You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Maxim RibakowskiMR

Maxim Ribakowski

Interim CISO | GRC Expert | ISO 27001 & IT Risk M

€1,000/day
Berlin, DE
15+ years
IT-Governance & Compliance
ISO 27001 / ISMS
ISO 22301 / BCMS
Project Management / Interim Management
Risk Management & Internal Controls

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Maxim

Experienced GRC and IT Compliance expert with over 15 years of professional experience in corporations, regulated industries, and medium-sized companies.

I support companies in establishing and further developing Governance, Risk, and Compliance structures (GRC).
From gap analysis to conception and implementation. I accompany ISMS implementations according to ISO 27001, support with audit preparations, and take on interim functions such as CISO-as-a-Service or project management in the area of IT Risk.

Additionally, I advise organizations on the introduction and regulatory requirements of AI systems, e.g., within the framework of the EU AI Act or in the context of existing GRC frameworks.

My projects include, among others:
– Establishment of a group-wide risk management system (financial sector)
– Preparation for ISO 27001 and 22301 certification (incl. documentation & awareness)
– Introduction of internal control systems (ICS) for international units
– Integration of AI-supported processes into existing control and governance structures

My goal is to make organizations secure, compliant, and audit-ready.
Pragmatic, strong communication skills, and a real hands-on mentality. I am immediately available for interim or project mandates / gladly remote or hybrid.

  • German

    Native or bilingual

  • English

    Fluent

  • French

    Basic

  • Ukrainian

    Conversational

  • Russian

    Native or bilingual

Can work on-site
Berlin (up to 50km)

Experience

  • ACE
    Chief Information Security Officer
    BANKING AND INSURANCE
    March 2025 - Today (1 year and 3 months)
    Berlin, Germany
    • New implementation of an ISMS including establishment of governance structures, documentation, risk and measure management, and management reviews according to ISO/IEC 27001:2022.
    • Certification preparation: Complete operational and conceptual preparation for ISO 27001:2022 certification including internal audits, gap analyses, measure tracking, and coordination of the external certification body.
    • Tool-supported implementation: Introduction and configuration of an ISMS tool for digital mapping of all ISMS components: policy management, risk analysis, measure control, audit trail, reporting.
    • Regulatory implementation according to DORA: ISMS (EU) 2022/2554 critical ICT 5–15 (ICT Risk Management), Art. 19 (Incident Reporting), and Art. 28–31 (Third-Party Risk).
    • Reporting & Communication: to C-level - Board on risk situation, security incidents, status of strategic measures.
  • Capgemini Outsourcing Services GmbH
    Cyber Security Manager
    CONSULTING AND AUDITS
    January 2018 - August 2018 (7 months)
    Berlin, Germany
    • Organization and further development of security concepts according to ISO/ IEC 27001 based on IT Baseline Protection for the public sector and BAIT for the financial sector.
    • Advice on GDPR in app development (IT industry).
    • Auditing of data centers.
    • Implementation of legally required documents according to GDPR and ISMS (financial industry).
    • Processing of tenders.
    • Presales activities.
    • Project management and project steering.
    • ISMS continuation and improvement according to ISO 27001 based on BSI 100-1/4.
  • Ruhdi GmbH
    Information Security Officer
    January 2024 - January 2025 (1 year)
    • Steering of the Information Security Program according to ISO27001:2022, BAIT, BSI 200 1-4.
    • Creation and adaptation of IT policies and instructions.
    • Gap analysis according to ISO27001 and GDPR.
    • Planning and implementation of ISMS and DSMS.
    • Definition of information security / data protection goals and strategy.
    • Collaboration with central stakeholders.
    • Creation and implementation of information security-relevant policies, instructions, and standards.
    • Development, implementation, and training of the risk management strategy (risk assessment, planning and monitoring of countermeasures, reporting).
    • Support with internal and external reviews (data protection audit and annual financial statement audit).
    • Business Continuity Management (improvement of emergency scenarios, monitoring of tests, training of employees).
    • Information security review of external service providers, primarily from the IT sector and cloud services.
    • Standardization and automation of business processes.
Check out Maxim's experience

Recommendations

Be the first to recommend Maxim

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Information Lawyer LL.B.
    Hochschule Darmstadt
    2013
    Lead Auditor ISO 27001 (Information Sicherheit Manager) Lead Auditor ISO 22301 (Business Continuity Manager) Datenschutzbeauftragter ITIL-Implemnter

Skill set

NIST Cybersecurity Framework
COBIT 5 / COBIT 2019
ITIL (z. B. für Serviceprozesse)
BSI IT Baseline Protection
EU AI Act
AI Risk Analysis
Change Management
Stakeholder Management
Training & Awareness
DORA
IAM

Categories