You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Christian GebhardtCG

Christian Gebhardt

Information Security Officer

€1,200/day
Köln, DE
15+ years
DORA
CRA
NIS2
ISO 27001
BSI IT-Grundschutz

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Christian

For over 18 years, I have been supporting companies in implementing information security, IT governance, and regulatory requirements in highly regulated industries.

As a former Deputy CISO of Gothaer Versicherung, a specialist auditor for Deutsche Bank Group, and currently Managing Director of Blackfort Technology, I combine strategic management consulting with deep technical understanding.

My focus areas include information security management (ISO 27001, BSI IT-Grundschutz), DORA, NIS2, Cyber Resilience Act (CRA), IT risk management, and cloud and security architectures. Additionally, I support organizations as an external CISO or Information Security Officer from the initial gap analysis to successful auditing or certification.

My clients include insurance companies, financial service providers, critical infrastructure operators, public institutions, healthcare companies, and technology providers.

In addition to classic governance topics, I have extensive experience in cloud security (Azure, Entra ID, Intune, Microsoft Defender), vulnerability management, PKI, cryptography, certificate management, and IT auditing.

I work equally with boards, management, departments, and technical teams, supporting the pragmatic and sustainable implementation of regulatory requirements.

  • German

    Native or bilingual

Can work on-site
Köln (up to 50km)

Experience

  • Blackfort Technology
    Managing Director and Consultant
    January 2017 - Today (9 years and 5 months)
    - Establishment and strategic direction of Blackfort Technology
    - Conducting mandates as external CISO and ISB in highly regulated industries (insurance, healthcare, KRITIS, government agencies)
    - Establishment and operation of ISMS according to ISO 27001 and BSI IT-Grundschutz for various clients
    - Implementation of regulatory requirements (DORA, NIS-2, CRA, VAIT, BAIT) for financial institutions and other industries
    - Vulnerability and patch management with Tenable, Rapid7, and M365
    - Expertise in PKI, HSMs, and certificate management (including Digicert, Thales nShield)
    - Consulting at management and board level, and audit support
    - Standing member of the AI expert working group of the Alliance for Cybersecurity / BSI (ACS/BSI)
    - Lead author: "Guidelines for Penetration Testing of Large Language Models" (ACS/BSI)
    - Mandate as external ISB (ISO 27001) at aquatune GmbH (June 2018 – March 2023)
    - Mandate as external Data Protection Officer at Dr. med. dent. Boris Ksendsowski (June 2018 – December 2024)
    - Mandate as external DPO at Aurum Consulting GmbH (December 2018 – present)
    DORA ISO 27001
  • Gothaer Versicherung
    Deputy Chief Information Security Officer
    January 2020 - January 2023 (3 years)
    - Technical management of the ISM staff department with 10 employees (IT Security Architects and IS Officers)
    - Deputy CISO from December 16, 2021; assumption of all CISO responsibilities; direct reporting line to the IT Board of the Gothaer Group and the management of Gothaer Solutions GmbH
    - Overall responsibility for information security of almost all companies in the Gothaer Group
    - Steering, control, and maintenance of the ISMS continuously certified according to ISO/IEC 27001
    - Complete rebuild of the information risk management system according to VAIT
    - Complete rebuild of the certified ISMS according to ISO 27001, including information risk management
    - Development and implementation of central control instruments for the staff department
    - Conducting security need analyses based on the application landscape
    - Evaluation of technical vulnerabilities and definition of risk-minimizing measures
    - Coordination of the preparation of the information security report to management
    - Coordination of financial statement auditors and internal audit
    - Leadership of task forces for handling information security incidents
    - Permanent participant in the Group Risk Committee and the Compliance Committee of the Gothaer Group
    - Steering and coordination of IS processes with IT service providers
    - Initiation and coordination of awareness and training measures
    - Participation in the creation and updating of the emergency concept (BCM)
    - Evaluation of all IT projects and consulting on IT projects regarding information security
    - Creation of guidelines and policies, as well as design of processes and process controls
    - Regulations: DORA, VAIT, BAIT, ISO 27001
  • ArcSin GmbH
    Managing Director
    January 2021 - December 2022 (1 year and 11 months)
    - Strategic direction and operational business activities
    - Steering and coordination of software development in the areas of AI and cryptography
    - Operation of massively parallel processing in distributed systems (approx. 1.5 Petaflops total computing power)
Check out Christian's experience

Recommendations

Be the first to recommend Christian

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Certified Partner Sales Associate Identity Security
    tenable
    2024
    Certified Partner Sales Associate Identity Security
  • Partner Sales Engineer Identity Security
    tenable
    Partner Sales Engineer Identity Security
Check out Christian's education

Categories