Data Protection (GDPR), Information Security, ISO 27001, Risk Management and Project Management, External DPO (certified) and CISO services
Aktualisiert am 30.07.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 30.07.2024
Verfügbar zu: 100%
davon vor Ort: 10%
ISO 27001
Data Protection
Information Security
Beratung
Project Management
DSGVO
GDPR
Datenschutz
informationssicherheit
Projektmanagement
Audit
Risikomanagement
German
Muttersprache
English
fluent
Portuguese
Grundkenntnisse
Dutch
Grundkenntnisse
Italian
Grundkenntnisse

Einsatzorte

Einsatzorte

Salzburg (+10km)
Österreich
Depending on the frequency and duration of on-site work, I am also happy to travel longer distances.
möglich

Projekte

Projekte

2 years 11 months
2021-11 - now

Results-oriented and self-motivated management consultation

Management Consultant
Management Consultant
Results-oriented and self-motivated management consultant with 10 years of experience in data protection, information security and project management. By striving to always deliver the best results, I have helped numerous organizations to improve their security posture, mitigate risks and create a solid foundation for data protection and information security, as well as to successfully manage complex IT projects.
nospia e.U.
4 months
2024-01 - 2024-04

ISMS Implementation for ISO 27001, data protection consultation

Security and Data Protection Consultant ISO 27001 DSGVO
Security and Data Protection Consultant
Development of an information security management system (ISMS) in preparation for an ISO 27001 certification.
Introduction of a formal risk management approach and conducting a GAP analysis to ensure that all (data protection) legal and information security risks are adequately addressed, including recommendations on measures and their implementation.
Data protection consulting on selected topics, including the introduction of a register of processing activities, support in the implementation of data protection impact assessments, internal audits and the creation of data protection concepts.
Introduction and improvement of policies and processes in the areas of information security and data protection, including a comprehensive information security policy, as well as internal audits and vendor assessments.
ISO 27001 DSGVO
1 year 4 months
2022-01 - 2023-04

Data Protection and Information Security Consultation, Project Management with a focus on Consent Management

DSGVO consent management
Data protection consulting, project management and coordination with IT, legal and specialist departments on various topics in the areas of data protection and information security.
Assessment of compliance with data protection requirements with a focus on consent management - including the evaluation of existing processes, solutions used, suppliers and the introduction of new conceptual and technical solutions.
Examination of legal requirements in an international context with regard to appropriate processing bases for personal data and implementation of risk analyses. Technical analysis of the functionality of the consent management solutions used to ensure that they are legally compliant.
Analysing data protection-relevant contracts of service providers and conducting provider audits.  
Administration of the consent management platform One-Trust for around 20 websites of different legal entities.

Translated with DeepL.com (free version)
Onetrust
DSGVO consent management
1 year
2020-06 - 2021-05

Managing internal and external data protection

Security Officer
Security Officer
Managing internal and external data protection and information security projects, including workshops and training for clients with critical infrastructure in industry and healthcare.
x-tention
1 year 9 months
2018-06 - 2020-02

information security and data protection

Security Officer
Security Officer
Responsible for information security and data protection: strategy, processes, communication, product improvements, policies and agreements. Leading initiatives to implement an Information Security Management System (ISMS) and successful first-time ISO 27001 certification without non-conformities.
Usabilla by Surveymonkey
1 year 10 months
2016-08 - 2018-05

Managing projects and offering consulting services

Security & Privacy Consultant
Security & Privacy Consultant

Managing projects and offering consulting services in various fields, including: privacy and general data protection regulation (GDPR), information security, risk management, and conducting security awareness training for clients within a wide range of different industries.

Deloitte
2 years 6 months
2013-12 - 2016-05

Administration and development of the central project management platform

Quality Specialist
Quality Specialist
Administration and development of the central project management platform. Design and implementation of the authorization concept to resolve SOD conflicts and optimise the existing IAM.
Socionext EU

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2020-11 - 2020-11

Data Protection Officer

Certified Data Protection Officer, WIFI Austria
Certified Data Protection Officer
WIFI Austria
1 month
2019-11 - 2019-11

Mediator

Certified, London School of Mediation
Certified
London School of Mediation
1 month
2017-07 - 2017-07

Risk and Information Systems Control (CRISC)

CRISC Certification, ISACA
CRISC Certification
ISACA
6 years 8 months
2010-01 - 2016-08

Master of science in Business Informatics

MSc, Johannes Kepler University Linz
MSc
Johannes Kepler University Linz

Position

Position

Freelance Management Consultant with a focus on Data Protection and Information Security
including profound expertise in ISO 27001, EU GDPR and project management.

Kompetenzen

Kompetenzen

Top-Skills

ISO 27001 Data Protection Information Security Beratung Project Management DSGVO GDPR Datenschutz informationssicherheit Projektmanagement Audit Risikomanagement

Schwerpunkte

ISO 27001
Experte
GDPR
Experte
Project Management
Fortgeschritten

Produkte / Standards / Erfahrungen / Methoden

Core Skills

Data Protection (GDPR, CCPA), ISMS (ISO 27001), Compliance and Risk Management, Information Security, Security Awareness, Project Management, Team Lead, Business Process Optimisation, Contract Negotiations, Consent Management, Microsoft Office & G Suite


Portfolio

For over a decade, I have supported companies in the domains of information security, data protection, governance, risk, compliance (GRC), and project management. Working in roles as both an external consultant and internal security officer has not only given me a solid understanding of managing compliance requirements but has also taught me how to overcome diverse organizational challenges associated with it. I am very dedicated and always strive to realize projects as efficiently as possible to the full satisfaction of my clients.


Key Expertise and Areas of Contribution

Introduction and Optimisation of Information Security Management Systems (ISMS)

Leading and supporting full-scope ISO27001 initial and re-certifications. Performed activities encompassed the definition of a clear security strategy and deriving measurable objectives, as well as implementing and optimising documentation, processes and measures in the following areas: Risk Management, Business Continuity Management, Change Management, Penetration Testing Coordination, Asset Management, Business Partner Vetting, Internal Audit.


Compliance and Data Protection Consultation

Formalising a structured approach towards compliance management, creating and improving required documentation, guidelines and processes, perform GAP Analyses and implementing measures to ensure compliance with EU GDPR, other European laws and regulations and partly international legislation in the field of data protection and information security.


Workshops and Trainings

Security Awareness: Creation and delivery of security awareness training programs for employee onboarding, as well as advanced modules, additional materials, regular awareness communication and acting as an internal security speaker. Data protection and EU GDPR: Conducting workshops and trainings for raising awareness about general data protection requirements, as well as the implementation and communication of guidelines to ensure the adherence to defined processes.


Audits and Assessments

Performance of internal and external audits: including comprehensive risk assessments, GDPR gap analyses and IT audits as part of annual financial statement analyses. Planning and documentation of required actions, implementation of controls, instruction of employees, presentation of results in the form of management reports.


Agreements and Negotiation

Drafting and adaptation of NDAs, data processing agreements (GDPR) and information security agreements as well as their negotiation in the international B2B area with SMEs and Fortune 500 companies.


Project Management

Coordination of complex projects with various internal and external stakeholders, including cross-functional collaboration in alignment with middle- and top-management.


CISO and DPO

Guiding security and data protection initiatives in the capacity of a seasoned Security Officer and Certified Data Protection Officer, aside my practical experience, I also bring additional certifications to the table, including ISACA CRISC and Mediation, underscoring my proficiency in handling diverse responsibilities.


Other

My professional background spans various sectors, encompassing financial services, information and communication technology, logistics, the food industry, technology companies, the construction industry, production companies, recycling, publishing, governmental institutions and healthcare.

Einsatzorte

Einsatzorte

Salzburg (+10km)
Österreich
Depending on the frequency and duration of on-site work, I am also happy to travel longer distances.
möglich

Projekte

Projekte

2 years 11 months
2021-11 - now

Results-oriented and self-motivated management consultation

Management Consultant
Management Consultant
Results-oriented and self-motivated management consultant with 10 years of experience in data protection, information security and project management. By striving to always deliver the best results, I have helped numerous organizations to improve their security posture, mitigate risks and create a solid foundation for data protection and information security, as well as to successfully manage complex IT projects.
nospia e.U.
4 months
2024-01 - 2024-04

ISMS Implementation for ISO 27001, data protection consultation

Security and Data Protection Consultant ISO 27001 DSGVO
Security and Data Protection Consultant
Development of an information security management system (ISMS) in preparation for an ISO 27001 certification.
Introduction of a formal risk management approach and conducting a GAP analysis to ensure that all (data protection) legal and information security risks are adequately addressed, including recommendations on measures and their implementation.
Data protection consulting on selected topics, including the introduction of a register of processing activities, support in the implementation of data protection impact assessments, internal audits and the creation of data protection concepts.
Introduction and improvement of policies and processes in the areas of information security and data protection, including a comprehensive information security policy, as well as internal audits and vendor assessments.
ISO 27001 DSGVO
1 year 4 months
2022-01 - 2023-04

Data Protection and Information Security Consultation, Project Management with a focus on Consent Management

DSGVO consent management
Data protection consulting, project management and coordination with IT, legal and specialist departments on various topics in the areas of data protection and information security.
Assessment of compliance with data protection requirements with a focus on consent management - including the evaluation of existing processes, solutions used, suppliers and the introduction of new conceptual and technical solutions.
Examination of legal requirements in an international context with regard to appropriate processing bases for personal data and implementation of risk analyses. Technical analysis of the functionality of the consent management solutions used to ensure that they are legally compliant.
Analysing data protection-relevant contracts of service providers and conducting provider audits.  
Administration of the consent management platform One-Trust for around 20 websites of different legal entities.

Translated with DeepL.com (free version)
Onetrust
DSGVO consent management
1 year
2020-06 - 2021-05

Managing internal and external data protection

Security Officer
Security Officer
Managing internal and external data protection and information security projects, including workshops and training for clients with critical infrastructure in industry and healthcare.
x-tention
1 year 9 months
2018-06 - 2020-02

information security and data protection

Security Officer
Security Officer
Responsible for information security and data protection: strategy, processes, communication, product improvements, policies and agreements. Leading initiatives to implement an Information Security Management System (ISMS) and successful first-time ISO 27001 certification without non-conformities.
Usabilla by Surveymonkey
1 year 10 months
2016-08 - 2018-05

Managing projects and offering consulting services

Security & Privacy Consultant
Security & Privacy Consultant

Managing projects and offering consulting services in various fields, including: privacy and general data protection regulation (GDPR), information security, risk management, and conducting security awareness training for clients within a wide range of different industries.

Deloitte
2 years 6 months
2013-12 - 2016-05

Administration and development of the central project management platform

Quality Specialist
Quality Specialist
Administration and development of the central project management platform. Design and implementation of the authorization concept to resolve SOD conflicts and optimise the existing IAM.
Socionext EU

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2020-11 - 2020-11

Data Protection Officer

Certified Data Protection Officer, WIFI Austria
Certified Data Protection Officer
WIFI Austria
1 month
2019-11 - 2019-11

Mediator

Certified, London School of Mediation
Certified
London School of Mediation
1 month
2017-07 - 2017-07

Risk and Information Systems Control (CRISC)

CRISC Certification, ISACA
CRISC Certification
ISACA
6 years 8 months
2010-01 - 2016-08

Master of science in Business Informatics

MSc, Johannes Kepler University Linz
MSc
Johannes Kepler University Linz

Position

Position

Freelance Management Consultant with a focus on Data Protection and Information Security
including profound expertise in ISO 27001, EU GDPR and project management.

Kompetenzen

Kompetenzen

Top-Skills

ISO 27001 Data Protection Information Security Beratung Project Management DSGVO GDPR Datenschutz informationssicherheit Projektmanagement Audit Risikomanagement

Schwerpunkte

ISO 27001
Experte
GDPR
Experte
Project Management
Fortgeschritten

Produkte / Standards / Erfahrungen / Methoden

Core Skills

Data Protection (GDPR, CCPA), ISMS (ISO 27001), Compliance and Risk Management, Information Security, Security Awareness, Project Management, Team Lead, Business Process Optimisation, Contract Negotiations, Consent Management, Microsoft Office & G Suite


Portfolio

For over a decade, I have supported companies in the domains of information security, data protection, governance, risk, compliance (GRC), and project management. Working in roles as both an external consultant and internal security officer has not only given me a solid understanding of managing compliance requirements but has also taught me how to overcome diverse organizational challenges associated with it. I am very dedicated and always strive to realize projects as efficiently as possible to the full satisfaction of my clients.


Key Expertise and Areas of Contribution

Introduction and Optimisation of Information Security Management Systems (ISMS)

Leading and supporting full-scope ISO27001 initial and re-certifications. Performed activities encompassed the definition of a clear security strategy and deriving measurable objectives, as well as implementing and optimising documentation, processes and measures in the following areas: Risk Management, Business Continuity Management, Change Management, Penetration Testing Coordination, Asset Management, Business Partner Vetting, Internal Audit.


Compliance and Data Protection Consultation

Formalising a structured approach towards compliance management, creating and improving required documentation, guidelines and processes, perform GAP Analyses and implementing measures to ensure compliance with EU GDPR, other European laws and regulations and partly international legislation in the field of data protection and information security.


Workshops and Trainings

Security Awareness: Creation and delivery of security awareness training programs for employee onboarding, as well as advanced modules, additional materials, regular awareness communication and acting as an internal security speaker. Data protection and EU GDPR: Conducting workshops and trainings for raising awareness about general data protection requirements, as well as the implementation and communication of guidelines to ensure the adherence to defined processes.


Audits and Assessments

Performance of internal and external audits: including comprehensive risk assessments, GDPR gap analyses and IT audits as part of annual financial statement analyses. Planning and documentation of required actions, implementation of controls, instruction of employees, presentation of results in the form of management reports.


Agreements and Negotiation

Drafting and adaptation of NDAs, data processing agreements (GDPR) and information security agreements as well as their negotiation in the international B2B area with SMEs and Fortune 500 companies.


Project Management

Coordination of complex projects with various internal and external stakeholders, including cross-functional collaboration in alignment with middle- and top-management.


CISO and DPO

Guiding security and data protection initiatives in the capacity of a seasoned Security Officer and Certified Data Protection Officer, aside my practical experience, I also bring additional certifications to the table, including ISACA CRISC and Mediation, underscoring my proficiency in handling diverse responsibilities.


Other

My professional background spans various sectors, encompassing financial services, information and communication technology, logistics, the food industry, technology companies, the construction industry, production companies, recycling, publishing, governmental institutions and healthcare.

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.