Senior Information Security & Compliance Expert

Hallo! Als selbstständiger Berater im Bereich Governance, Risiko und Compliance habe ich mich auf ISO27001, PCI DSS, EU-DSGVO und Anwendungssicherheit spezialisiert. Ebenso bringe ich eine CISSP-Zertifizierung und langjährige Erfahrung mit!

• Certified Information Systems Security Professional (CISSP)
• Cyber Security4 J.
• Datenschutz2 J.
• Informationssicherheit
• ISO / IEC 270015 J.
• It-Governance
• IT Sicherheit (allg.)
• Pci DSS5 J.
• Risikomanagement
• Schulung / Training (IT)

With over a decade of experience in Information Security and Compliance, I specialize in GRC and technical IT security.Certified in CISSP, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, NIS 2 Senior Lead Implementer, and DORA Senior LeadManager, I excel in navigating complex regulatory landscapes and addressing technical security challenges.

Governance, Risk, and Compliance (GRC)
Compliance:
Proficient in ensuring compliance with ISO 27001, ISO 27005, NIS 2, DORA, PCI-DSS, EU-GDPR, and otherkey standards, reducing compliance risks and strengthening governance.
Leadership:
Proven ability to lead and develop IT security teams, ensuring the integration of security initiatives withbusiness objectives.
Project Management & Implementation:
Led IT security projects with over 5,000 hours of experience using agilemethodologies and tools such as Jira, Confluence, and MS-Office for effective execution and collaboration.
Security Strategy:
Adept at crafting and implementing security programs that meet regulatory requirements whiledriving business success.
ISMS Management:
Led the initial setup, ongoing improvement, and enhancement of ISMS (ISO 27001), significantlystrengthening and continuously refining the organization's security posture.
Risk Management (ISO 27005):
Successfully introduced and implemented ISO 27005-based frameworks to alignsecurity strategies with organizational goals.
Audits and Analyses:
Led the preparation and execution of internal and external audits, with a strong expertise inidentifying, analyzing, and mitigating risks to ensure compliance and enhance security posture.
Training and Development:
Developed and delivered IT security workshops, training programs, and certifications,including Security Awareness Training and Secure Coding Training.
Incident Response:
Developed and led incident response strategies, including crisis management and post-incidentanalysis, minimizing impact and improving organizational resilience.
Business Continuity and Disaster Recovery (BCP/DRP):
Developed and maintained plans to ensure operationalresilience and rapid recovery from security incidents or disruptions.
Vendor Risk Management:
Conducted thorough assessments of third-party vendors to ensure compliance withsecurity standards, reducing supply chain risks.
Technical Expertise
Security Testing:
Conducted penetration tests, network scans, code reviews, and comprehensive securityassessments, bolstering the organization's defense mechanisms.
Software Security:
Ensured compliance with SSDLC, OWASP Top 10, ASVS, and CWE standards. Conducted static anddynamic code analysis using tools like SonarQube, Fortify, and Burp Suite to identify and address vulnerabilitiesthroughout development.
Security Architecture & IAM:
Designed and implemented robust security architectures and managed IAM systems toensure secure, efficient access control and regulatory compliance.
Security Tools:
Extensive experience with tools such as Kali Linux, Burp Suite, Acunetix, Qualys, Tenable, Nmap,Wireshark, Metasploit, Nessus, and OWASP ZAP
Programming Languages:
Advanced proficiency in Java (Spring), Python (Django + API), JavaScript (ReactJS), andMySQL, with a focus on secure, modern software development practices.
Cloud Technologies:
Expertise in AWS, Azure, and Office365, with a strong emphasis on secure and efficient cloudsolution deployment and management.
Cryptography:
Implemented cryptographic solutions to ensure data confidentiality, integrity, and compliance withstandards.