Thoralf Thorson - Consultant Digital Operational Resilience Act (DORA)

Q: Where is Thoralf based?

Thoralf is based in Bad Vilbel, Germany .

Q: What languages does Thoralf speak?

Thoralf speaks the following languages: German (Advanced), English (Advanced) .

Q: How many years of experience does Thoralf have?

Thoralf has at least 7 years of experience. During this time, Thoralf has worked in at least 13 different roles and for 16 different companies . The average length of individual experience is 5 months . Note that Thoralf may not have shared all experience and actually has more experience.

Q: What is Thoralf's latest experience?

Thoralf's most recent position is Consultant Digital Operational Resilience Act (DORA) at Swisslife Deutschland GmbH .

Q: What companies has Thoralf worked for in recent years?

In recent years, Thoralf has worked for Swisslife Deutschland GmbH , BRUSS Sealing Systems GmbH , Landesbank Baden-Württemberg , ADAC Versicherungen AG , and Finanz Informatik GmbH & Co. KG .

Q: Which industries is Thoralf most experienced in?

Thoralf is most experienced in industries like Real Estate , Banking and Finance , and Aerospace and Defense . Thoralf also has some experience in Information Technology (IT) , Education , and Automotive .

Q: Which business areas is Thoralf most experienced in?

Thoralf is most experienced in business areas like Information Technology (IT) , Legal and Compliance , and Audit . Thoralf also has some experience in Product Development , Research and Development (R&D) , and Quality Assurance (QA) .

Q: Which industries has Thoralf worked in recently?

Thoralf has recently worked in industries like Real Estate , Banking and Finance , and Insurance .

Q: Which business areas has Thoralf worked in recently?

Thoralf has recently worked in business areas like Information Technology (IT) , Legal and Compliance , and Audit .

Recommended expert

Bad Vilbel, Germany

Experience

Apr 2023 - Jun 2023

3 months

Consultant Digital Operational Resilience Act (DORA)

Swisslife Deutschland GmbH

Auditing CIS evidence of the SOC providers T-Systems Austria and Cancom GmbH
Mapping of VAIT, ISO:IEC 27002 and CIS 7.0 requirements for the IT realignment strategy of the German subsidiaries in threat intelligence and zero trust
Reviewing SIEM evidence, reporting, incident management and security breaches
Reviewing IT asset management regarding ITSCM and BCM processes
Employee awareness and compliance training focused on CEO fraud
Advising the chief information security officer

Oct 2022 - Apr 2023

7 months

Interim Information Security Officer (ISO)

BRUSS Sealing Systems GmbH

Defining the ISMS scope for the corporate group and international rollout
Creating the IT security concept with policies, process descriptions and technical security baselines
Extending risk management according to ISO:IEC 27005
Location-specific statements of applicability according to VDA ISA 5.1
Implementing the Sophos XDR platform for global network monitoring
Specifying document control and network documentation (Docusnap)
Employee awareness measures including training kit and phishing tests
Defining the incident reporting matrix and process flow for security incidents
Reviewing and updating cyber insurance policy obligations
Conducting penetration tests with Nessus and PingCastle and developing management reports
Preparing and conducting certification audits (group assessment)
Training the internal ISO and establishing an ISMS coordinator structure

Mar 2022 - Sep 2022

7 months

Business Continuity Manager

Landesbank Baden-Württemberg

Revising and improving the BCM fitness statement objectives
Streamlining process clusters to improve BIA efficiency
Supporting the expansion of BCM reporting in foreign branches
Continuous monitoring of ICT risk sources to establish protection and prevention measures and detect anomalies promptly
Implementing comprehensive business continuity policies and emergency and recovery plans with annual testing
Enhancing DORA knowledge for the project team, risk managers and outsourcing officers
Risk-based exercise and test plan within a multiyear cycle

Jun 2021 - Dec 2021

7 months

KRITIS Auditor BSIG §8a

ADAC Versicherungen AG

GAP analysis of KRITIS documentation according to ISO:IEC 27001 for the October 2021 audit
Meeting document requirements for the VAIT review in February 2022
Developing an information security and business continuity management system including policies, documentation and emergency plans
Supporting the CISO and creating a target cybersecurity strategy
Developing a crisis communication plan for ICT-related incidents with incident reporting matrix
Liaising with IT teams and IDS provider Trend Micro (TippingPoint)
Adding risk assessments for ICT service providers
Reviewing DMS IT contract management with fido
Examining compliance processes according to IDW PS 980 and following
Documenting VAIT and DORA requirements in IRIS
Phishing training campaigns

Mar 2021 - Apr 2021

2 months

KRITIS Auditor BSIG §8a

Finanz Informatik GmbH & Co. KG

Reviewing security concepts, structural analyses and process descriptions according to an internal checklist in a team of seven auditors
Examining product documentation for availability, authenticity, integrity and confidentiality requirements of systems and premises as well as interfaces or dependencies to third parties (SLA)

Feb 2020 - Feb 2021

1 year 1 month

Interim Information Security Officer (ISO)

Bertelsmann AFS

Support for the legal officer and compliance team in BAIT and VAIT customer audits
GAP analysis of Bertelsmann IT security policies and introduction of Experian policies
ISO 27001 re-certification of Informa HIS GmbH
Alignment of ISMS with BAIT and VAIT customer requirements using CMDB and SIEM
Support for the Experian post-acquisition security audit (PASA)
Remediation of PASA findings across six AFS entities
Audit of risk impact analysis across six AFS entities

Jan 2020 - Mar 2020

3 months

IT Security Manager / Lead Auditor ISO:IEC 27001

Berliner Luft Technik GmbH

Inventory of IT security measures
Immediate actions based on risk assessment following the BSI all-hazards approach
Review of asset inventories and protection needs
Network analysis and vulnerability report using Nessus
Creation of IT security guidelines and procedures covering network security, patch management, incident management, home office, MDM and emergency planning
Review of HISCOX cyber insurance policy and emergency service provider HiSolution GmbH
GDPR short audit of technical and organizational measures (TOM)

Dec 2019 - Dec 2021

2 years 1 month

External Data Protection Officer

Gateway Real Estate AG

GAP analyses of existing GDPR implementation
Creation of data protection documentation according to company size and legal form
Data protection training for employees and handling of data subject requests
Stepwise implementation of relevant processes such as AVV, VV and deletion concepts

Aug 2019 - Dec 2019

5 months

Interim Information Security Officer (ISO)

Design in Form GmbH

Practical implementation of ISMS TISAX certification with information level "very high"
GAP analysis of existing ISMS and GDPR measures
Network analysis with Nessus and reporting of critical findings
Creation of ISMS documentation and establishment of security zones
Introduction of asset management, risk management and a catalog of measures
Implementation of IT controls from the VDA catalog to achieve the required maturity level
Training of the internal ISO and conducting a pre-audit
Assumption of external data protection officer responsibilities

Feb 2019 - Jun 2019

5 months

IT Security Manager / BAIT

Sparkasse Leipzig, S-Beteiligungsgesellschaft mbH

Adaptation of the information security concept "Secure IT Operation, Finanz-Informatik variant" and alignment of BAIT requirements with internal IT security policies
Documentation for risk management and BCM requirements including physical concepts, location and building factors
Development of business continuity emergency plans and operational procedures
Documentation for change and release management
Documentation for secure administration, system and network management

Jan 2019 - Apr 2019

4 months

KRITIS Auditor according to §8a BSIG

Munich Airport GmbH

Review and improvement of ISMS documentation according to BSI Standard 100-4
Control of ITIL and BSI standard implementation for BCM and change management
Review of BCM and change management documentation and system manuals for Linux, Windows, Mac OS and CCTV environments
Verification of emergency scenarios and emergency management according to BSI Standard 100-4 and BS 25999

Jul 2018 - Jan 2019

7 months

IT Security Manager

DomConsult Real Estate GmbH

Implementation of ISMS measures according to ISO:IEC 27001
Development of IT guidelines, policies, work instructions and procedures
Implementation of ISO control requirements
Creation of business continuity standards including business impact analysis (BIA)
Risk impact analysis and risk treatment planning
Consulting and implementation of Symantec Endpoint Protection

Apr 2018 - Jun 2018

3 months

IT Security Consultant

init AG

Conducting structure and protection needs analyses
Determination of protection requirements for database applications
Definition of protection categories per database based on availability analysis
Formulation of risk management conclusions
Securing systems through network segmentation and dataKana

Apr 2018 - May 2018

2 months

Data Protection Consultant

Charité Berlin

Audit of data processing agreements (AV)
Evaluation of GDPR documentation standards of service providers
Assessment of GDPR implementation using a checklist
Review of internal data flow policies for intranet and USB devices
Short interviews with management and employees
Creation of a list of deficiencies and audit report

Mar 2017 - May 2018

1 year 3 months

ISMS and Data Protection Lecturer

Cyber Academy Berlin

Presentation of ISMS processes and comparison of ISMS tools
Identification of risk areas and implementation priorities for the EU GDPR
Execution of live phishing campaigns for employee sensitization

Dec 2015 - Aug 2017

1 year 9 months

Perimeter Architect

NDA

Planning of a passive ground detection system using HF detection cable
Development of an outer perimeter protection concept
Threat and vulnerability analysis in hilly outdoor areas
Site and terrain planning including fiber optic mats
Deployment of an 800 m detection line with 30 alarm zones using leakage coax cable technology
Prototype testing and trial run of the detection system
Creation of security guidelines for integration with corporate IT
Development of an operations manual and employee training

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Real Estate (2.5 years), Banking and Finance (2 years), Information Technology (1.5 years), Aerospace and Defense (1.5 years), Automotive (1 year), and Education (1 year).

Real Estate

Banking and Finance

Information Technology

Aerospace and Defense

Automotive

Education

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (5.5 years), Legal (3 years), Audit (2.5 years), Product Development (1.5 years), Research and Development (1.5 years), and Quality Assurance (1 year).

Information Technology

Legal

Audit

Product Development

Research and Development

Quality Assurance

Languages

German

Advanced

English

Advanced

Education

Oct 1994 - Jun 2000

ETH Zurich

Architecture · Zürich, Switzerland

Oct 1994 - Jun 2000

TU Berlin

Architecture · Berlin, Germany

Certifications & licenses

Certified Information Security Manager (CISM)

Certified Network Security Specialist (CNSS)

TISAX Information Security Officer (ISO)

Profile

Created

August 2023

Last Update

January 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Thoralf based?

Thoralf is based in Bad Vilbel, Germany.

What languages does Thoralf speak?

Thoralf speaks the following languages: German (Advanced), English (Advanced).

How many years of experience does Thoralf have?

Thoralf has at least 7 years of experience. During this time, Thoralf has worked in at least 13 different roles and for 16 different companies. The average length of individual experience is 5 months. Note that Thoralf may not have shared all experience and actually has more experience.

What roles would Thoralf be best suited for?

Based on recent experience, Thoralf would be well-suited for roles such as: Consultant Digital Operational Resilience Act (DORA), Interim Information Security Officer (ISO), Business Continuity Manager.

What is Thoralf's latest experience?

Thoralf's most recent position is Consultant Digital Operational Resilience Act (DORA) at Swisslife Deutschland GmbH.

What companies has Thoralf worked for in recent years?

In recent years, Thoralf has worked for Swisslife Deutschland GmbH, BRUSS Sealing Systems GmbH, Landesbank Baden-Württemberg, ADAC Versicherungen AG, and Finanz Informatik GmbH & Co. KG.

Which industries is Thoralf most experienced in?

Thoralf is most experienced in industries like Real Estate, Banking and Finance, and Aerospace and Defense. Thoralf also has some experience in Information Technology (IT), Education, and Automotive.

Which business areas is Thoralf most experienced in?

Thoralf is most experienced in business areas like Information Technology (IT), Legal and Compliance, and Audit. Thoralf also has some experience in Product Development, Research and Development (R&D), and Quality Assurance (QA).

Which industries has Thoralf worked in recently?

Thoralf has recently worked in industries like Real Estate, Banking and Finance, and Insurance.

Which business areas has Thoralf worked in recently?

Thoralf has recently worked in business areas like Information Technology (IT), Legal and Compliance, and Audit.

What is Thoralf's education?

Thoralf attended ETH Zurich for Architecture.

Does Thoralf have any certificates?

Thoralf has 3 certificates. These include: Certified Information Security Manager (CISM), Certified Network Security Specialist (CNSS), and TISAX Information Security Officer (ISO).

What is the availability of Thoralf?

Thoralf is immediately available for suitable projects.

What is the rate of Thoralf?

Thoralf's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.