Managing projects and offering consulting services in various fields, including: privacy and general data protection regulation (GDPR), information security, risk management, and conducting security awareness training for clients within a wide range of different industries.
Freelance Management Consultant with a focus on Data Protection and Information Security
including profound expertise in ISO 27001, EU GDPR and project management.
Core Skills
Data Protection (GDPR, CCPA), ISMS (ISO 27001), Compliance and Risk Management, Information Security, Security Awareness, Project Management, Team Lead, Business Process Optimisation, Contract Negotiations, Consent Management, Microsoft Office & G Suite
Portfolio
For over a decade, I have supported companies in the domains of information security, data protection, governance, risk, compliance (GRC), and project management. Working in roles as both an external consultant and internal security officer has not only given me a solid understanding of managing compliance requirements but has also taught me how to overcome diverse organizational challenges associated with it. I am very dedicated and always strive to realize projects as efficiently as possible to the full satisfaction of my clients.
Key Expertise and Areas of Contribution
Introduction and Optimisation of Information Security Management Systems (ISMS)
Leading and supporting full-scope ISO27001 initial and re-certifications. Performed activities encompassed the definition of a clear security strategy and deriving measurable objectives, as well as implementing and optimising documentation, processes and measures in the following areas: Risk Management, Business Continuity Management, Change Management, Penetration Testing Coordination, Asset Management, Business Partner Vetting, Internal Audit.
Compliance and Data Protection Consultation
Formalising a structured approach towards compliance management, creating and improving required documentation, guidelines and processes, perform GAP Analyses and implementing measures to ensure compliance with EU GDPR, other European laws and regulations and partly international legislation in the field of data protection and information security.
Workshops and Trainings
Security Awareness: Creation and delivery of security awareness training programs for employee onboarding, as well as advanced modules, additional materials, regular awareness communication and acting as an internal security speaker. Data protection and EU GDPR: Conducting workshops and trainings for raising awareness about general data protection requirements, as well as the implementation and communication of guidelines to ensure the adherence to defined processes.
Audits and Assessments
Performance of internal and external audits: including comprehensive risk assessments, GDPR gap analyses and IT audits as part of annual financial statement analyses. Planning and documentation of required actions, implementation of controls, instruction of employees, presentation of results in the form of management reports.
Agreements and Negotiation
Drafting and adaptation of NDAs, data processing agreements (GDPR) and information security agreements as well as their negotiation in the international B2B area with SMEs and Fortune 500 companies.
Project Management
Coordination of complex projects with various internal and external stakeholders, including cross-functional collaboration in alignment with middle- and top-management.
CISO and DPO
Guiding security and data protection initiatives in the capacity of a seasoned Security Officer and Certified Data Protection Officer, aside my practical experience, I also bring additional certifications to the table, including ISACA CRISC and Mediation, underscoring my proficiency in handling diverse responsibilities.
Other
My professional background spans various sectors, encompassing financial services, information and communication technology, logistics, the food industry, technology companies, the construction industry, production companies, recycling, publishing, governmental institutions and healthcare.
Managing projects and offering consulting services in various fields, including: privacy and general data protection regulation (GDPR), information security, risk management, and conducting security awareness training for clients within a wide range of different industries.
Freelance Management Consultant with a focus on Data Protection and Information Security
including profound expertise in ISO 27001, EU GDPR and project management.
Core Skills
Data Protection (GDPR, CCPA), ISMS (ISO 27001), Compliance and Risk Management, Information Security, Security Awareness, Project Management, Team Lead, Business Process Optimisation, Contract Negotiations, Consent Management, Microsoft Office & G Suite
Portfolio
For over a decade, I have supported companies in the domains of information security, data protection, governance, risk, compliance (GRC), and project management. Working in roles as both an external consultant and internal security officer has not only given me a solid understanding of managing compliance requirements but has also taught me how to overcome diverse organizational challenges associated with it. I am very dedicated and always strive to realize projects as efficiently as possible to the full satisfaction of my clients.
Key Expertise and Areas of Contribution
Introduction and Optimisation of Information Security Management Systems (ISMS)
Leading and supporting full-scope ISO27001 initial and re-certifications. Performed activities encompassed the definition of a clear security strategy and deriving measurable objectives, as well as implementing and optimising documentation, processes and measures in the following areas: Risk Management, Business Continuity Management, Change Management, Penetration Testing Coordination, Asset Management, Business Partner Vetting, Internal Audit.
Compliance and Data Protection Consultation
Formalising a structured approach towards compliance management, creating and improving required documentation, guidelines and processes, perform GAP Analyses and implementing measures to ensure compliance with EU GDPR, other European laws and regulations and partly international legislation in the field of data protection and information security.
Workshops and Trainings
Security Awareness: Creation and delivery of security awareness training programs for employee onboarding, as well as advanced modules, additional materials, regular awareness communication and acting as an internal security speaker. Data protection and EU GDPR: Conducting workshops and trainings for raising awareness about general data protection requirements, as well as the implementation and communication of guidelines to ensure the adherence to defined processes.
Audits and Assessments
Performance of internal and external audits: including comprehensive risk assessments, GDPR gap analyses and IT audits as part of annual financial statement analyses. Planning and documentation of required actions, implementation of controls, instruction of employees, presentation of results in the form of management reports.
Agreements and Negotiation
Drafting and adaptation of NDAs, data processing agreements (GDPR) and information security agreements as well as their negotiation in the international B2B area with SMEs and Fortune 500 companies.
Project Management
Coordination of complex projects with various internal and external stakeholders, including cross-functional collaboration in alignment with middle- and top-management.
CISO and DPO
Guiding security and data protection initiatives in the capacity of a seasoned Security Officer and Certified Data Protection Officer, aside my practical experience, I also bring additional certifications to the table, including ISACA CRISC and Mediation, underscoring my proficiency in handling diverse responsibilities.
Other
My professional background spans various sectors, encompassing financial services, information and communication technology, logistics, the food industry, technology companies, the construction industry, production companies, recycling, publishing, governmental institutions and healthcare.