Go to Website
  • en
  • de

Markus W.

IT Security Consultant

Berlin, Germany

Experience

May 2024 - Dec 2024
8 months
Switzerland

IT Security Consultant

Software service provider

  • Implementation of ISMS ISO/IEC 27001.
  • Creation of policies and processes.
  • Preparation of ISMS and reporting.
  • Training of employees.
Mar 2024 - Aug 2024
6 months

IT Security Consultant

Investment bank (mid-sized company)

  • Support in designing and fulfilling DORA requirements in conjunction with ISO 27001.
Feb 2024 - Present
1 year 11 months

IT Security Consultant

Investment bank (mid-sized company)

  • Support in designing and fulfilling DORA requirements in conjunction with ISO 27001.
Jul 2023 - Oct 2024
1 year 4 months

IT Security Consultant

Nationwide authority

  • Creation of security, risk, and emergency plans.
  • Conducting data protection impact assessments.
  • GDPR, BSI IT Baseline Protection 200-2, 200-3, ISO 27001, ISO 27005.
Apr 2023 - Jun 2023
3 months

Consultant

Software and hardware manufacturer

  • Consulting on C5 Cloud Security and BSI IT Baseline Protection security concepts according to BSI 200-2, BSI 200-3.
  • Conducting data protection impact assessments.
  • Technical concepts for backup and software development.
  • Technical analysis of Windows 10 systems in kiosk mode.
  • Preparation of data protection concepts for cloud platforms.
Mar 2023 - Dec 2023
10 months

IT Security Consultant

IT service provider for motorway maintenance depots

  • Revision of documents according to KRITIS.
  • Preparation of KRITIS-relevant documentation for the next audit.
  • ISO 27001, BSI 200-1, 200-2, 200-3, 100-4, 200-4.
Sep 2022 - Dec 2023
1 year 4 months
Switzerland

IT Security Consultant

Swiss federal administration

  • Consulting and setting up a new digitalization platform.
  • Applying IT baseline protection and the Swiss Data Protection Act.
Jun 2022 - Mar 2023
10 months

IT Security Consultant

Regional transport company

  • Revising KRITIS-relevant documents to prepare for the KRITIS audit.
  • ISO 27001, BSI 200-1, 200-2, 200-3, 100-4, 200-4.
Apr 2022 - Dec 2024
2 years 9 months
Germany

IT Security Consultant

Large property management company

  • Preparation based on ISO 27001 and BSI IT baseline protection to achieve the BSI IT baseline protection-based ISO 27001 certification.
  • Coordination with data protection officers and development of data protection concepts.
Apr 2022 - Sep 2022
6 months

IT Security Consultant

Bank

  • Security review of security concepts and policies.
  • Preparation for a §44 KWG audit.
  • ISO 27001, KRITIS, BSI baseline protection, BAFIN, BAIT.
Apr 2022 - May 2022
2 months

IT Security Consultant

Software Manufacturer

  • Creation of C5 cloud security and BSI IT baseline protection security concepts.
  • Data protection impact assessment for cloud platforms (AWS and MS Azure).
  • Creation of components for data protection concepts.
Feb 2022 - Dec 2024
2 years 11 months
Switzerland

IT Security Consultant

Swiss Federal Administration

  • Creation of information security and data protection concepts according to Si001 ICT baseline protection for a government project.
  • Grouping of protected objects according to NATO C3 taxonomy.
  • Creation of ISDS concepts for test and production environments and contingency plans according to P042-Hi03.
  • Expansion of RINA analysis and risk analysis according to ICT baseline protection.
  • Communication and coordination with project teams and ISBO.
  • Optimization of conceptual IT security.
Jan 2022 - Mar 2022
3 months

Consultant

Insurance Service Provider

  • Creation of emergency management and contingency plan.
  • ISO 27005, ISO 31000, BSI 200-4.
Nov 2021 - Dec 2021
2 months

IT Security Consultant

Large Bank Data Center

  • Review of IT security documentation.
  • Preparation for BaFin Credit Institutions Act §44 audit.
  • BAIT, MaRisk, ISO 27001, BSI IT baseline protection, GDPR, risk analysis, contingency plans, IT compliance.
Aug 2021 - Dec 2021
5 months

Consultant

Audit Organization

  • Review of documentation and creation of guidelines to prepare for the TISAX audit.
Jul 2021 - Dec 2021
6 months

Consultant

Ministry

  • Data protection impact assessment for a procedure for electronic file management.
  • Creation of templates for DPIAs.
Jun 2021 - Jul 2021
2 months

IT Security Consultant

University

  • Creation of IT security concepts for the central administration.
  • Security concept and risk analysis.
  • Deployment of NextCloud private cloud.
  • BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Apr 2021 - May 2021
2 months

IT Security Consultant

Charitable organization

  • Creation of IT security concepts for a charitable organization with 60 locations and about 45 servers.
  • BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Mar 2021 - Jun 2021
4 months
Germany

Consultant

Startup (financial sector)

  • Design of an IT environment based on the Zero Trust Architecture model.
  • Approach according to NIST SP 800-207 Zero Trust Architecture, PCI-DSS.
Feb 2021 - Dec 2022
1 year 11 months

IT Security Consultant

Nationwide authority

  • Creation and optimization of security, risk, and emergency plans.
  • GDPR, BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Jan 2021 - Jan 2021
1 month

Penetration Tester

Web/Mobile App

  • Penetration testing and vulnerability analysis for web applications and iOS/Android apps.
  • Coordination and advice on fixing identified vulnerabilities.
  • Security DevOps, ethical hacking, vulnerability analysis.
Dec 2020 - Jan 2021
2 months

IT Security Consultant

Medical Expert

  • Developing security concepts and risk analyses.
  • Conducting a data protection impact assessment.
  • GDPR, BSI basic protection 200-2, 200-3, ISO 27001, ISO 27005.
Jul 2020 - Oct 2020
4 months

IT Security Consultant

Bank

  • Reviewing and updating security concepts.
  • Interim management.
  • ISO 27001, BSI basic protection.
Jun 2020 - Jun 2020
1 month

Consultant

Mid-Sized Company

  • Investigation and assessment of IT security settings.
  • Optimization of IT security.
May 2020 - Jun 2020
2 months

Consultant

Library Solution

  • Developing security concepts based on BSI basic protection.
  • Risk analysis and a data protection impact assessment according to ISO 27005, ISO 31000 and GDPR.
  • Special focus on cloud services such as AWS and Microsoft Azure.
  • Training employees.
Feb 2020 - Dec 2020
11 months

Subproject Manager

Public TV/Radio Broadcaster

  • Developed the IT security concept according to BSI GS and ISO standards.
  • Mitigated findings from pentests and vulnerability assessments.
  • Led the subproject for the security zoning concept.
Jan 2020 - Jun 2020
6 months

IT Security Consultant

Bank

  • Prepared ISO 27001 audit based on IT baseline protection.
  • Migrated to the 2020 baseline protection compendium.
  • Followed up on BaFin §44 KWG audit.
  • Analyzed cloud services and investigated CMDB in i-doIT.
Sep 2019 - Dec 2019
4 months

Consultant

Data Center

  • Created and reviewed all relevant documents.
  • Prepared ISO 27001 pre-audits (IT baseline protection compendium).
Aug 2019 - Aug 2019
1 month

Incident Response

IT Services Firm

  • Performed security analysis and hands-on implementation after a hacking attack.
  • Conducted pentesting and DevOps security.
Aug 2019 - Aug 2019
1 month

Incident Response

Company in the Financial Sector

  • Restored IT systems after a hacking attack.
  • Performed security analysis and implemented recommendations.
Jun 2019 - Jul 2019
2 months

Incident Response

Production Company

  • Security analysis and recovery after a hacking attack.
  • Penetration testing.
Jun 2019 - Jul 2019
2 months

Incident Response

Logistics Company

  • IT recovery and security analysis after a hacking attack.
  • Vulnerability assessments and practical recommendations.
May 2019 - May 2019
1 month

Data Protection Consultant

Large Architecture Firm

  • Setup of GDPR-related documents and processes.
Apr 2019 - Oct 2019
7 months

Consultant

University

  • Design and creation of security concepts (Windows rollout and Office 365).
  • Application documents for works council approval.
Mar 2019 - Mar 2019
1 month
Germany

Incident Response

Facility Services Company

  • Security analysis and catalog of measures.
  • Penetration testing and practical deployment.
Mar 2019 - Mar 2019
1 month

Incident Response

Clinic

  • Restoring IT after a hacking attack.
  • Security analysis and practical measures.
Feb 2019 - Mar 2019
2 months
Germany

Incident Response

Medium-sized consulting firm

  • Restoring infrastructure after a hacking attack.
  • Vulnerability analysis and security audit.

Languages

English
Advanced
German
Intermediate
French
Intermediate
Dutch
Elementary

Certifications & licenses

Microsoft Certified Trainer

Microsoft Certified Trainer

Microsoft Certified Trainer

Microsoft Certified Trainer

Train the Trainer: HP Compaq Train-the-Trainer

Train the Trainer: Microsoft Train-the-Trainer

Auditor under Section 8a BSIG

BSI Practitioner

Certified Ethical Hacker

Certified Forensics Professional

Compliance and Integrity Officer

Data Protection Officer

Hermes Advanced Project Manager

Hermes Advanced Swiss Project Manager

Hermes HSPTP

ISO 27001 ISMS Auditor

ISO 27001 ISMS Lead Auditor

ISO27001 Auditor/Lead Auditor

IT Forensics CERT Specialist

ITIL Expert V3

ITIL Expert in Service Management

KRITIS Auditor and Consultant

Critical Infrastructure Manager

LPIC-3

Linux Professional Institute LPI Level 2

Linux Professional Institute LPI Level 2

MCDBA

MCSE Messaging

MCSE Security

Microsoft Certified Database Administrator

Microsoft Certified Database Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Administrator on Windows Server

Microsoft Certified Systems Administrator on Windows Server

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Windows

Microsoft Certified Systems Engineer Windows

Microsoft Certified Trainer

Microsoft ISA-Server 2000 certified

Microsoft ISA-Server 2000 certified

Offensive Security Certified Professional

PRINCE2 Practitioner

RedHat Certified Engineer

RedHat Certified Engineer (RHCE)

RedHat Certified Examiner

RedHat Certified Examiner (RHCX)

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Dirk M.

Senior Program Manager & CISO | IT Transformation, Cybersecurity & GRC Leader

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Stephan S.

IT-Security Manager

View Profile
Maxim R.

Information Security Officer

View Profile
Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Henryk O.

Security Consultant

View Profile
Kevin E.

Lecturer on AI in Cybersecurity

View Profile
Björn B.

Auditor

View Profile
Christian D.

Managing Director and Senior Consultant

View Profile
Oliver F.

Senior IT Enterprise Security Architect | Bank Migration Project

View Profile
Alagi M.

Project Manager & IT Security Architect Logging & Monitoring for QRadar & Splunk, ISO 27001

View Profile
Arnd F.

Interim Manager “Head of Risk Management and Audit”

View Profile
Nikolaus B.

ICT Risk Management and Information Security

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.