FRATCH
Go to website Request project

Markus Willems

IT security consultant

Berlin, Germany

Experience

May 2024 - Dec 2025
8 months
Switzerland

IT Security Consultant

Software service provider

  • Implementation of ISMS ISO/IEC 27001.
  • Creation of policies and processes.
  • Development of the ISMS and reporting.
  • Training of employees.
Mar 2024 - Aug 2024
6 months

IT Security Consultant

Investment bank (mid-sized)

  • Support in designing and meeting DORA requirements aligned with ISO 27001.
Feb 2024 - Present
1 year 6 months

IT Security Consultant

Investment bank (mid-sized)

  • Support in designing and meeting DORA requirements aligned with ISO 27001.
Jul 2023 - Oct 2024
1 year 4 months

IT Security Consultant

Nationwide authority

  • Development of security, risk, and contingency plans.
  • Conducting data protection impact assessments.
  • GDPR, BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Apr 2023 - Jun 2023
3 months

Consultant

Software and hardware manufacturer

  • Consulting on C5 cloud security and BSI IT baseline protection concepts according to BSI 200-2, BSI 200-3.
  • Conducting data protection impact assessments.
  • Technical concepts for backup and software development.
  • Technical analysis of Windows 10 systems in kiosk mode.
  • Developing data protection frameworks for cloud platforms.
Mar 2023 - Dec 2023
10 months

IT Security Consultant

IT service provider for highway maintenance depots

  • Revising documents according to KRITIS.
  • Preparing KRITIS-related documentation for the next audit.
  • ISO 27001, BSI 200-1, 200-2, 200-3, 100-4, 200-4.
Sep 2022 - Dec 2023
1 year 4 months
Switzerland

IT Security Consultant

Swiss federal administration

  • Advising and building a new digitalization platform.
  • Applying IT baseline protection and Swiss data protection law.
Jun 2022 - Mar 2023
10 months

IT Security Consultant

Regional transport company

  • Revising KRITIS-relevant documents to prepare for the KRITIS audit.
  • ISO 27001, BSI 200-1, 200-2, 200-3, 100-4, 200-4.
Apr 2022 - Dec 2025
2 years 9 months
Germany

IT Security Consultant

Large property management company

  • Preparation according to ISO 27001 and BSI IT baseline protection to achieve BSI IT baseline protection-based ISO 27001 certification.
  • Coordination with data protection officers and development of data protection concepts.
Apr 2022 - Sep 2022
6 months

IT Security Consultant

Bank

  • Security review of security concepts and policies.
  • Preparation for a §44 KWG audit.
  • ISO 27001, KRITIS, BSI baseline protection, BaFin, BAIT.
Apr 2022 - May 2022
2 months

IT Security Consultant

Software manufacturer

  • Development of C5 cloud security and BSI IT baseline protection security concepts.
  • Data protection impact assessment for cloud platforms (AWS and MS Azure).
  • Creating components for data protection concepts.
Feb 2022 - Dec 2025
2 years 11 months
Switzerland

IT Security Consultant

Swiss federal administration

  • Developing information security and data protection concepts according to Si001 IT baseline protection for a government project.
  • Grouping assets according to NATO C3 taxonomy.
  • Creating ISDS concepts for test and production environments plus contingency plans according to P042-Hi03.
  • Expanding RINA analysis and risk analysis according to IT baseline protection.
  • Communication and coordination with project teams and ISBO.
  • Optimizing conceptual IT security.
Jan 2021 - Mar 2022
3 months

Consultant

Insurance service provider

  • Developing emergency management and contingency plans.
  • ISO 27005, ISO 31000, BSI 200-4.
Nov 2021 - Dec 2021
2 months

IT Security Consultant

Large bank data center

  • Reviewing IT security documentation.
  • Preparation for BaFin Banking Act §44 audit.
  • BAIT, MaRisk, ISO 27001, BSI IT baseline protection, GDPR, risk analysis, contingency plans, IT compliance.
Aug 2021 - Dec 2021
5 months

Consultant

Audit organization

  • Reviewing documents and creating policies to prepare for the TISAX audit.
Jul 2021 - Dec 2021
6 months

Consultant

Ministry

  • Data protection impact assessment for an electronic records management process.
  • Creating templates for DPIAs.
Jun 2021 - Jul 2021
2 months

IT Security Consultant

University

  • Developing IT security concepts for the overall administration.
  • Security concept and risk analysis.
  • Use of a private NextCloud cloud.
  • BSI baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Apr 2021 - May 2021
2 months

IT Security Consultant

Charitable organization

  • Developing IT security concepts for a charitable organization with 60 locations and about 45 servers.
  • BSI baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Mar 2021 - Jun 2021
4 months
Germany

Consultant

Startup (financial sector)

  • Designing an IT environment based on the Zero Trust Architecture model.
  • Approach according to NIST 800-207 Zero Trust Architecture, PCI-DSS.
Feb 2021 - Dec 2022
1 year 11 months

IT Security Consultant

Nationwide authority

  • Developing and optimizing security, risk, and contingency plans.
  • GDPR, BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Jan 2020 - Jan 2021
1 month

Pentester

Web/mobile app

  • Pentesting and vulnerability analysis for web applications and iOS/Android apps.
  • Coordination and advice on fixing identified vulnerabilities.
  • Security DevOps, ethical hacking, vulnerability analysis.
Dec 2020 - Jan 2021
2 months

IT Security Consultant

Medical expert

  • Developing security concepts and risk analyses.
  • Conducting a data protection impact assessment.
  • GDPR, BSI IT baseline protection 200-2, 200-3, ISO 27001, ISO 27005.
Jul 2020 - Oct 2020
4 months

IT Security Consultant

Bank

  • Reviewing and revising security concepts.
  • Interim management.
  • ISO 27001, BSI baseline protection.
Jun 2020 - Jun 2020
1 month

Consultant

Mid-sized company

  • Examining and assessing IT security settings.
  • Optimizing IT security.
May 2020 - Jun 2020
2 months

Consultant

Library solution

  • Developing security concepts according to BSI baseline protection.
  • Risk analysis and data protection impact assessment according to ISO 27005, ISO 31000, and GDPR.
  • Special focus on cloud services like AWS and MS Azure.
  • Training employees.
Feb 2020 - Dec 2020
11 months

Sub-project Lead

Public TV/radio broadcaster

  • Developing the IT security concept according to BSI baseline protection and ISO standards.
  • Mitigating findings from pentests and vulnerability analyses.
  • Sub-project lead for the security zoning concept.
Jan 2020 - Jun 2020
6 months

IT Security Consultant

Bank

  • Preparing for the ISO 27001 audit based on baseline protection.
  • Migrating to the 2020 baseline protection compendium.
  • Tracking BaFin §44 KWG audit.
  • Cloud services analysis and CMDB i-doIT review.
Sep 2019 - Dec 2020
4 months

Consultant

Data center

  • Developing and reviewing all relevant documents.
  • Preparing for ISO 27001 pre-audits (IT baseline protection compendium).
Aug 2019 - Aug 2019
1 month

Incident Response

System integrator

  • Security analysis and practical implementation after a hacker attack.
  • Pentesting and DevOps security.
Aug 2019 - Aug 2019
1 month

Incident Response

Company in the financial sector

  • Restoring IT after a hacker attack.
  • Security analysis and implementation of recommendations.
Jun 2019 - Jul 2019
2 months

Incident Response

Manufacturing company

  • Security analysis and recovery after a hacker attack.
  • Pentesting.
Jun 2019 - Jul 2019
2 months

Incident Response

Shipping company

  • Restoring IT and security analysis after a hacker attack.
  • Vulnerability analyses and practical recommendations.
May 2019 - May 2019
1 month

Data Protection Consultant

Large architecture firm

  • Setting up GDPR-related documents and processes.
Apr 2019 - Oct 2019
7 months

Consultant

University

  • Designing and developing security concepts (Windows rollout and Office 365).
  • Preparing application documents for approval by the works council.
Mar 2019 - Mar 2019
1 month
Germany

Incident Response

Facility services company

  • Security analysis and action catalog.
  • Pentesting and practical deployment.
Mar 2019 - Mar 2019
1 month

Incident Response

Clinic

  • Restoring IT after a hacker attack.
  • Security analysis and practical measures.
Feb 2019 - Mar 2019
2 months
Germany

Incident Response

Mid-sized consulting firm

  • Restoring infrastructure after a hacker attack.
  • Vulnerability analysis and security audit.

Languages

English
Advanced
French
Intermediate
German
Intermediate
Dutch
Elementary

Certifications & licenses

Microsoft Certified Trainer

Microsoft Certified Trainer

Microsoft Certified Trainer

Microsoft Certified Trainer

Train the Trainer: HP Compaq Train-the-Trainer

Train the Trainer: Microsoft Train-the-Trainer

Auditor according to §8a BSIG

BSI Practitioner

Certified Ethical Hacker

Certified Forensics Professional

Compliance and Integrity Officer

Data Protection Officer

Hermes Advanced Projektleiter

Hermes Advanced Swiss Project Manager

Hermes HSPTP

ISO 27001 ISMS Auditor

ISO 27001 ISMS Lead Auditor

ISO27001 Auditor/Lead Auditor

IT-Forensik CERT Spezialist

ITIL Expert V3

ITIL Expert in Service Management

KRITIS Auditor and Consultant

AI Manager

LPIC-3

Linux Professional Institute LPI Level 2

Linux Professional Institute LPI Level 2

MCDBA

MCSE Messaging

MCSE Security

Microsoft Certified Database Administrator

Microsoft Certified Database Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Administrator on Windows Server

Microsoft Certified Systems Administrator on Windows Server

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Windows

Microsoft Certified Systems Engineer Windows

Microsoft Certified Trainer

Microsoft ISA-Server 2000 certified

Microsoft ISA-Server 2000 certified

Offensive Security Certified Professional

PRINCE2 Practitioner

RedHat Certified Engineer

RedHat Certified Engineer (RHCE)

RedHat Certified Examiner

RedHat Certified Examiner (RHCX)

Similar Freelancers

Discover other experts with similar qualifications and experience

Verified Expert
Federico Leefhelm

ISO – Senior Consultant Quality & Information Security

View Profile
Verified Expert
Dirk Meissner

Project Lead

View Profile
Verified Expert
Manfred Liebetrau

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Verified Expert
Valeri Milke

DORA Readiness – Gap-Analyse und Implementierung für Banken

View Profile
Verified Expert
Matthias Steinmann

Senior Consultant Security (freelance)

View Profile
Verified Expert
Maxim Ribakowski

Information Security Officer

View Profile
Verified Expert
Björn Bausch

Auditor

View Profile
Verified Expert
Oliver Frömel

Senior IT Enterprise Security Architect | Bank Migration Project

View Profile
Verified Expert
Stephan Selnerat

IT-Security Manager

View Profile
Verified Expert
Christian Gebhardt

DORA Implementation Project

View Profile
Verified Expert
Henryk Orantek

Security Consultant

View Profile
Verified Expert
Sascha Leitner

CEO

View Profile
Verified Expert
Thoralf Thorson

Consultant Digital Operational Resilience Act (DORA)

View Profile
Verified Expert
Christian Heutger

Lead Auditor

View Profile
Verified Expert
David Bleyer

Acting Partner

View Profile
English
Website Projects Sign in Sign up Imprint Terms and Conditions Privacy Policy
Powered by FRATCH.IO GmbH