FRATCH

Recommended expert

Austria

Experience

Jul 2022 - Present

3 years 8 months

Austria

CEO

SEComply

Founder & creator of a cutting-edge Governance, Risk & Compliance SaaS solution.
Developing and executing business development strategies to identify new opportunities and expand market presence.
Providing information security consulting services.
Specializing in governance, risk, and compliance (GRC) topics such as risk management, ISO 27005, ISO 27001, NIS 2, DORA, PCI DSS, EU-GDPR, and more.
Past projects:
Kyndryl Austria GmbH: delivered IAM blueprint, conducted risk assessments, developed transformation strategy and roadmap for client projects, and provided support in pre-sales activities to align solutions with client needs.
Cashpoint Sportwetten GmbH: conducted ISO 27001:2022 gap analysis, enhanced ISMS processes, updated security training, aligned with ISO 27001:2022 standards, and improved vulnerability management practices through regular assessments and remediation planning.
Hornbach Baumarkt AG: supported the CISO in achieving ISO 27001 compliance, implementing a secure software development lifecycle (SDLC), strengthening vulnerability management practices, and enhancing risk management frameworks.
MHP Management- und IT-Beratung GmbH: created and reviewed security concepts aligned with ISO 27001 standards.
Stromnetz Berlin GmbH: developed a comprehensive security concept based on ISO 27001 requirements.
dmTech GmbH: conducted IT security training for employees, fostering awareness and adherence to security best practices.
Finanz Informatik GmbH: managed PCI DSS-related tasks, including compliance assessments and control implementations.
TIPS Messtechnik GmbH: conducted NIS2 gap analysis, developed a comprehensive compliance roadmap, and provided supportive actions to address identified gaps and ensure alignment with regulatory requirements.

Dec 2020 - Present

5 years 3 months

Austria

Senior Information Security & Compliance Manager

Qenta Payment CEE GmbH

Established and managed the Information Security Department.
Maintained compliance with PCI DSS, ISO 27001, DORA, and GDPR standards.
Developed and enhanced the ISMS, including risk assessments and mitigation (ISO 27005).
Led internal and external audits, ensuring alignment with regulatory requirements.
Executed penetration tests, vulnerability scans, and security reviews using Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, and Kali Linux, enhancing vulnerability management and mitigation strategies.
Delivered security training and workshops, including secure coding sessions for developers, to promote awareness and best practices.

Mar 2020 - Present

6 years

Austria

Lecturer, Information Security

CAMPUS 02 Fachhochschule der Wirtschaft GmbH

Specializing in software engineering (Java, Python).
Teaching identity & access management, cryptography, and internet security.

Nov 2019 - Nov 2020

1 year 1 month

Head of Information Security & Compliance

MarineXchange Software GmbH

Established and managed the Information Security Department.
Maintained compliance with ISO 27001 and GDPR standards.
Developed and enhanced the ISMS, including risk assessments, treatment plans, and ongoing improvement (ISO 27001 and ISO 27005).
Led internal and external audits, ensuring alignment with ISO 27001 requirements.
Executed vulnerability assessments, security reviews, and risk analysis for ISO 27001 compliance.
Conducted penetration tests, vulnerability scans, and security reviews using Nessus, Tenable, Qualys, Acunetix, nmap, Burp Suite, and Kali Linux.
Delivered security training and workshops, including secure coding sessions for developers.
Managed IT security projects, vendor security assessments, and ISO 27001 policy development.
Developed incident response procedures and ensured robust risk management aligned with ISO 27001 standards.

Jan 2018 - Oct 2019

1 year 10 months

Information Security Manager (Teamlead)

Wirecard CEE GmbH

Established and managed the Information Security Department.
Maintained compliance with PCI DSS, ISO 27001, and GDPR standards.
Developed and enhanced the ISMS, including risk assessments and mitigation (ISO 27005).
Led internal and external audits, ensuring alignment with regulatory requirements.
Executed penetration tests, vulnerability scans, and security reviews using Nessus, Tenable, Qualys, nmap, Acunetix, Burp Suite, and Kali Linux.
Delivered security training and workshops, including secure coding sessions for developers.
Managed IT security projects, vendor security assessments, and policy development.
Developed incident response procedures and ensured robust risk management.

Mar 2016 - Aug 2017

1 year 6 months

IT Project Manager

Energie Steiermark Service GmbH

Developed and managed project scope, goals, and deliverables with stakeholders.
Created and oversaw project plans, timelines, and resource allocation.
Coordinated cross-functional teams and supervised the development lifecycle.
Identified and mitigated project risks to maintain schedule and budget.
Communicated progress through regular updates and reports.
Ensured quality through testing and managed deployment and post-launch support.

May 2015 - Feb 2016

10 months

Java Enterprise Software Developer

Netconomy Consulting GmbH

Aug 2014 - Jun 2016

1 year 11 months

IT Support / Java Smart Card Development

NXP Semiconductors Austria GmbH & Co KG

Sep 2013 - Feb 2014

6 months

Database Administrator

SSI Schäfer Peem GmbH

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (7 years), Banking and Finance (7 years), Education (6 years), Professional Services (3.5 years), Manufacturing (2.5 years), and Utilities (1.5 years).

Information Technology

Banking and Finance

Education

Professional Services

Manufacturing

Utilities

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (11.5 years), Audit (7 years), Product Development (5.5 years), Project Management (4.5 years), Sales (3.5 years), and Strategy (3.5 years).

Information Technology

Audit

Product Development

Project Management

Sales

Strategy

Summary

With over a decade of experience in Information Security and Compliance, I specialize in GRC and technical IT security.

Skills

Governance, Risk, And Compliance (Grc)

Compliance: Proficient In Ensuring Compliance With Iso 27001, Iso 27005, Nis 2, Dora, Pci-dss, Eu-gdpr, And Other Key Standards, Reducing Compliance Risks And Strengthening Governance.
Leadership: Proven Ability To Lead And Develop It Security Teams, Ensuring The Integration Of Security Initiatives With Business Objectives.
Project Management & Implementation: Led It Security Projects With Over 5,000 Hours Of Experience Using Agile Methodologies And Tools Such As Jira, Confluence, And Ms-office For Effective Execution And Collaboration.
Security Strategy: Adept At Crafting And Implementing Security Programs That Meet Regulatory Requirements While Driving Business Success.
Isms Management: Led The Initial Setup, Ongoing Improvement, And Enhancement Of Isms (Iso 27001), Significantly Strengthening And Continuously Refining The Organization's Security Posture.
Risk Management (Iso 27005): Successfully Introduced And Implemented Iso 27005-based Frameworks To Align Security Strategies With Organizational Goals.
Audits And Analyses: Led The Preparation And Execution Of Internal And External Audits, With A Strong Expertise In Identifying, Analyzing, And Mitigating Risks To Ensure Compliance And Enhance Security Posture.
Training And Development: Developed And Delivered It Security Workshops, Training Programs, And Certifications, Including Security Awareness Training And Secure Coding Training.
Incident Response: Developed And Led Incident Response Strategies, Including Crisis Management And Post-incident Analysis, Minimizing Impact And Improving Organizational Resilience.
Business Continuity And Disaster Recovery (Bcp/drp): Developed And Maintained Plans To Ensure Operational Resilience And Rapid Recovery From Security Incidents Or Disruptions.
Vendor Risk Management: Conducted Thorough Assessments Of Third-party Vendors To Ensure Compliance With Security Standards, Reducing Supply Chain Risks.

Technical Expertise

Security Testing: Conducted Penetration Tests, Network Scans, Code Reviews, And Comprehensive Security Assessments, Bolstering The Organization's Defense Mechanisms.
Software Security: Ensured Compliance With Ssdlc, Owasp Top 10, Asvs, And Cwe Standards. Conducted Static And Dynamic Code Analysis Using Tools Like Sonarqube, Fortify, And Burp Suite To Identify And Address Vulnerabilities Throughout Development.
Security Architecture & Iam: Designed And Implemented Robust Security Architectures And Managed Iam Systems To Ensure Secure, Efficient Access Control And Regulatory Compliance.
Security Tools: Extensive Experience With Tools Such As Kali Linux, Burp Suite, Acunetix, Qualys, Tenable, Nmap, Wireshark, Metasploit, Nessus, And Owasp Zap.
Programming Languages: Advanced Proficiency In Java (Spring), Python (Django + Api), Javascript (Reactjs), And Mysql, With A Focus On Secure, Modern Software Development Practices.
Cloud Technologies: Expertise In Aws, Azure, And Office365, With A Strong Emphasis On Secure And Efficient Cloud Solution Deployment And Management.
Cryptography: Implemented Cryptographic Solutions To Ensure Data Confidentiality, Integrity, And Compliance With Standards.

Languages

German

Native

English

Advanced

Education

Sep 2015 - Jul 2017

FH Joanneum

Master of Science · IT & Mobile Security · Austria

Sep 2012 - Jul 2015

Campus 02

Bachelor of Science · Business Informatics · Austria

Certifications & licenses

Certified DORA Senior Lead Manager

Certified NIS 2 Directive Senior Lead Implementer

Certified Information Security Risk Manager (ISO 27005)

Certified ISO 27001 Lead Auditor / Implementer

Certified Information Systems Security Professional (CISSP)

Profile

Created

January 2025

Last Update

January 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

What languages does Sascha speak?

Sascha speaks the following languages: German (Native), English (Advanced).

How many years of experience does Sascha have?

Sascha has at least 12 years of experience. During this time, Sascha has worked in at least 9 different roles and for 9 different companies. The average length of individual experience is 1 year and 3 months. Note that Sascha may not have shared all experience and actually has more experience.

What roles would Sascha be best suited for?

Based on recent experience, Sascha would be well-suited for roles such as: CEO, Senior Information Security & Compliance Manager, Lecturer, Information Security.

What is Sascha's latest experience?

Sascha's most recent position is CEO at SEComply.

What companies has Sascha worked for in recent years?

In recent years, Sascha has worked for SEComply, Qenta Payment CEE GmbH, and CAMPUS 02 Fachhochschule der Wirtschaft GmbH.

Which industries is Sascha most experienced in?

Sascha is most experienced in industries like Information Technology (IT), Banking and Finance, and Education. Sascha also has some experience in Professional Services, Manufacturing, and Utility Services.

Which business areas is Sascha most experienced in?

Sascha is most experienced in business areas like Information Technology (IT), Audit, and Product Development. Sascha also has some experience in Project Management, Sales, and Strategy and Planning.

Which industries has Sascha worked in recently?

Sascha has recently worked in industries like Information Technology (IT), Education, and Banking and Finance.

Which business areas has Sascha worked in recently?

Sascha has recently worked in business areas like Information Technology (IT), Audit, and Product Development.

What is Sascha's education?

Sascha holds a Master in IT & Mobile Security from FH Joanneum and a Bachelor in Business Informatics from Campus 02.

Does Sascha have any certificates?

Sascha has 5 certificates. Among them, these include: Certified DORA Senior Lead Manager, Certified NIS 2 Directive Senior Lead Implementer, and Certified Information Security Risk Manager (ISO 27005).

What is the availability of Sascha?

Sascha is immediately available full-time for suitable projects.

What is the rate of Sascha?

Sascha's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.