Beschreibung

"Full-Stack" IT Security & GRC Professional with 25 years of experience in IT and information security—from hands-on implementation to strategic governance.

Demonstrated expertise in elevating IT security maturity and cyber resilience based on recognized frameworks including ISO/IEC 27001, BSI IT-Grundschutz, NIST, and ITIL. As a "Full-Stack" expert, I operate seamlessly across technical implementations (Security Architecture, IAM, PKI, Cloud Security) and GRC domains (Audits, Risk Management, Compliance, Data Privacy, NIS-2, DORA, CRA).

Comprehensive experience in security architecture, audit preparation, ISMS consulting, and project delivery within regulated environments, EU projects, and cloud infrastructures. Deployable as Interim CISO/ISO, IT Security Architect, or GRC Consultant.

The "Full-Stack" approach enables me to serve as an effective bridge between technical teams, management, and external stakeholders.

Sprachen

Polnisch
Muttersprachlich oder zweisprachig
Deutsch
Muttersprachlich oder zweisprachig
Englisch
Verhandlungssicher
Italienisch
Grundkenntnisse

Arbeitsortpräferenzen

Vor Ort möglich

Berlin (bis zu 50 km)

Freelance / Consultant
Senior Information Security & GRC Consultant
BERATUNG & AUDITS
Mai 2023 - Heute (3 Jahre und 1 Monat)
Advisory roles for enterprises and regulated organizations
ISMS design, review and audit support (ISO 27001, BSI)
Regulatory assessments (NIS2, DORA, BAIT)
Interface between management, IT, security and auditors
Architecture-level security and governance guidance
Enterprise ISMS & Compliance Architecture Audit & Risk Management Active Directory & Identity Security
Freelancer
Senior Information Security Consultant, IT Security Architect, IT GRC & Data Privacy Expert
Mai 2023 - Heute (3 Jahre und 1 Monat)
08/25 – 12/25: Cloud: Security & Data Protection Coordinator
Client: European Commission (EU)
03/25 – 06/25: Active Directory: Windows Authentication Hardening
Client: NGO (Germany)
01/25 – 02/25: ISO/IEC 27001:2022 Compliance Gap Analysis
Client: Media company (Germany)
09/24 – 02/25: PKI – Microsoft Active Directory Certificate Services
Client: NGO (Germany)
7/2024: Trainer – “BSI IT-Grundschutz Practitioner”
Client: TÜV Nord (Germany)
02/24 – 07/24: Azure Entra ID – Cloud Authentication
Client: NGO (Germany)
10/23 – 02/24: ISMS: Identity and Access Management
Client: NGO (Germany)
10/23 – 04/24: IT Asset Management: Structure Analysis
Client: Bank (Germany)
08/23 – 11/23: Cloud-First Network Architecture & PKI
Client: Laboratory Industry (Germany)
05/23 – 07/23: ISMS: Dual-Standard Security Concept
Client: Media Company (Germany)
05/23 – 09/23: IT Asset Management: Internal ISMS Audit
Client: Bank (Germany)
Eurofins GSC IT Poland z.o.o., PL
Information Security Consultant, IT Security Architect
UMWELT
Oktober 2020 - Mai 2023 (2 Jahre und 7 Monate)
Katowice, Polen
Experience in Governance, Risk & Compliance (GRC) with a focus on thecreation and maintenance of ISMS policies, specifically the "Access Control and Password Policy", as well as performing IT risk analyses.
Provided IT security consultancy as a Subject Matter Expert (SME) for system hardening and cryptography, particularly in the fields of IAM/PAM (Active Directory, Entra ID, Ping Federate, BeyondTrust PAM).
Developed over 100 security blueprints for operating systems such as Windows 11, Windows Server 2019 and Ubuntu Linux, as well as for infrastructure components and security solutions (e.g. KeyFactor PKIaaS, CryptoSpike for NetApp, PostgreSQL, HashiCorp Vault, and Entrust HSM).
IT architecture for the integration and securing of cloud modules such as Azure Key Vault, AWS IAM, Azure SQL and Azure Virtual Desktop (VDI), as well as the creation of hardening manuals for IT systems, IT services (DNS, Apache/Nginx/IIS, SSL/TLS cryptography, email servers) and secure networks.
Active Directory & Identity Security Enterprise ISMS & Compliance Architecture