Andreas Rühl - Principal Information Security Consultant

Q: Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

Q: What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies . The average length of individual experience is 2 years and 7 months . Note that Andreas may not have shared all experience and actually has more experience.

Q: What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting .

Q: What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG .

Q: Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology , Professional Services , and Healthcare . Andreas also has some experience in Pharmaceutical , Metals and Mining , and Retail .

Q: Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology , Project Management , and Strategy . Andreas also has some experience in Customer Service , Audit , and Quality Assurance .

Q: Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology and Professional Services .

Q: Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology , Project Management , and Strategy .

Recommended expert

Berlin, Germany

Experience

Jan 2025 - Dec 2024

Germany

Freelance Information Security Consultant

A-R-C Andreas Rühl Consulting

Development and implementation of customized information security strategies
Introduction and continuous development of ISMS according to ISO 27001, BSI baseline protection, and other standards
Risk management and creation of security concepts
Consulting for KRITIS, PCI DSS, TISAX, and VdS 3473/10000
Establishment and optimization of security organizations
Creation and implementation of guidelines, policies, work instructions, and process descriptions
Audit support and certification preparation
Conducting training sessions, workshops, and awareness campaigns
Selection and consulting for the implementation of IT security solutions such as SIEM, DLP, IDS/IPS, firewalls, and encryption technologies
Conducting penetration tests and vulnerability assessments
Consulting on the selection, integration, and management of security architectures in complex IT environments
Advice on ITSM, managed security services, and SOC
Leading and managing complex projects to improve information security
Process analysis, optimization, and management based on ITIL, ISO 27001, and cybernetics
Introduction and quality assurance of management, documentation, and knowledge management systems
Support in meeting regulatory information security requirements (e.g., GDPR, HIPAA, SOX, GMP, KRITIS)
Development and implementation of risk analysis procedures
Coordination of initial response, forensic investigations, and organizational measures in security incidents
Design and delivery of targeted workshops on topics like ISMS, IT risks, and current threat scenarios
Awareness campaigns to promote a security culture in companies
Specialized training on ISO 27001, BSI baseline protection, KRITIS, and other relevant standards
Simulations and exercises to prepare for information security incidents
Interim management for leading information security projects or IT security organizations
Acting as an external CISO (Chief Information Security Officer)
Support in developing and implementing IT security and corporate strategies
Coaching and mentoring executives in information security
Building and leading security departments as well as recruiting and training staff
Temporary assumption of management responsibility in critical situations

Jan 2019 - Dec 2024

6 years

Germany

Business Unit Manager Security Solutions / Technical Lead Information Security Consulting

Profi Engineering Systems AG

Leading the establishment of the Security Solutions business unit
Interacting with client representatives from all functional areas
Technical leadership of the information security consulting team
Managing proposal and technical teams from initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions during escalations
Proactive communication and project ownership
Strategic development of topics with direct reporting to management
Development and coaching of team members
Leadership in line with corporate culture
Building and expanding the consulting service offerings
Project management and information security consulting
ISMS development and audit support
Consulting on B3S, NIS2, KRITIS, ISO 27001, BSI baseline protection, PCI DSS, VdS 3473, TISAX
Creating and implementing policies, work instructions, process descriptions, operational documentation, and manuals
ITSM and process consulting
Advising on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting and selection of suitable tools, processes, and methods
Expanding the customer network and contributing to the business unit strategy
Act as the customer contact for further inquiries and ensure successful project delivery
Developing strategies and processes around the deployment of IT staff
Supporting the growth of the managed services business
Establishing the penetration testing business unit
Supporting departments in analyzing and identifying potential improvements for business process control
Recruiting personnel and planning further development and qualification

Oct 2017 - Jan 2019

1 year 4 months

Germany

Principal Consultant Information Security

Profi Engineering Systems AG

Establishing information security consulting as a new service area
Interacting with client representatives from all functional areas
Technical leadership of the information security consulting team members
Managing proposal and technical teams from initial idea presentation through contract signing to project completion
Active involvement in presales
Finding solutions during escalations
Proactive communication and project ownership
Strategic development of topics with direct reporting to management
Development and coaching of team members and other staff
Leadership in line with corporate culture
Building and expanding the consulting service offerings
Information security consulting, project management, ISMS development, audit support
Consulting on KRITIS, ISO 27001, BSI baseline protection, PCI DSS, VdS 3473
Creating and implementing policies, work instructions, process descriptions, operational documentation, and manuals
ITSM and process consulting
Advising on IT and information security strategies and architectures
Conducting workshops and seminars
IT security technology consulting
Selecting suitable tools, processes, and methods
Expanding the customer network and contributing to the business unit strategy
Acting as the customer contact for further inquiries and ensuring successful project delivery
Developing strategies and processes around the deployment of IT staff
Supporting the expansion of managed services
Assisting departments in analyzing and uncovering potential improvements for better business process control and preparing analysis results
Recruiting personnel and planning further development and qualification

Jan 2016 - Apr 2017

1 year 4 months

Germany

Senior IT and Information Security Specialist

Klöckner und Co AG

Managed information security for the Klöckner Group
Established the information security organization and ISMS
Designed, planned, and reviewed infrastructure measures and managed implementation (IDS/IPS, SIEM, honeypots, firewalls)
Prepared and presented information security topics to the executive board
Conducted information security audits
Conducted penetration tests and vulnerability scans
Provided advice and reporting on information and IT security
Process analysis, documentation, and design, including adaptation to security standards
Selection, testing, and implementation of comprehensive security solutions
Performed risk analyses according to ISO 27001 and developed in-house risk analysis procedures
Created and implemented an ISMS and associated policies and guidelines
Conducted structural analyses related to information security
Project management for implementing information security policies
Served as the information security officer
Managed and supervised contracted service providers
Performed forensic and organizational investigations of information security incidents and measures

Apr 2015 - Oct 2015

7 months

Germany

Senior Consultant, Auditor, and IT Security Engineer in Information Security

Kai Viehmeier Consulting GmbH

Advisor, committee member, and co-author of the VdS 3473 Cyber-Security guideline for SMEs
Development and implementation of ISMS for clients
Structural and organizational analyses of companies regarding information security and legal requirements
Process analysis, documentation, and design, including adaptation to security standards
Conducting information security audits
Performing penetration tests and vulnerability scans
Advising clients on information and IT security according to ISO 27001, BSI baseline protection, and VdS 3473
Conducting risk analyses and developing in-house risk analysis procedures
Project management for implementing and meeting VdS 3473 requirements
Serving as the information security officer
Configuring and installing Cisco-based network components

Nov 2013 - Mar 2015

1 year 5 months

Germany

Manager in the Quality and Training Team

Siemens Healthcare (ISK Personaldienstaltungs GmbH)

Project management for projects introducing new services and processes
Service quality management according to ITIL, ISO 27001 and ISO 9001: design and implementation of the ticket review process, conducting ticket reviews, statistics, analytics, reporting, initiating corrective and preventive actions
Employee training, certification and examination
Document management according to ITIL, ISO 27001 and ISO 9001: design and implementation, administration and quality assurance of documents
Knowledge management according to ITIL, ISO 27001 and ISO 9001: design and implementation, administration and quality assurance of content
Process management according to ITIL, ISO 27001 and ISO 9001: capturing, documenting and improving various processes (incident, problem, change, knowledge management, employee training)

Jan 2012 - Jul 2013

1 year 7 months

Germany

Network administration and IT security consultant

Pamec Papp Ingenieurgesellschaft

IT security consulting
Site-to-site VPN IPsec tunnel configuration and troubleshooting
Network configuration and troubleshooting in a global heterogeneous IT infrastructure with Cisco products
Firewall and perimeter administration (Cisco ASA, Check Point, FortiGate)
Network administration and support in customer networks (Cisco, Juniper, Huawei)
Technical application, service portal and customer system support
ITIL v3 service operation and continual service improvement (CSI)
Multilingual 1st and 2nd level support in an ISO 27001 organization
Incident and problem management
Project management
Support and configuration of medical equipment (CT, MR, AS, HS, DICOM, HL7)
Syngo service software configuration and support
System management support and configuration based on HP OpenView and CA Unicenter
Information and data security concepts and principles; PHI/ePHI, HIPAA security standard
User and knowledge base management
Process capture, documentation and optimization

Jul 2010 - Dec 2011

1 year 6 months

Austria

IT Security Manager Austria

Sandoz-Novartis International GmbH (Pidas GmbH)

IT security management consulting
Reporting to CIO and CISO
Project management for IT infrastructure and IT security
Creation, review and adjustment of processes, SOPs and policies
Information security officer in Sandoz IT
Management of LAN, WAN connections and perimeter security
Vulnerability management and penetration testing
Single point of contact for suppliers, service providers and contractors
Antivirus and malware management
Process documentation, optimization and implementation according to GxP, SOX and ITIL
IT security incident and problem management
Forensics for attacks or infections
Management of cross-company IT and IT security incidents
Audits of third-party companies and partners
Encryption of data carriers, network connections and network storage
Adapting Sandoz systems for standards compliance in other environments
Consulting on hardware and software rollouts as well as execution
Consulting on IT integration of EBEWE into Sandoz/Novartis systems
IT quality management
Training the Sandoz helpdesk

Apr 2010 - Jul 2010

4 months

Germany

Remote

Network and rollout project engineer and network integration

HWS-Projekt-Engineering

In-house and remote support for hardware, software, peripheral and network issues
Hardware and software rollouts
Active Directory administration and support
Software distribution and licensing

Dec 2009 - Jul 2010

8 months

Germany

Instructor in construction and IT technology

Berufsförderungswerk Weißenburg

Teaching content on construction and IT technology
Developing teaching materials and practical exercises

Jun 2009 - Dec 2009

7 months

Germany

Remote

Project Network and System Engineer

Landesgewerbeanstalt (Staff Placement)

Guiding and training additional project team members
In-house, remote, and phone support (2nd level) for hardware, software, peripherals, and network issues
Overseeing and managing hardware and software rollouts
Migrating from Novell Directory Services to Active Directory as part of the integration into the TÜV Rheinland group
Troubleshooting and onboarding colleagues to processes
Network and user administration
Leading rollout teams

May 2008 - May 2009

1 year 1 month

Germany

Remote

Senior PC Technician South Germany, Consultant and Acting Branch Manager

Arlt Computer GmbH Nürnberg

1st and 2nd level support (on-site and remote) for hardware, software, and networking
Handling warranties with manufacturers
Installing, configuring, and repairing various operating systems (Windows XP, Vista, 2000, 98, Mac OS X, Linux)
Advising customers and selling network and server technology, hardware, software, internet technology, and multimedia
Working with the inventory management system
Internal knowledge transfer and information exchange using Novell GroupWise
Training other technicians in internal processes
Acting as branch manager (cash reconciliation, inventory checks, staff supervision)

Sep 2003 - May 2008

4 years 9 months

Germany

IT/Network Technician and Consultant for Private Clients and SMEs

Self-employed

Network maintenance and setup of TCP/IP networks and internet integration
Technical PC support: assembly, setup, expansion, upgrading, troubleshooting, and repair
IT consulting: procurement and expansion of hardware, software, and security solutions
Managing, creating, and organizing websites and web servers (Dreamweaver, Flash, Linux game servers)
Organizing and technical support for LAN parties (10–50 participants)
Project management and leadership for integration and rollout projects

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Information Technology, Professional Services, Healthcare, Metals and Mining, Pharmaceutical, and Retail.

Information Technology

Professional Services

Healthcare

Metals and Mining

Pharmaceutical

Retail

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Project Management, Strategy, Customer Service, Audit, and Quality Assurance.

Information Technology

Project Management

Strategy

Customer Service

Audit

Quality Assurance

Summary

With over 15 years of experience in information security, I help companies implement and optimize ISMS based on standards like ISO 27001. My focus is on developing and implementing IT security strategies, information security audits, and risk analyses to ensure security and compliance.

Currently, I work as an information security and cybersecurity consultant, advising clients on topics like data protection (GDPR), TISAX, and IT project management. With my expertise in leading teams, strategically developing business areas, and proactive communication, I contribute to creating sustainable security solutions.

Skills

Strategic Consulting And Project Management: Implementation Of Patch Management
Support In Building Isms Based On Bsi It Baseline Protection
Review Of Data Center It Security
Introduction Of Identity And Asset Management
Revision Of Isms And Implementation According To German Standards When Entering The German Market
Security Assessment And Isms According To Vds 3473 And Isms Implementation
Implementation Of Iso 27001
Handling A Cyberattack And Advising On Bafin Security Standards
Advisory Services For Iso 27001 And It Security
Information Security Consulting
Establishment Of A Data Protection Management System
Revision Of Internal Guidelines For Critical Infrastructures (Kritis)
Revision Of Internal Guidelines In The Context Of Kritis And Iso 27001
Market Analysis Of Siem And Monitoring Solutions
Managing An Information Security Incident And Closing Security Gaps
Gdpr Consulting For Cloud Solution Implementations
Development Of An It Emergency Handbook
Cybersecurity Incident Management
Designing And Documenting A Secure Backup Environment
Project Management Of It Security Projects
Tisax Consulting And Support
Consulting And Project Management For Setting Up A Security Operations Center (Soc)
Advice On Iso 27001 And Bsi It Baseline Protection In Software Development
Audit Of Internal Processes And Parts Of The It Security Landscape
Principal Consultant Information Security

Languages

German

Native

English

Advanced

Education

Sep 2006 - Sep 2007

Georg-Simon-Ohm University of Applied Sciences Nuremberg

Architecture · Nuremberg, Germany

Sep 2004 - Sep 2006

Georg-Simon-Ohm University of Applied Sciences Nuremberg

Civil Engineering · Nuremberg, Germany

Sep 2003 - Sep 2004

Georg-Simon-Ohm University of Applied Sciences Nuremberg

Electrical Engineering · Nuremberg, Germany

...and 6 more

Certifications & licenses

ISMS Officer – ISO 27001

VOREST AG

Cyber-Security – Accredited as Auditor and Expert (VdS 3474 / VdS 3473)

VdS Schadenverhütung GmbH · Cologne, Germany

VdS Certified Cyber Security Consultant

VdS Schadenverhütung GmbH

Driver's License Classes A and B

ITIL v3 Certificate

Statistics

Experience

Total positions 13

Experience in Information Technology 15.5 y

Avg length 1 y 7 m

Longest experience 5 y 11 m

Global Experience

Countries worked in 2 (Germany, Austria)

Primary country Germany

Expertise

Recent roles Freelance Information Security Consultant, Business Unit Manager Security Solutions / Technical Lead Information Security Consulting, Principal Consultant Information Security

Main industries Information Technology, Professional Services, Healthcare

Main business areas Information Technology, Project Management, Strategy

Qualifications

Highest degree Bachelor

Certifications earned 5

Profile

Created

March 2026

Last Update

March 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Andreas based?

Andreas is based in Berlin, Germany and prefers 100% remote projects.

What languages does Andreas speak?

Andreas speaks the following languages: German (Native), English (Advanced).

How many years of experience does Andreas have?

Andreas has at least 20 years of experience. During this time, Andreas has worked in at least 13 different roles and for 12 different companies. The average length of individual experience is 2 years and 7 months. Note that Andreas may not have shared all experience and actually has more experience.

What roles would Andreas be best suited for?

Based on recent experience, Andreas would be well-suited for roles such as: Freelance Information Security Consultant, Business Unit Manager Security Solutions / Technical Lead Information Security Consulting, Principal Consultant Information Security.

What is Andreas's latest experience?

Andreas's most recent position is Freelance Information Security Consultant at A-R-C Andreas Rühl Consulting.

What companies has Andreas worked for in recent years?

In recent years, Andreas has worked for A-R-C Andreas Rühl Consulting and Profi Engineering Systems AG.

Which industries is Andreas most experienced in?

Andreas is most experienced in industries like Information Technology, Professional Services, and Healthcare. Andreas also has some experience in Pharmaceutical, Metals and Mining, and Retail.

Which business areas is Andreas most experienced in?

Andreas is most experienced in business areas like Information Technology, Project Management, and Strategy. Andreas also has some experience in Customer Service, Audit, and Quality Assurance.

Which industries has Andreas worked in recently?

Andreas has recently worked in industries like Information Technology and Professional Services.

Which business areas has Andreas worked in recently?

Andreas has recently worked in business areas like Information Technology, Project Management, and Strategy.

What is Andreas's education?

Andreas holds a Bachelor in Civil Engineering from Georg-Simon-Ohm University of Applied Sciences Nuremberg.

Does Andreas have any certificates?

Andreas has 5 certificates. Among them, these include: ISMS Officer – ISO 27001, Cyber-Security – Accredited as Auditor and Expert (VdS 3474 / VdS 3473), and VdS Certified Cyber Security Consultant.

What is the availability of Andreas?

Andreas is immediately available full-time for suitable projects.

What is the rate of Andreas?

Andreas's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.