Description

Interim CISO and Senior Information Security Consultant with 20+ years of experience in cybersecurity, IT security and governance. I help organizations design, implement and improve security structures that are practical, audit-ready and aligned with business needs.

My expertise includes ISO 27001, ISMS, risk management, security governance, audit preparation and interim security leadership. I support clients in regulated and complex environments, including projects related to BSI IT-Grundschutz, TISAX, KRITIS, PCI DSS, GDPR, GxP and SOX.

I work with leadership teams, IT organizations and compliance stakeholders to establish clear security roadmaps, governance models, policies and operating procedures. My goal is to turn security requirements into effective structures that improve resilience, transparency and execution.

Typical assignments include ISMS build-up, security strategy, governance design, certification readiness, policy development and support for security transformation initiatives.

Industry field of expertise

Languages

German
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

A-R-C Andreas Rühl Consulting
Informationssicherheits und Cybersecurity Berater
CONSULTING AND AUDITS
January 2025 - Today (1 year and 5 months)
Berlin, Germany
Led consulting engagements in information security, cybersecurity and governance with a focus on building resilient security organizations, implementing ISMS frameworks and preparing clients for regulatory and audit requirements.

Key responsibilities

Designed and implemented ISMS frameworks aligned with ISO/IEC 27001 and BSI IT-Grundschutz

Conducted gap assessments, risk analyses and security roadmap development

Supported clients in preparation for TISAX, PCI DSS and KRITIS-related audits

Developed security policies, procedures, governance models and control frameworks

Advised leadership teams on information security strategy, security governance and organizational setup

Supported the design of security architectures, operating models and technical security concepts

Delivered security workshops, awareness sessions and management briefings

Acted as Interim CISO / senior advisor for clients requiring strategic and operational security leadership

Typical outcomes

Audit-ready ISMS structures and governance processes

Clear security roadmaps and prioritized risk treatment plans

Improved compliance posture and stronger organizational security maturity
ISMS Cybersicherheit CISO ISO 27001 Risk Management
PROFI Engineering Systems AG
Principal Consultant & Deputy Business Unit Manager – Security Solutions
CONSULTING AND AUDITS
January 2019 - January 2025 (6 years)
Germany
Led the development and expansion of the Security Solutions business unit and the Information Security Consulting practice.

Key responsibilities

Built and scaled the Information Security Consulting service portfolio

Led interdisciplinary consulting teams from presales through project delivery

Managed complex client engagements across multiple industries

Delivered ISMS implementations and security transformation programs

Supported compliance and audit initiatives including ISO 27001, BSI IT-Grundschutz, KRITIS, PCI DSS, TISAX and DSGVO

Developed security policies, governance frameworks and operating models

Advised clients on information security strategy, architecture and risk management

Led workshops, management briefings and security awareness programs

Contributed to the development of Managed Security Services and SOC offerings

Supported recruiting, mentoring and capability development within the consulting team

Achievements

Built and expanded the Security Solutions business area

Established standardized delivery models and best practices for security consulting projects
ISMS Informationssicherheitsmanagement ISO 27001 BSI IT-Grundschutz Cybersecurity
PROFI Engineering Systems AG
Principal Consultant & Team Lead – Information Security
CONSULTING AND AUDITS
October 2017 - January 2025 (7 years and 3 months)
Darmstadt, Germany
Built and established the Information Security Consulting practice and led consulting engagements across multiple industries.

Key responsibilities

Developed and expanded the Information Security Consulting service portfolio

Led and mentored the Information Security consulting team

Managed complex consulting projects from presales through delivery

Implemented Information Security Management Systems (ISMS)

Supported security and compliance initiatives including ISO 27001, BSI IT-Grundschutz, KRITIS, PCI DSS, VdS 3473 and GDPR

Designed security policies, governance frameworks and operational procedures

Advised clients on information security strategy, architecture and risk management

Conducted security workshops, management briefings and awareness programs

Supported the expansion of managed security services
BSI IT-Grundschutz ISMS ISO 27001 Risk Management Governance, Risk and Compliance