always do my best to complete projects as efficiently as possible and to the full satisfaction of my clients.

• Introduction and optimization of information security management systems (ISMS) Leadership and support for ISO 27001 initial and re-certifications. Projects included defining clear security strategies and setting measurable goals as well as implementing and optimizing documentation, processes and controls in the following areas: risk management, business continuity management, change management, coordination of penetration tests, asset management, business partner vetting, internal audit.
• Compliance and data protection consulting: structuring and formalizing compliance management, creating and improving documentation, policies and processes, conducting gap analyses and implementing measures to ensure compliance with the EU GDPR, other European laws and some international legislation in data protection and information security.
• Workshops and training: Security awareness: designing and delivering security awareness programs for employee onboarding, as well as advanced modules for continuing education and refreshers, additional materials and regular communications. Data protection and EU GDPR: conducting workshops and training to raise awareness of general data protection requirements and to implement and communicate policies to ensure compliance with defined processes.
• Audits and assessments: conducting internal and external audits, including comprehensive risk assessments, GDPR gap analyses and IT audits as part of annual audits. Planning and documenting required measures, carrying out controls, training employees, presenting results in management reports.
• Contract agreements and negotiations: drafting and adapting NDAs, data processing agreements under the EU GDPR and information security agreements, and negotiating them in the international B2B sector with SMEs and Fortune 500 companies.
• Project management: coordinating complex projects with various internal and external stakeholders, including cross-functional collaboration in alignment with management.
• CISO and data protection officer: leading security and data protection initiatives as an experienced security officer and certified data protection officer. In addition to my practical experience, I am prepared for many technical and organizational challenges through certifications such as ISACA CRISC or Mediation.