Andreas Rühl - Principal Consultant Information Security

Q: Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

Q: What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies . The average length of individual experience is 2 years and 7 months . Note that Andreas may not have shared all experience and actually has more experience.

Q: What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting .

Q: What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG .

Q: Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology , Professional Services , and Healthcare . Andreas also has some experience in Pharmaceutical , Metals and Mining , and Retail .

Q: Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology , Project Management , and Strategy . Andreas also has some experience in Customer Service , Audit , and Quality Assurance .

Q: Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology and Professional Services .

Q: Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology , Project Management , and Strategy .

Recommended expert

Berlin, Germany

Experience

Jan 2025 - Dec 2024

Germany

Freelance Information Security Consultant

A-R-C Andreas Rühl Consulting

Developing and implementing customized information security strategies
Introducing and further developing ISMS according to ISO 27001, BSI Baseline Protection and other standards
Risk management and creating security concepts
Advising on KRITIS, PCI DSS, TISAX and VdS 3473/10000
Establishing and optimizing security organizations
Creating and implementing policies, guidelines, work instructions and process descriptions
Audit support and certification preparation
Conducting training sessions, workshops and awareness campaigns
Selecting and advising on the implementation of IT security solutions such as SIEM, DLP, IDS/IPS, firewalls and encryption technologies
Conducting penetration tests and vulnerability analyses
Advising on the selection, integration and management of security architectures in complex IT landscapes
Consulting on ITSM, managed security services and SOC
Leading and managing complex projects to improve information security
Process analysis, optimization and management according to ITIL, ISO 27001 and cybernetics
Implementing and ensuring the quality of management, documentation and knowledge management systems
Supporting compliance with regulatory information security requirements (e.g., GDPR, HIPAA, SOX, GMP, KRITIS)
Developing and implementing risk analysis procedures
Organizing incident response, forensic investigations and organizational measures for security incidents
Designing and conducting targeted workshops on topics such as ISMS, IT risks and current threat scenarios
Awareness campaigns to promote a security culture within organizations
Special training on ISO 27001, BSI Baseline Protection, KRITIS and other relevant standards
Simulations and exercises to prepare for information security incidents
Interim management in leading information security projects or IT security organizations
Acting as an external CISO (Chief Information Security Officer)
Supporting the development and implementation of IT security and corporate strategies
Coaching and mentoring executives in information security
Building and leading security departments, including recruiting and qualifying staff
Temporary takeover of management responsibilities in critical situations

Jan 2019 - Dec 2024

6 years

Germany

Business Unit Manager Security Solutions / Technical Lead Information Security Consulting

Profi Engineering Systems AG

Setting up the Security Solutions business unit
Interacting with customer representatives from all functional areas
Technical leadership of the information security consulting team
Leading proposal and technical teams from initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions in escalations
Proactive communication and accountability for projects
Strategic development of topics with direct reporting to executive management
Development and coaching of team members
Leadership in terms of corporate culture
Developing and expanding the consulting offering
Project management and information security consulting
Developing ISMS and audit support
Consulting on B3S, NIS2, KRITIS, ISO 27001, BSI Baseline Protection, PCI DSS, VdS 3473, TISAX
Creating and implementing policies, work instructions, process descriptions, operational documentation and manuals
ITSM and process consulting
Advising on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting and selecting appropriate tools, processes and methods
Expanding the customer network and contributing to the business unit strategy
Acting as the customer contact for further questions and ensuring successful project implementation
Developing strategies and processes around IT staff deployment
Supporting the expansion of the managed services business area
Establishing the penetration testing business unit
Supporting departments in analyzing and uncovering potential for improved business process control
Recruiting staff and planning their further development and qualifications

Oct 2017 - Jan 2019

1 year 4 months

Germany

Principal Consultant Information Security

Profi Engineering Systems AG

Establishing information security consulting as a new service area
Interacting with customer representatives from all functional areas
Technical leadership of the information security consulting team
Leading proposal and technical teams from initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions in escalations
Proactive communication and accountability for projects
Strategic development of topics with direct reporting to executive management
Development and coaching of team members and other staff
Leadership in terms of corporate culture
Developing and expanding the consulting offering
Consulting on information security, project management, ISMS development and audit support
Advising on KRITIS, ISO 27001, BSI Baseline Protection, PCI DSS, VdS 3473
Creating and implementing policies, work instructions, process descriptions, operational documentation and manuals
ITSM and process consulting
Advising on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting
Selecting appropriate tools, processes and methods
Expanding the customer network and contributing to the business unit strategy
Acting as the customer contact for further questions and ensuring successful project implementation
Developing strategies and processes around IT staff deployment
Supporting the expansion of managed services
Supporting departments in analyzing and uncovering potential for improved business process control and preparing analysis results
Recruiting staff and planning their further development and qualifications

Jan 2016 - Apr 2017

1 year 4 months

Germany

Senior Specialist IT and Information Security

Klöckner und Co AG

Managing information security for the Klöckner Group
Establishing the information security organization and ISMS
Designing, planning and reviewing infrastructural measures and managing their implementation (IDS/IPS, SIEM, honeypots, firewalls)
Preparing and presenting information security topics to the executive board
Conducting information security audits
Performing penetration tests and vulnerability scans
Consulting and reporting on information and IT security
Process analysis, documentation and design, including adapting to security standards
Selecting, testing and implementing comprehensive security solutions
Conducting risk analyses according to ISO 27001 and developing custom risk analysis procedures
Creating and implementing an ISMS and related policies and guidelines
Structural analyses regarding information security
Project management for the introduction and implementation of information security policies
Acting as the information security officer
Coordinating and supervising contracted service providers
Forensic and organizational investigation of information security incidents and measures

Apr 2015 - Oct 2015

7 months

Germany

Senior Consultant, Auditor and IT Security Engineer Information Security

Kai Viehmeier Consulting GmbH

Advisor, board member and co-author of the VdS 3473 Cyber-Security guideline for SMEs
Creating and implementing ISMS for clients
Structural and organizational analyses of companies regarding information security and legal requirements
Process analysis, documentation and design, including adapting to security standards
Conducting information security audits
Performing penetration tests and vulnerability scans
Advising clients on information and IT security according to ISO 27001, BSI Baseline Protection and VdS 3473
Conducting risk analyses and developing custom risk analysis procedures
Project management for implementing and enforcing the requirements of VdS 3473
Acting as the information security officer
Configuring and installing Cisco-based network components

Nov 2013 - Mar 2015

1 year 5 months

Germany

Manager in the Quality and Training Team

Siemens Healthcare (ISK Personaldienstleistungs GmbH)

Project management for introducing new services and processes
Service quality management according to ITIL, ISO 27001, and ISO 9001: design and implementation of the ticket review process, conducting ticket reviews, statistics, analytics, reporting, initiating corrective and preventive actions
Employee training, certification, and testing
Document management according to ITIL, ISO 27001, and ISO 9001: design and implementation, management, and quality assurance of documents
Knowledge management according to ITIL, ISO 27001, and ISO 9001: design and implementation, management, and quality assurance of content
Process management according to ITIL, ISO 27001, and ISO 9001: recording, documentation, and improvement of various processes (incident, problem, change, knowledge management, employee training)

Jan 2012 - Jul 2013

1 year 7 months

Germany

Network Administration and IT Security Consultant

Pamec Papp Ingenieurgesellschaft

IT security consulting
Site-to-site VPN IPSec tunnel configuration and troubleshooting
Network configuration and troubleshooting in a global heterogeneous IT infrastructure with Cisco products
Firewall and perimeter administration (Cisco ASA, Checkpoint, FortiGate)
Network administration and support in customer networks (Cisco, Juniper, Huawei)
Technical application, service portal, and customer system support
ITIL v3 service operation and continual service improvement (CSI)
Multilingual 1st and 2nd level support in an ISO 27001 organization
Incident and problem management
Project management
Support and configuration of medical equipment (CT, MR, AS, HS, DICOM, HL7)
Syngo service software configuration and support
System management support and configuration based on HP OpenView and CA Unicenter
Information and data security concepts and principles: PHI/ePHI, HIPAA security standard
User and knowledge base management
Process recording, documentation, and optimization

Jul 2010 - Dec 2011

1 year 6 months

Austria

IT Security Manager Austria

Sandoz-Novartis International GmbH (Pidas GmbH)

IT security management consulting
Reporting to the CIO and CISO
Project management for IT infrastructure and IT security
Creation, review, and adjustment of processes, SOPs, and policies
Information security officer in Sandoz IT
Management of LAN, WAN connections, and perimeter security
Vulnerability management and penetration testing
Single point of contact for suppliers, service providers, and external companies
Antivirus and malware management
Process documentation, optimization, and implementation according to GxP, SOX, and ITIL
IT security incident and problem management
Forensics in case of attacks or infections
Management of cross-company IT and IT security incidents
Audits of third-party companies and partners
Encryption of storage media, network connections, and network storage
Adapting Sandoz systems for standards compliance in other environments
Consulting on hardware and software rollouts and execution
Consulting on the IT integration of EBEWE into Sandoz/Novartis systems
IT quality management
Training of the Sandoz help desk

Apr 2010 - Jul 2010

4 months

Germany

Remote

Project network and rollout engineer and network integration

HWS-Projekt-Engineering

In-house and remote support for hardware, software, peripheral, and network issues
Hardware and software rollouts
Active Directory administration and support
Software distribution and licensing

Dec 2009 - Jul 2010

8 months

Germany

Lecturer for construction and IT technology

Berufsförderungswerk Weißenburg

Teaching construction and IT technology topics
Developing teaching materials and practical exercises

Jun 2009 - Dec 2009

7 months

Germany

Remote

Project Network and System Engineer

Landesgewerbeanstalt (Staff Placement)

Guidance and training of additional project team members
In-house, remote, and phone support (2nd level) for hardware, software, peripheral, and network issues
Support and management of hardware and software rollouts
Migrating from Novell Directory Services to Active Directory during integration into the TÜV Rheinland Group
Troubleshooting and onboarding colleagues into processes
Network and user administration
Leading the rollout team

May 2008 - May 2009

1 year 1 month

Germany

Remote

Senior PC Technician Southern Germany, Consultant, and Acting Branch Manager

Arlt Computer GmbH Nürnberg

1st and 2nd level support (on-site and remote) for hardware, software, and network
Warranty handling with manufacturers
Installation, configuration, and repair of various operating systems (Windows XP, Vista, 2000, 98, Mac OS X, Linux)
Customer consulting and sales in network and server technology, hardware, software, internet technology, and multimedia
Working with the inventory management system
Internal knowledge transfer and information exchange using Novell GroupWise
Onboarding other technicians to internal processes
Acting branch manager (cash register balancing, inventory checks, staff management)

Sep 2003 - May 2008

4 years 9 months

Germany

IT/Network Technician and Consultant for Private Clients and SMEs

Self-employed

Network support and setup of TCP/IP networks and internet integration
Technical PC support: assembly, setup, expansion, upgrades, troubleshooting, and repair
IT consulting: procurement and upgrade of hardware, software, and security solutions
Management, creation, and organization of websites and web servers (Dreamweaver, Flash, Linux game servers)
Organization and technical support of LAN parties (10–50 participants)
Project management and leadership for integration and roll-out projects

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Information Technology, Professional Services, Healthcare, Metals and Mining, Pharmaceutical, and Retail.

Information Technology

Professional Services

Healthcare

Metals and Mining

Pharmaceutical

Retail

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Project Management, Strategy, Customer Service, Audit, and Quality Assurance.

Information Technology

Project Management

Strategy

Customer Service

Audit

Quality Assurance

Summary

With over 15 years of experience in information security, I help companies implement and optimize ISMS based on standards like ISO 27001. My focus is on developing and executing IT security strategies, information security audits and risk analyses to ensure security and compliance.

Currently, I work as an information security and cybersecurity consultant, advising clients on topics such as data protection (GDPR), TISAX and IT project management. With my expertise in leading teams, strategic business development and proactive communication, I contribute to creating sustainable security solutions.

Skills

Strategic Consulting And Project Management, Introducing Patch Management
Support In Setting Up Isms According To Bsi It Baseline Protection
Revising Data Center It Security
Introducing Identity And Asset Management
Revising And Implementing Isms According To German Standards When Entering The German Market
Security Review And Isms According To Vds 3473 And Implementing Isms
Implementing Iso 27001
Handling A Cyber Attack And Advising On Bafin Security Standards
Advising On Iso 27001 And It Security
Information Security Consulting
Building A Data Protection Management System
Revising Internal Guidelines For Critical Infrastructures (Kritis)
Revising Internal Guidelines In The Context Of Critical Infrastructures And Iso 27001
Market Analysis Of Siem And Monitoring
Handling An Information Security Incident By Closing Security Gaps
Advising On Gdpr When Introducing Cloud Solutions
Building An It Emergency Handbook
Cyber Security Attack
Designing And Documenting A Secure Backup Environment
Project Management Of It Security Projects
Consulting And Support For Tisax
Consulting And Project Management In Setting Up A Security Operations Center (Soc)
Consulting On Iso 27001 And Bsi It Baseline Protection In Software Development
Auditing Internal Processes And Parts Of The It Security Landscape
Principal Consultant Information Security

Languages

German

Native

English

Advanced

Education

Sep 2006 - Sep 2007

Georg-Simon-Ohm-Fachhochschule Nürnberg

Architecture · Nuremberg, Germany

Sep 2004 - Sep 2006

Georg-Simon-Ohm-Fachhochschule Nürnberg

Civil Engineering · Nuremberg, Germany

Sep 2003 - Sep 2004

Georg-Simon-Ohm-Fachhochschule Nürnberg

Electrical Engineering · Nuremberg, Germany

...and 6 more

Certifications & licenses

ISMS Officer – ISO 27001

VOREST AG

Cyber Security – Accredited as Auditor and Expert (VdS 3474 / VdS 3473)

VdS Schadenverhütung GmbH · Cologne, Germany

VdS Certified Cyber Security Consultant

VdS Schadenverhütung GmbH

Driving license classes: A and B

ITIL v3 Certificate

Statistics

Experience

Total positions 13

Experience in Information Technology 15.5 y

Avg length 1 y 7 m

Longest experience 5 y 11 m

Global Experience

Countries worked in 2 (Germany, Austria)

Primary country Germany

Expertise

Recent roles Freelance Information Security Consultant, Business Unit Manager Security Solutions / Technical Lead Information Security Consulting, Principal Consultant Information Security

Main industries Information Technology, Professional Services, Healthcare

Main business areas Information Technology, Project Management, Strategy

Qualifications

Highest degree Bachelor

Certifications earned 5

Profile

Created

March 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced).

How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies. The average length of individual experience is 2 years and 7 months. Note that Andreas may not have shared all experience and actually has more experience.

What roles would Andreas be best suited for?

Based on recent experience, Andreas would be well-suited for roles such as: Freelance Information Security Consultant, Business Unit Manager Security Solutions / Technical Lead Information Security Consulting, Principal Consultant Information Security.

What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting.

What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG.

Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology, Professional Services, and Healthcare. Andreas also has some experience in Pharmaceutical, Metals and Mining, and Retail.

Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology, Project Management, and Strategy. Andreas also has some experience in Customer Service, Audit, and Quality Assurance.

Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology and Professional Services.

Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology, Project Management, and Strategy.

What is Andreas's education?

Andreas holds a Bachelor in Civil Engineering from Georg-Simon-Ohm-Fachhochschule Nürnberg.

Does Andreas have any certificates?

Andreas has 5 certificates. Among them, these include: ISMS Officer – ISO 27001, Cyber Security – Accredited as Auditor and Expert (VdS 3474 / VdS 3473), and VdS Certified Cyber Security Consultant.

What is the availability of Andreas?

Andreas is immediately available full-time for suitable projects.

What is the rate of Andreas?

Andreas's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.