Alexander Sänn - Owner and Managing Director

Q: Where is Alexander based?

Alexander is based in Bayreuth, Germany and can operate in on-site , hybrid , and remote work models.

Q: What languages does Alexander speak?

Alexander speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Alexander have?

Alexander has at least 21 years of experience. During this time, Alexander has worked in at least 24 different roles and for 26 different companies . The average length of individual experience is 1 year and 10 months . Note that Alexander may not have shared all experience and actually has more experience.

Q: What is Alexander's latest experience?

Alexander's most recent position is Lead Audit Conformity & IT Security Catalog at DAX group energy provider in the renewable energy sector .

Q: What companies has Alexander worked for in recent years?

In recent years, Alexander has worked for DAX group energy provider in the renewable energy sector , E-commerce and closed-loop provider , Critical infrastructure in international energy supply , Mechanical engineering , and International mobility provider .

Q: Which industries is Alexander most experienced in?

Alexander is most experienced in industries like Energy , Information Technology , and Tourism . Alexander also has some experience in Manufacturing , Education , and Transportation .

Q: Which business areas is Alexander most experienced in?

Alexander is most experienced in business areas like Project Management , Information Technology , and Research and Development . Alexander also has some experience in Marketing , Product Development , and Strategy .

Q: Which industries has Alexander worked in recently?

Alexander has recently worked in industries like Energy , Manufacturing , and Information Technology .

Q: Which business areas has Alexander worked in recently?

Alexander has recently worked in business areas like Audit , Information Technology , and Quality Assurance .

Recommended expert

Bayreuth, Germany

Check rate

Experience

Jan 2025 - Dec 2025

1 year

Lead Audit Conformity & IT Security Catalog

DAX group energy provider in the renewable energy sector

Supported the implementation of §8a requirements of the BSI Act for critical infrastructures.
Systematically prepared and supported internal and external audits, resolving previous deviations (HA, NA, VP)
Implemented the specific requirements of the IT security catalog
Developed training, created run books, and conducted assessments to ensure operational effectiveness.

Jan 2025 - Dec 2025

1 year

External information security officer

E-commerce and closed-loop provider

Conducted risk analyses and vulnerability assessments
Assisted with the implementation of an information security management system (ISMS) as the basis for meeting the Digital Operational Resilience Act (DORA) requirements
Prepared software development for the requirements of the Cyber Resilience Act (CRA)
Established a management system for vulnerabilities and security threats

Jan 2025 - Dec 2025

1 year

Lead of the Workstream Log Collection, Extraction & Aggregation for enabling a SIEM according to SzA

Critical infrastructure in international energy supply

Implemented a central log management system to meet KRITIS requirements in energy supply
Acted as workstream lead for collecting, extracting, and aggregating log data from selected power plants
Installed and configured security components such as the genua cyber diode and SYSLOG to ensure logging

Jan 2025 - Dec 2025

1 year

Consulting on the strategic implementation of the Cyber Resilience Act

Mechanical engineering

Conducted inventory and gap analysis according to IEC 62443
Developed recommendations to ensure CRA compliance

Jan 2024 - Dec 2025

2 years

Project consulting in the field of innovation

International mobility provider

Horizon scan: project planning of a trend analysis for IT emergency management using prelead

Jan 2024 - Dec 2025

2 years

Project Consulting for Security Concept and NIS2 Compliance

Water Supply

Advising on implementing NIS2 and network segmentation in a critical infrastructure environment
Developing a security concept for a technical monitoring system, including early warning logic for hybrid IT environments
Creating concepts and action plans to meet the security requirements of ISO 27001 and BSI IT Baseline Protection

Jan 2023 - Dec 2024

2 years

Project Manager for Establishing a Cybersecurity Program

DAX Energy Utility Group

Taking responsibility for setting up the project and managing delivery through to the finish line
Analyzing the program's and project's challenges and risks
Defining an effective approach
Restructuring and mobilizing internal and partner staff
Supporting the newly organized cybersecurity department on its path to the next level of operational maturity (e.g., evolving into a customer-focused, standardized, and sustainable organization)

Jan 2022 - Dec 2025

4 years

Lead for Cybersecurity Standards and Regulatory Requirements

DAX Machinery and Plant Engineering Group

Lead for a DAX company and Europe's largest industrial manufacturer. Responsible for certification and vendor self-certification according to IEC 62443-4-2 and GDPR.

Analyzing, aggregating, and evaluating the regulatory impact of the EU Cyber Resilience Act (CRA), EU AI Act, EU Data Act, and NIS2
Developing a preparation and implementation plan and carrying out the necessary steps to achieve compliance
Managing stakeholders and coordinating with external auditors
Representing the company in industry-specific internal and external committees

Jan 2022 - Dec 2025

4 years

§8a KRITIS Audit Support

International Mobility Provider

Audit support for the world’s second-largest transport company. Assessing and completing the IS policies and documentation framework for IDW and BSI audit standards.

Supporting the 2nd Line of Defense in building and operating an information security management system (ISMS) according to ISO 27001
Creating and maintaining policies, processes, and other regulatory documents (e.g., work instructions and manuals)
Contributing to the information security strategy
Supporting information security risk management
Implementing measures to eliminate or mitigate information security risks and deficiencies
Preparing for the next §8a audit cycle (2023)
Coordinating with departments to identify KRITIS-relevant assets
Creating a scope document for KRITIS-relevant assets
Collecting and preparing evidence

Jan 2022 - Dec 2023

2 years

Project Consulting for 'ISALIP – Information Security Awareness, Literacy and Privacy'

Research Project

The project aimed to improve European citizens' readiness for the digital age. It addressed individual information security awareness, related skills, and risk management in professional and private contexts.

Building a network of experts from partner countries and across Europe
Project consulting on defining requirements, training and qualification profiles, and content topics in cybersecurity

Jan 2021 - Dec 2022

2 years

Germany

Development and implementation of BSI IT-Grundschutz projects

State administration

Developed and implemented multiple BSI IT-Grundschutz projects for state ministries in North Rhine-Westphalia and for federal agencies.

Jan 2021 - Dec 2022

2 years

Introduction of BSI IT-Grundschutz

Public sector

Introduced BSI IT-Grundschutz within a joint, coordinated maritime security operations center.

Jan 2020 - Dec 2022

3 years

Manager with power of attorney

Big4 Consulting

Project manager for the introduction and maintenance of a quality management system according to ISO 9001 for consulting, auditing, and training in information security, risk management, data protection, and BCM
Transition manager for the team transition of 120 employees
Key expert for OT security and general advisor on technical aspects of cybersecurity in the energy sector and other industries

Jan 2020 - Dec 2022

3 years

Project manager for the technical implementation of a cyber security program in the OT area

DAX-listed chemical industry group

Technical implementation of a cyber security program in the OT area for the company's global sites.

Network scanning
Vulnerability management
Access management
Endpoint protection
Asset management
Awareness and tactical planning of further measures to improve cyber security maturity

Jan 2020 - Dec 2022

3 years

Lead for data protection assessments as part of the Microsoft Supplier Security and Privacy Assurance (SSPA) program

Digital company

Jan 2020 - Dec 2022

3 years

Technical Lead for the Implementation of ISO 27001

Mechanical Engineering

Technical Lead for the implementation of ISO 27001 at a former DAX-listed precision engineering company and a world-leading manufacturer of sheet-fed offset printing machines.

Jan 2017 - Dec 2020

4 years

Information Security Officer (ISO)

International TSO

Support in requirements engineering and technical implementation for the OneDMS document management system
Management of organizational change to develop a cybersecurity interface (policy development, implementation of technical requirements, awareness training, ticket management, supporting business projects in relation to cybersecurity aspects and requirements)
Management of internal and external audits as well as supplier audits according to ISO 27001, ISO 27002, and ISO 27019 (based on the IT security catalog)
Supporting the CISO, assessing protection requirements, and monitoring cybersecurity aspects for IT and OT

Jan 2017 - Dec 2018

2 years

Senior Consultant

Consulting Company

Implementation of ISMS and GDPR-based PMS in subsidiaries of a consulting firm (500+ employees), consultant for ISO 27001-based ISMS and GDPR

Jan 2017 - Dec 2018

2 years

Project Lead

Research & Development

Study on 'ISMS in the Energy Sector 2018'
In-house implementation of GDPR and ITIL-oriented services

Jan 2017 - Dec 2018

2 years

Senior Consultant

Real Estate Startup

Implementation of an ISMS based on ISO 27001 in a property management company

Jan 2017 - Dec 2018

2 years

Senior Consultant

Municipal Supply and Transport Company

Support for the Group CISO in governance, processes and awareness, incident management, strategic management, and technical issues in the energy sector

Jan 2015 - Dec 2017

3 years

Bayreuth, Germany

Postdoc

University of Bayreuth, Chair of Innovation & Marketing

Industry study on “ISMS in the energy sector” with Energieforen Leipzig
Public study on the EU regulation on digital content to protect consumers (Bavarian State Ministry for the Environment and Consumer Protection)

Jan 2009 - Dec 2017

9 years

Cottbus, Germany

Doctoral Candidate

Brandenburg University of Technology Cottbus, Chair of Marketing and Innovation Management

Study on location management to overcome vacancies in industrial parks in the Lusatia energy region. Commissioned by Vattenfall Europe Generation AG and the Lusatia Spreewald Energy Region
Market analysis of the Bavarian, Brandenburg and Saxon tourism markets to derive suitable market entry strategies
Fundraising for the '20 Years of Brandenburg University of Technology Cottbus' event
Lectures on eBusiness, international marketing, and market-oriented product development

Jan 2009 - Dec 2015

7 years

Innovation Lead

IHP GmbH – Innovation for High-Performance Microelectronics

Innovation management for the “Enhanced Security for Critical Infrastructures” project and project lead for R&D in information security for critical infrastructures (KRITIS) focusing on “Security in Sensor Networks”
Requirements engineering with IC-104, PROFINET, Profibus and other fieldbus communications to prepare for implementation in IDS/IPS
Drafted multiple research proposals on topics including 5G for tactile internet applications, information security architecture in future automotive developments, communication protocols and real-time requirements for information security in industrial applications
Conducted various workshops with the BSI, BMI and BBK on UP-KRITIS, LÜKEX and KRITIS

Jan 2007 - Dec 2009

3 years

Technical Associate

Fraunhofer Application Center for Logistics Management ALI and Information Systems

Part of the Fraunhofer Institute for Material Flow and Logistics IML.

Implementing real-time tracking systems in complex industrial environments with Ubisense
Assessment of physical security at Sheremetyevo Cargo Airport Moscow, Russia
User support for Fraunhofer Public Key Infrastructure
Application development for a digital medical history for online and offline use by emergency services using .NET/C#/HTML and PRINCE2 (ADAC)
Development and promotion of an EU-wide injury database (IDB)
Event management for the “Night of Creative Minds” – a science roadshow
Organizational and technical assistance at the associated Chair of Industrial IT

Jan 2005 - Dec 2009

5 years

Cottbus, Germany

Founder

PC-Hilfe Cottbus

Various office IT projects at client sites: websites, marketing and web design projects
Installation and maintenance of infrastructure and IT solutions in the tourism sector, e.g., implementation of Amadeus (Sabre) and Bistro Portal
Custom software development in the insurance sector
Various services in the field of information security

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Energy, Information Technology, Manufacturing, Tourism, Education, and Transportation.

Energy

Information Technology

Manufacturing

Tourism

Education

Transportation

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Project Management, Information Technology, Research and Development, Marketing, Strategy, and Product Development.

Project Management

Information Technology

Research and Development

Marketing

Strategy

Product Development

Summary

ad2b-solutions GmbH protects companies in the supply chain of critical infrastructures from cyber security incidents, production outages, and personal liability cases. To do this, organization-appropriate management systems are developed, certified, and continuously improved based on established standards. This covers information security, dealing with artificial intelligence (AI), and IT project management in general.

Example requirements for using a management system come from the following topics:

Cyber security according to ISO 27001, IEC 62443, and BSI IT-Grundschutz, data protection according to ISO 27001, quality management according to ISO 9001, business continuity management according to ISO 22301, risk management according to ISO 27005 and ISO 31000.
Project management according to PRINCE2, SCRUM, agile Stage Gate, lead user, and open innovation, also considering established ITIL processes.

Under the brand prelead, innovation management in the field of information security is methodically combined. This leads to the introduction and maintenance of information security while ensuring user-friendliness.

"Cyber Security as Enabler" helps to develop processes, optimize the entire organization, and align new projects from the start with requirements from regulations, market standards, and customers.

By implementing the practical prelead method, the right customer requirements are met. This avoids costly rework and lack of compliance in target markets.

Skills

Certified Cyber Security Auditor Isa/iec 62443 (Ccsa) (Ul)
Certified Cyber Security Professional Iec 62443 (Ccsp) (Ul)
Certified Information System Security Professional (Cissp) (Isc2)
Certified Program Management Professional (Pgmp) Candidate (Pmmi)
Certified Information Security Manager (Cism)
Quality Systems Manager By German Society For Quality (Dgq)
Bsi-certified It Baseline Protection Consultant
Certified Senior Lead Auditor Iso 27001 (Pecb)
Certified It-service Management (Itil)
Certified Itil It-service Management Expert (Pwc Certification Services)
Certified Data Protection Officer (Pwc Certification Services)
Leading Across A Distance (Quadriga)
Certified Ethical Hacking And Countermeasures (Ceh)
Prince2 And Itil-related Project Management (Maxpert)
Various Workshops On Critical Infrastructures By The German Society For Computer Science (Gi)
Certified Scrum Master (Ismf)
Leadership At A Distance (Quadriga) And In Projects And Project Management Iso 21500 (Tiba)

Languages

German

Native

English

Advanced

Education

Oct 2009 - Jun 2017

Brandenburg University of Technology Cottbus

Dr. rer. pol., The Preference-Driven Lead User Method for New Product Development · Cottbus, Germany

Brandenburg University of Technology Cottbus

eBusiness program, specialization: application and operation of eBusiness systems · eBusiness · Cottbus, Germany

Certifications & licenses

BSI-certified IT baseline protection consultant

Certified Cyber Security Auditor ISA/IEC 62443

Certified Cyber Security Professional IEC 62443 (CCSP)

pwc Certification Services

Certified Ethical Hacking And Countermeasures (CEH) Candidate

PMMI

Certified IT-Service Management (ITIL) (CCSA) (UL)

Certified ITIL IT-Service Management Expert

Certified Information Security Manager (CISM)

Certified Information System Security Professional (CISSP)

pwc Certification Services

Certified Program Management Professional (PgMP)

Leadership at a Distance

Quadriga

Leading Across a Distance

quadriga

PRINCE2 And ITIL-related Project Management

maxpert

Project Management ISO 21500

TiBa

Quality Systems Manager

DGQ

Certified data protection officer

Certified SCRUM Master

ISMF

Certified Senior Lead Auditor ISO 27001

PECB

Statistics

Experience

Total positions 26

Experience in Energy 17 y

Avg length 2 y 10 m

Longest experience 8 y 11 m

Global Experience

Countries worked in 1 (Germany)

Primary country Germany

Expertise

Recent roles Lead Audit Conformity & IT Security Catalog, External information security officer, Lead of the Workstream Log Collection, Extraction & Aggregation for enabling a SIEM according to SzA

Main industries Energy, Information Technology, Manufacturing

Main business areas Project Management, Information Technology, Research and Development

Qualifications

Highest degree Doctorate

Certifications earned 17

Profile

Created

December 2025

Last Update

May 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Alexander based?

Alexander is based in Bayreuth, Germany and can operate in on-site, hybrid, and remote work models.

What languages does Alexander speak?

Alexander speaks the following languages: German (Native), English (Advanced).

How many years of experience does Alexander have?

Alexander has at least 21 years of experience. During this time, Alexander has worked in at least 24 different roles and for 26 different companies. The average length of individual experience is 1 year and 10 months. Note that Alexander may not have shared all experience and actually has more experience.

What roles would Alexander be best suited for?

Based on recent experience, Alexander would be well-suited for roles such as: Lead Audit Conformity & IT Security Catalog, External information security officer, Lead of the Workstream Log Collection, Extraction & Aggregation for enabling a SIEM according to SzA.

What is Alexander's latest experience?

Alexander's most recent position is Lead Audit Conformity & IT Security Catalog at DAX group energy provider in the renewable energy sector.

What companies has Alexander worked for in recent years?

In recent years, Alexander has worked for DAX group energy provider in the renewable energy sector, E-commerce and closed-loop provider, Critical infrastructure in international energy supply, Mechanical engineering, and International mobility provider.

Which industries is Alexander most experienced in?

Alexander is most experienced in industries like Energy, Information Technology, and Tourism. Alexander also has some experience in Manufacturing, Education, and Transportation.

Which business areas is Alexander most experienced in?

Alexander is most experienced in business areas like Project Management, Information Technology, and Research and Development. Alexander also has some experience in Marketing, Product Development, and Strategy.

Which industries has Alexander worked in recently?

Alexander has recently worked in industries like Energy, Manufacturing, and Information Technology.

Which business areas has Alexander worked in recently?

Alexander has recently worked in business areas like Audit, Information Technology, and Quality Assurance.

What is Alexander's education?

Alexander holds a Doctorate from Brandenburg University of Technology Cottbus.

Does Alexander have any certificates?

Alexander has 17 certificates. Among them, these include: BSI-certified IT baseline protection consultant, Certified Cyber Security Auditor ISA/IEC 62443, and Certified Cyber Security Professional IEC 62443 (CCSP).

What is the availability of Alexander?

Alexander is immediately available part-time for suitable projects.

What is the rate of Alexander?

Alexander's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.