Sascha Leitner

CEO

Austria

Experience

Jul 2022 - Present
3 years 1 month

CEO

SEComply

  • Founder & Creator of a cutting-edge Governance, Risk & Compliance SaaS Solution.
  • Developing and executing business development strategies to identify new opportunities and expand market presence.
  • Providing Information Security Consulting Services specializing in Governance, Risk, and Compliance (GRC) topics such as Risk Management, ISO 27005, ISO 27001, NIS 2, DORA, PCI DSS, EU-GDPR, and more.

Past Projects:

  • Kyndryl Austria GmbH: Delivered IAM blueprint, conducted risk assessments, developed transformation strategy and roadmap for client projects, and provided support in pre-sales activities to align solutions with client needs.
  • Cashpoint Sportwetten GmbH: Conducted ISO 27001:2022 gap analysis, enhanced ISMS processes, updated security training, aligned with ISO 27001:2022 standards, and improved vulnerability management practices through regular assessments and remediation planning.
  • Hornbach Baumarkt AG: Supported the CISO in achieving ISO 27001 compliance, implementing a secure software development lifecycle (SDLC), strengthening vulnerability management practices, and enhancing risk management frameworks.
  • MHP Management- und IT-Beratung GmbH: Created and reviewed security concepts aligned with ISO 27001 standards.
  • Stromnetz Berlin GmbH: Developed a comprehensive security concept based on ISO 27001 requirements.
  • dmTech GmbH: Conducted IT security training for employees, fostering awareness and adherence to security best practices.
  • Finanz Informatik GmbH: Managed PCI DSS-related tasks, including compliance assessments and control implementations.
  • TIPS Messtechnik GmbH: Conducted NIS2 gap analysis, developed a comprehensive compliance roadmap, and provided supportive actions to address identified gaps and ensure alignment with regulatory requirements.
Dec 2020 - Present
4 years 8 months

Senior Information Security & Compliance Manager

Qenta Payment CEE GmbH

  • Establishment and management of the Information Security Department.
  • Maintenance of compliance with PCI DSS, ISO 27001, DORA, and GDPR standards.
  • Development and enhancement of the ISMS, including risk assessments and mitigation (ISO 27005).
  • Leadership of internal and external audits, ensuring alignment with regulatory requirements.
  • Execution of penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies.
  • Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices.
Mar 2020 - Present
5 years 5 months

Lecturer, Information Security

Campus02 Fachhochschule der Wirtschaft GmbH

  • Specializing in Software Engineering (Java, Python), Identity & Access Management, Cryptography, and Internet Security.
Nov 2019 - Nov 2020
1 year 1 month

Head of Information Security & Compliance

MarineXchange Software GmbH

  • Establishment and management of the Information Security Department.
  • Maintenance of compliance with ISO 27001 and GDPR standards.
  • Development and enhancement of the ISMS, including risk assessments, treatment plans, and ongoing improvement (ISO 27001 and ISO 27005).
  • Leadership of internal and external audits, ensuring alignment with ISO 27001 requirements.
  • Execution of vulnerability assessments, security reviews, and risk analysis for ISO 27001 compliance.
  • Execution of penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies.
  • Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices.
  • Management of IT security projects, vendor security assessments, and ISO 27001 policy development.
  • Development of incident response procedures and assurance of robust risk management aligned with ISO 27001 standards.
Jan 2018 - Oct 2019
1 year 10 months

Information Security Manager (Teamlead)

Wirecard CEE GmbH

  • Establishment and management of the Information Security Department.
  • Maintenance of compliance with PCI DSS, ISO 27001, and GDPR standards.
  • Development and enhancement of the ISMS, including risk assessments and mitigation (ISO 27005).
  • Leadership of internal and external audits, ensuring alignment with regulatory requirements.
  • Executed penetration tests, vulnerability scans, and security reviews (Nessus, Tenable, Qualys, nmap, Acunetix, Burp Suite, Kali Linux), enhancing vulnerability management and mitigation strategies.
  • Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices.
  • Management of IT security projects, vendor security assessments, and policy development.
  • Development of incident response procedures and assurance of robust risk management.
Mar 2016 - Aug 2017
1 year 6 months

IT Project Manager

Energie Steiermark Service GmbH

  • Development and management of project scope, goals, and deliverables with stakeholders.
  • Creation and oversight of project plans, timelines, and resource allocation.
  • Coordination of cross-functional teams and supervision of the development lifecycle.
  • Identification and mitigation of project risks to maintain schedule and budget.
  • Communication of progress through regular updates and reports.
  • Assurance of quality through testing and management of deployment and post-launch support.
Sep 2015 - Jul 2017
1 year 11 months
Austria
Lorem ipsum dolor sit amet

FH Joanneum

IT & Mobile Security, Master of Science

May 2015 - Feb 2016
10 months

Java Enterprise Software Developer

Netconomy Consulting GmbH

Aug 2014 - Jun 2016
1 year 11 months

IT Support / Java Smart Card Development

NXP Semiconductors Austria GmbH & Co KG

Sep 2013 - Feb 2014
6 months

Database Administrator

SSI Schäfer Peem GmbH

Sep 2012 - Jul 2015
2 years 11 months
Lorem ipsum dolor sit amet

Campus02

Business Informatics, Bachelor of Science

Summary

With over a decade of experience in Information Security and Compliance, I specialize in GRC and technical IT security. Certified in CISSP, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, NIS 2 Senior Lead Implementer, and DORA Senior Lead Manager, I excel in navigating complex regulatory landscapes and addressing technical security challenges.

Languages

English
Advanced
German
Intermediate

Education

Sep 2015 - Jul 2017

FH Joanneum

Master of Science · IT & mobile security · Austria

Sep 2012 - Jul 2015

Campus02

Bachelor of Science · Business informatics · Graz, Austria

Certifications & licenses

Certified DORA Senior Lead Manager

Certified NIS 2 Directive Senior Lead Implementer

Certified Information Security Risk Manager (ISO 27005)

Certified ISO 27001 Lead Auditor / Implementer

Certified Information Systems Security Professional (CISSP)