Michael Fitschen - Managing Consultant Information Security and Data Protection

Q: Where is Michael based?

Michael is based in Heeslingen, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Michael speak?

Michael speaks the following languages: German (Native), English (Elementary) .

Q: How many years of experience does Michael have?

Michael has at least 14 years of experience. During this time, Michael has worked in at least 14 different roles and for 13 different companies . The average length of individual experience is 1 year . Note that Michael may not have shared all experience and actually has more experience.

Q: What is Michael's latest experience?

Michael's most recent position is Project Manager Implementation B3S / ISO 27001 at Health Insurance Fund .

Q: What companies has Michael worked for in recent years?

In recent years, Michael has worked for Health Insurance Fund , Bank , Pharmaceutical Wholesaler , Various Companies , and Private Health Insurance .

Q: Which industries is Michael most experienced in?

Michael is most experienced in industries like Insurance , Professional Services , and Healthcare . Michael also has some experience in Information Technology (IT) and Pharmaceutical .

Q: Which business areas is Michael most experienced in?

Michael is most experienced in business areas like Project Management , Audit , and Information Technology (IT) . Michael also has some experience in Legal and Compliance , Quality Assurance (QA) , and Operations .

Q: Which industries has Michael worked in recently?

Michael has recently worked in industries like Professional Services , Insurance , and Information Technology (IT) .

Q: Which business areas has Michael worked in recently?

Michael has recently worked in business areas like Audit , Information Technology (IT) , and Project Management .

Recommended expert

Heeslingen, Germany

Experience

Jan 2025 - Present

1 year 2 months

Heeslingen, Germany

Hybrid

Project Manager Implementation B3S / ISO 27001

Health Insurance Fund

Coordination of the B3S and ISO 27001 implementation project, considering the upcoming KRITIS evidence procedure
Providing consulting services in ISO 27001, B3S, KRITIS, and IT baseline protection
Collaborating with the Information Security Officer (ISO)
Identifying company assets for IT risk management
Developing a zone concept for IT risk management
Creating an action plan for B3S
Developing a template for risk analyses

Jan 2024 - Dec 2024

1 year

Heeslingen, Germany

On-site

Managing Consultant Data Protection and Information Security

Bank

Follow-up and preparation for the 44 audit
Implementing requirements in data protection and information security
Supporting and advising the DPO, ISOs, and staff on daily tasks related to data protection and information security

Jan 2023 - Present

3 years 2 months

Heeslingen, Germany

Hybrid

External Information Security Officer & Data Protection Officer

Pharmaceutical Wholesaler

Serving as external ISO and DPO for a pharmaceutical wholesaler
Coordinating tasks for a KRITIS audit
Implementing intrusion detection
Conducting data protection compliant website reviews
Delivering training and awareness measures
Performing internal and external audits
Preparing quarterly management reports
Analyzing KPIs
Handling third-party inquiries regarding data protection and information security
Actively managing risk management and supplier management

Jan 2022 - Present

4 years 2 months

Heeslingen, Germany

Hybrid

External Data Protection Officer

Various Companies

Conducting awareness activities on data protection topics
Performing data protection compliant website reviews
Handling all tasks within the data protection officer's responsibilities
Creating awareness materials on data protection, IT security, and AI
Updating a group-wide data protection and AI policy
Adapting and drafting data processing agreements, records of processing activities, and Data Protection Impact Assessments (DPIAs)
Creating a master agreement for internal group data processing
Assisting with data subject requests and rights
Clarifying matters with supervisory authorities

Jan 2021 - Feb 2026

5 years 2 months

Hybrid

Data Protection Consultant / External Data Protection Officer

Private Health Insurance

Project reporting to board level
Steering data protection coordinators
Auditing service providers
Establishing a data protection management system according to the standard data protection model (gematik) and an information security management system
Implementing technical and organizational measures (TOMs)
Maintaining the record of processing activities
Co-leading the subproject for connecting to the telematics infrastructure
Risk assessments and support for Data Protection Impact Assessments (DPIAs)
Contact with supervisory authorities
Complaint management and ensuring response to information requests
KPI analyses
Management review with the full board
Ensuring external audits and implementation of recommendations
Holding kick-off events with responsible parties
Conducting one-on-one meetings to determine data processing and retention and deletion periods
Creating tutorial videos and aids for employees
Workshops to define deletion handbooks and schedules
Advising on deletion management
Obtaining approval of reviewed content from responsible parties
Documenting data protection processes
Creating a process-relevant deletion manual and deletion concepts including critical business processes
Reviewing the data protection policy
Developing a deletion plan for GDPR-compliant data deletion in the company

Jan 2020 - Feb 2020

2 months

Heeslingen, Germany

Hybrid

Security Auditor (Data Protection and Information Security subarea, gematik approval)

Health insurance service provider

Creation of security assessments and data protection assessments in the context of gematik and ePA, among other things

Jan 2019 - Present

7 years 2 months

Hybrid

Lead Auditor for KRITIS Verification Procedure

Various health insurers

Conducting the KRITIS verification procedure according to § 8a (3) BSIG for operators of critical infrastructures

Jan 2018 - Dec 2023

6 years

Wuppertal, Germany

Hybrid

Senior Consultant Information Security and Data Protection

IT service provider

Advising on GDPR and supporting implementation
Setting up a record of processing activities as a controller and as a processor
Preparing and supporting ISO 27001 audits and subsequent tasks
Creating security concepts and expanding the ISMS scope for ISO 27001 certification
Supporting hazard analyses and risk management
Creating and setting up various policy documents on data protection and information security
Advising shareholders on KRITIS requirements, B3S and ISO 27001

Feb 2017 - Jan 2019

2 years

Germany

Hybrid

Process Manager

Large healthcare company

Implementing process management and estimating staffing needs
Implementing Signavio BPMN 2.0 process management software
Conducting process interviews, time measurements, and modeling
Advising on process optimization and cost reduction
Organizational and workflow consulting
Continuous improvement process
Cost-effectiveness analyses
Optimizing organization, workflows, and processes
Project management

Jan 2017 - Present

9 years 2 months

Heeslingen, Germany

External Consultant / Auditor

O.D.S. Consulting GmbH

Conducting GAP analyses on data protection, B3S, ISO 27001, and KRITIS
Advising on the implementation of B3S, ISO 27001, data protection, and process management

Jan 2017 - Present

9 years 2 months

Heeslingen, Germany

Hybrid

External Data Protection Officer and Information Security Officer

Div. Mandate

Acting as external DPO and ISO for various clients

Jan 2017 - Present

9 years 2 months

Heeslingen, Germany

Senior Consultant Data Protection & Information Security

O.D.S. Consulting GmbH

Initiating and coordinating topic groups on data protection and information security
Scheduling and managing content
Developing requirements
Training and reviewing results or open issues
Creating templates such as DPIAs, RoPAs, policies, manuals, trainings and industry standards

Jan 2016 - Feb 2024

8 years 2 months

Heeslingen, Germany

Hybrid

Auditor / Head of Audit Consortium

AuraSec

Coordinating the processor audit consortium to audit data processors according to §11 BDSG and §80 (2) sentences 4 and 5 SGB X with over 65 health insurers and 120 service providers
Conducting audits of technical and organizational measures for data protection, information security, B3S, cloud and AI
Creating audit plans and conducting audits
Preparing audit reports and debriefing customers on findings
Supporting the assessment of implementation upon request

Jun 2012 - Aug 2016

4 years 3 months

Bremen, Germany

On-site

Deputy Head of Insurance and Contributions & Process Manager

atlas bkk ahlmann

Implementing process management and staff needs analysis
Implementing process management software Signavio BPMN 2.0
Conducting process interviews, time measurement and modeling
Advising on process optimization and cost reduction
Organizational and workflow consulting
Controlling / BI
Continuous improvement (CIP)
Cost-benefit analyses
Technical and personnel management of the department at various locations
Optimizing organization, workflows and processes
Supporting social court proceedings
Supporting external audits
Developing and maintaining internal controlling
Project leadership / support

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Insurance (11.5 years), Professional Services (10 years), Healthcare (7 years), Information Technology (6 years), and Pharmaceutical (3 years).

Insurance

Professional Services

Healthcare

Information Technology

Pharmaceutical

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Project Management (13.5 years), Audit (10 years), Information Technology (9 years), Legal (9 years), Quality Assurance (9 years), and Operations (6 years).

Project Management

Audit

Information Technology

Legal

Quality Assurance

Operations

Summary

As a managing director and experienced Managing Consultant, I combine over 25 years of industry experience in healthcare with deep expertise in information security, compliance, data protection, process management & project management. I specialize in translating complex regulatory requirements (especially KRITIS, ISO 27001, B3S, IT baseline protection, B3S, GDPR, SGB, BDSG, NIS-2, DORA) into pragmatic and secure solutions for companies.

My key qualifications include setting up and auditing management systems (ISMS/DSMS), conducting KRITIS evidence procedures, and strategic advising of executive levels. As a certified Lead Auditor (ISO 27001), project manager (PRINCE2, SCRUM), and process expert (BPMN 2.0), I successfully guide organizations through certifications and demanding IT projects.

Technologically, my focus is on implementing and assessing security frameworks and standards such as ISO/IEC 27001, BSI IT baseline protection, and sector-specific standards (B3S). I have solid knowledge of process management tools like Signavio and ADONIS, as well as industry-specific software such as iskv_21c and Oscare. My expertise also extends to compliance aspects of cloud services and AI applications.

Skills

Auditor / Lead Auditor For Data Protection, Information Security, Kritis, And B3s, Including Supporting Clients Under Audit
Leading An Audit Consortium
Leading Data Protection / Information Security Working Groups (Subject Areas)
Information Security Management Systems (Isms)
Social Data Protection / Gdpr / German Federal Data Protection Act / State Data Protection
It Security And Compliance
Creation Of Data Protection Reports / Gematik Security Assessments
Industry-specific Security Standards (B3s)
Leadership Experience
Project Controlling & Risk Management
Itil & It Service Management
Process Implementation & Project Management

Languages

German

Native

English

Elementary

Education

May 2006 - Jul 2011

University of Applied Sciences for Economics and Management (FOM)

Diploma in Business Administration (FH) · Economics · Hamburg, Germany · 3

The program had various focus areas: corporate management and control, private and business law, process and project management, computer science,

Aug 1998 - Jul 2001

DAK

Social Insurance Clerk · Social Insurance · Zeven, Germany · 2

Vocational training as a social insurance clerk

Certifications & licenses

Agile Project Management Methods

Requirements from ISO 27701 (Privacy Management)

Auditing Management Systems according to ISO 19011

Business Process Management & Process Modeling BPMN 2.0

Certified Freja ID and Freja Multipliance Administrator

Data Protection Officer, TÜV

ISO 27001 Lead-Auditor

ISO ISMS 27001:2013 Foundation

IT Baseline Protection Practitioner

IT Baseline Protection according to ISO 27001

IT Risk Manager according to ISO/IEC 27005

PRINCE2® Foundation

Professional Leadership

Process Manager IQ

SCRUM for Agile Project Management

Update DIN/EN ISO/IEC 27001:2022

Additional audit procedure competence according to § 8a BSIG

Profile

Created

February 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Michael based?

Michael is based in Heeslingen, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Michael speak?

Michael speaks the following languages: German (Native), English (Elementary).

How many years of experience does Michael have?

Michael has at least 14 years of experience. During this time, Michael has worked in at least 14 different roles and for 13 different companies. The average length of individual experience is 1 year. Note that Michael may not have shared all experience and actually has more experience.

What roles would Michael be best suited for?

Based on recent experience, Michael would be well-suited for roles such as: Project Manager Implementation B3S / ISO 27001, Managing Consultant Data Protection and Information Security, External Information Security Officer & Data Protection Officer.

What is Michael's latest experience?

Michael's most recent position is Project Manager Implementation B3S / ISO 27001 at Health Insurance Fund.

What companies has Michael worked for in recent years?

In recent years, Michael has worked for Health Insurance Fund, Bank, Pharmaceutical Wholesaler, Various Companies, and Private Health Insurance.

Which industries is Michael most experienced in?

Michael is most experienced in industries like Insurance, Professional Services, and Healthcare. Michael also has some experience in Information Technology (IT) and Pharmaceutical.

Which business areas is Michael most experienced in?

Michael is most experienced in business areas like Project Management, Audit, and Information Technology (IT). Michael also has some experience in Legal and Compliance, Quality Assurance (QA), and Operations.

Which industries has Michael worked in recently?

Michael has recently worked in industries like Professional Services, Insurance, and Information Technology (IT).

Which business areas has Michael worked in recently?

Michael has recently worked in business areas like Audit, Information Technology (IT), and Project Management.

What is Michael's education?

Michael holds a Master in Economics from University of Applied Sciences for Economics and Management (FOM).

Does Michael have any certificates?

Michael has 17 certificates. Among them, these include: Agile Project Management Methods, Requirements from ISO 27701 (Privacy Management), and Auditing Management Systems according to ISO 19011.

What is the availability of Michael?

Michael will be available full-time from March 2026.

What is the rate of Michael?

Michael's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.