Level
Senior Consultant
Senior
Digital
&
IT security
Consultant

Job title

Senior Digital Consultant | Information Security & ISMS Expert | CISM | ISO/IEC 27001 Lead Implementer

Brief description

Experienced digital consultant with over 5 years of project-based practice in the implementation of information security strategies, ISMS implementations and regulatory compliance. Specialized in IT security management according to international (ISO/IEC 27001, NIS2) and national standards (BSI IT-Grundschutz). Strong in implementation, confident in communication and experienced in advising medium-sized and large companies on the establishment of security and risk management systems.

Certifications

  • ISO/IEC 27001 Lead Implementer
  • BSI IT-Grundschutz practitioner
  • Certified Information Security Manager (CISM, ISACA)
  • Optional: ISO 22301 Foundation (Business Continuity)
  • Optional: ISO/IEC 27005 (risk analysis according to ISO standard)

Professional skills

Information security & ISMS
  • Development, introduction and operation of information security management systems (ISMS)
  • Carrying out protection requirement analyses, risk analyses and action planning
  • Integration of BSI IT-Grundschutz profiles, BSI compendium
  • Development and review of security policies, IS role models and guidelines
  • Preparation, support and audit readiness for ISO/IEC 27001 and BSI certifications
Regulatory compliance
  • NIS2-compliant security consulting (incl. gap analyses)
  • GDPR & IT Security Act (IT-SiG 2.0) - technical and organizational measures
  • Support for KRITIS-relevant organizations with legal implementation
Project & process consulting
  • End-to-end consulting for the digitalization of governance and security processes
  • Introduction of security-related tools (risk management, vulnerability management)
  • Project management in safety-critical environments (e.g. energy, health, industry)
Awareness & Governance
  • Training and sensitization of employees in security topics
  • Establishment of information security organizations (ISB, CISO, GRC)
  • Moderation of security workshops with specialists and managers
Industry experience (excerpt)
  • Energy supply / KRITIS
  • Healthcare and medical technology
  • Financial services & insurances
  • Public sector / authorities / chambers
  • Mechanical engineering / Industry 4.0
Technical know-how
  • ISMS tools: e.g. Verinice, HiScout, tool-supported BSI baseline protection catalogs
  • GRC platforms: ServiceNow, OneTrust, Compliance Tools
  • Project management: Jira, Confluence, MS Project
  • ITIL, COBIT, partial understanding of TOGAF (for governance topics)
  • Cloud security & provider audit (Azure, M365, AWS - at organizational level)
Soft Skills & Methodology
  • Strong in analysis, conception and communicative communication of security-relevant topics
  • Ability to translate complex IT risks into business and decision-making logic
  • Project management in heterogeneous teams, experienced in classic and agile environments
  • Consultant mindset with hands-on mentality

Ready for use for

  • Interim ISB or external CISO
  • ISMS implementation projects
  • Preparation for ISO/BSI audits
  • NIS2 consulting & gap analysis
  • Awareness campaigns and training
APPLY

Let's talk.

Together we will find out how we can best support you.

Contact us now
Integration that works.
info@di-experts.com
DI Experts
References
Services
Our team
Career
Contact us
Knowledge
Legal matters
Imprint
Data protection
DI Experts GmbH