Freelancer profile translated to English.
Back to original languageAbout Stephan
I am a freelance consultant for Information Security, Business Continuity, Resilience Management, and Crisis Management. I make companies resilient – pragmatically, audit-proof, and with measurable benefits.
Focus Areas:
- Information Security (ISO 27001/TISAX): Gap analysis, risk treatment, SoA, policies, training, internal audits; integration with IT operations (SIEM/SOC, EDR, vulnerability management).
- Business Continuity (ISO 22301): BIA, continuity strategies, emergency and recovery plans with RTO/RPO, tests & exercises.
- Resilience Management: Scenario and stress tests, early warning indicators, redundancies, supply chain robustness, KPIs, and continuous improvement.
- Crisis Management: Establishment of crisis organization, clear roles/decision paths, incident response playbooks, internal/external crisis communication.
- AI Governance (ISO/IEC 42001): Policies, roles, risk analysis, documented model lifecycle, technical/organizational controls, and evidence management.
- Supply Chain / Third-Party Risk: Assessment, contracts, audits, continuous monitoring.
- Regulatory & Certification: NIS2, DORA; prioritized measures, closing deviations, accompanying auditor discussions – up to the certificate.
Results:reduced risk, increased resilience, faster certifications, and clear responsibilities. Solutions that work – not just concepts.
German
Native or bilingual
Can work on-site
Munich (up to 50km)
Experience
- BITS Consulting GmbHManaging DirectorJune 2009 - Today (17 years)Munich, Germany
- ISMS according to ISO 27001/TISAX: Gap analysis, risk management, SoA, policies, metrics, internal audits
- BCM according to ISO 22301: Business Impact Analysis, strategies, emergency and recovery plans (RTO/RPO), tests & exercises
- Resilience Management: Scenario and stress tests, early warning indicators & dashboards, redundancies and SPOF reduction, supply chain robustness, continuous improvement (PDCA)
- Crisis Management: Establishment of crisis team, roles & decision paths, incident response playbooks, internal/external crisis communication
- Supply Chain/Third-Party Risk: Assessment, contracts, supplier audits, continuous monitoring
- Technical Implementation: Interfaces to IT Ops, SIEM/SOC, vulnerability management, EDR – clear processes & KPIs
- Certification Support: Prioritize measures, close deviations, accompany auditor discussions – up to the certificate
- Training & Awareness: Management briefings, employee training, tabletop exercises
- AI Governance according to ISO/IEC 42001: Policies, risk analysis, documented model lifecycle
- Integrate regulations (e.g., NIS2, DORA) and simplify evidence management
- Result: increased resilience, clear responsibilities, demonstrable compliance, and measurable risk reduction – pragmatic and implementation-oriented.
- IDS GmbH – Analysis and Reporting ServicesExternal ConsultantJanuary 2018 - January 2019 (1 year)Munich, Germany
- Flughafen München GmbHExternal ConsultantJanuary 2017 - January 2018 (1 year)Munich, Germany
Recommendations
Be the first to recommend Stephan
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Diplom-Ingenieur, Electrical EngineeringUniversity of Applied Sciences Würzburg-Schweinfurt1997Diplom-Ingenieur, Elektrotechnik
Certifications
- Cybersecurity Specialist (TÜV Rheinland)TÜV Rheinland2021
- Anti-Terrorism Officer (ATO)BCM Academy GmbH2022