24.11.2025 aktualisiert
verifiziert
Premiumkunde
60 % verfügbarISO 27001 & NIS2 & KRITIS 8a BSIG Expert | Cybersecurity Consultant & Strategic Advisor
Köniz, Schweiz
Weltweit
Business Qualified: BSc Electrical Engineering | MBA | Postgrad Environmental EngineeringÜber mich
Freelance cybersecurity consultant with 20+ years in ISMS, ISO 27001, NIS2, TISAX, GDPR & DORA. Former Group CISO with strong expertise in risk, compliance & governance. Available for short- & long-term projects in ISMS design, audit readiness & GRC, focused on the DACH region.
Skills
Künstliche IntelligenzAuditsGeschäftskontinuitätCloud-SicherheitComplianceInformationssicherheitBeratungKrisenmanagementDigitale DatenIncident ResponseFranzösischGap-AnalyseSteuerungGovernance-Risikomanagement und ComplianceISO / IEC 27001Management SystemeRisikoanalyseStakeholder ManagementGeschäftsstrategienTisaxInformationsverwaltung und -managementBeurteilungen DurchführenInformationssicherheits-ManagementsystemISO / IECIt-sicherheitsstandardsDatenschutzProzessleitsystemDSGVOISO 22302Sicherheitsbestimmungen
I am an experienced Cybersecurity Executive and former Group CISO, combining leadership experience from senior in-house roles with more than 15 years as an independent consultant. Over this time, I have successfully designed, implemented, and audited Information Security Management Systems (ISMS) in line with ISO/IEC 27001, helping organizations across industries strengthen their security posture.
As a freelance cybersecurity consultant, I support organizations in the DACH region and beyond in achieving compliance, enhancing cyber resilience, and aligning with leading frameworks and regulations. My clients value my ability to translate complex requirements into pragmatic, results-driven solutions that work in real-world environments
My expertise covers the full lifecycle of ISMS implementation, certification support, and audit readiness, with a strong focus on the latest standards such as ISO/IEC 27001:2022 and ISO/IEC 42001 for AI management systems. I enable organizations to address requirements from NIS2, TISAX, GDPR, DORA, KRITIS §8a, and FINMA, ensuring a practical and efficient path to compliance.
I bring broad experience in risk and compliance management, from gap analysis and control design to maturity assessments and the integration of Governance, Risk & Compliance (GRC) frameworks. I have supported organizations in aligning business, regulatory, and technical requirements with actionable security controls, while also leading the rollout of governance processes and GRC platforms.
As a trusted advisor and interim CISO, I have developed and enhanced security governance frameworks, ranging from enterprise-wide policy sets to business continuity and crisis management strategies (ISO 22301) and incident response structures. My technical expertise extends to cloud and OT security, including Zero Trust approaches, hybrid environments, and ICS/OT protection aligned with ISA/IEC 62443.
I thrive in challenging project settings, maintaining a clear focus on results while delivering pragmatic solutions to critical issues. This approach has earned me the trust of boards, industry peers, and stakeholders, as I balance strategic objectives with operational realities to achieve tangible outcomes.
Beyond implementation, I provide board-level advisory and CISO-as-a-Service engagements, bridging the gap between business strategy and cybersecurity execution. My background as Group CISO, combined with extensive interactions with regulators, auditors, and executive stakeholders, allows me to deliver audit-ready solutions that reduce risk and improve resilience.
Fluent in German and English (with basic French), I work seamlessly across different industries and regulatory environments, helping clients navigate the complex intersection of compliance, governance, and technology.
Sprachen
DeutschMutterspracheEnglischverhandlungssicherFranzösischGrundkenntnisse
Projekthistorie
- Defining policies, standards and procedures
- Providing guidance and expertise on new and changed controls
- Defining control assurance framework for internal control system (ICS) with focus on Cloud, AI and Supply chain
- Providing guidance and expertise on new and changed controls
- Defining control assurance framework for internal control system (ICS) with focus on Cloud, AI and Supply chain
- Defining ISMS for 7pass.de based on ISO 27001 (including certification)
- External information security officer for the operation of the ISMS
- Advising on threats and vulnerabilities
- Management of incidents and risks
- Establishing reporting process
- External information security officer for the operation of the ISMS
- Advising on threats and vulnerabilities
- Management of incidents and risks
- Establishing reporting process
- Implementing ISMS based on ISO/IEC 27001
- Carrying out NIS2 gap analysis
- Defining NIS2 policy framework based on central control framework
- Establishing roles and responsibility matrix and repoting structures
- Advising on NIS2 Directive and Implementing Act
- Carrying out NIS2 gap analysis
- Defining NIS2 policy framework based on central control framework
- Establishing roles and responsibility matrix and repoting structures
- Advising on NIS2 Directive and Implementing Act