Kerim Tvrtkovic - Senior Cybersecurity Professional

Q: Where is Kerim based?

Kerim is based in Sankt Augustin, Germany .

Q: What languages does Kerim speak?

Kerim speaks the following languages: German (Native), English (Advanced) .

Q: How many years of experience does Kerim have?

Kerim has at least 12 years of experience. During this time, Kerim has worked in at least 4 different roles and for 4 different companies . The average length of individual experience is 3 years . Note that Kerim may not have shared all experience and actually has more experience.

Q: What is Kerim's latest experience?

Kerim's most recent position is Head of Cybersecurity Audit and Advisory at Henkel Chemicals .

Q: What companies has Kerim worked for in recent years?

In recent years, Kerim has worked for Henkel Chemicals , Freelance , and DHL Group .

Q: Which industries is Kerim most experienced in?

Kerim is most experienced in industries like Transportation , Energy , and Chemical . Kerim also has some experience in Professional Services .

Q: Which business areas is Kerim most experienced in?

Kerim is most experienced in business areas like Information Technology and Audit .

Q: Which industries has Kerim worked in recently?

Kerim has recently worked in industries like Transportation , Energy , and Chemical .

Q: Which business areas has Kerim worked in recently?

Kerim has recently worked in business areas like Information Technology and Audit .

Recommended expert

Sankt Augustin, Germany

Experience

Nov 2023 - Mar 2025

1 year 5 months

Düsseldorf, Germany

Head of Cybersecurity Audit and Advisory

Henkel Chemicals

Directed global IT and cybersecurity audit and advisory engagements, steering cross-functional teams across multiple regions and business units.
Provided strategic advisory to senior management, interacting with stakeholders and communicating with relevant departments on the second line of defense.
Evaluated risks for strategic developments and emerging technologies and designed security assessment approaches for ISMS, DevOps, automation tools, cloud services, SAP Cloud, web application security, and vulnerability management.
Provided training to the team and other relevant staff on IT and cybersecurity audit practices and standards.

Jul 2023 - Present

2 years 9 months

Hybrid

Cybersecurity Management Consultant (IT/OT)

Freelance

Led the implementation of an ISMS aligned with the BNetzA IT Security Catalogue, achieving regulatory compliance for an energy company.
Supported regulatory audit readiness initiatives by structuring evidence collection processes, aligning IT controls with supervisory expectations, and tracking remediation measures to closure.
Conducted an IEC 62443-based OT security assessment for a rail logistics company, identifying critical control gaps and defining a target security architecture roadmap prioritized by risk and operational impact.
Designed and implemented an IT emergency and recovery framework for AWS-based platforms, improving incident response coordination and strengthening operational resilience capabilities.

Mar 2015 - Oct 2023

8 years 8 months

Bonn, Germany

Senior Manager IT Audits

DHL Group

Held end-to-end responsibility for all IT audit projects including stakeholder management and audit topic alignment.
Focused on cybersecurity areas such as Privileged Access Management (PAM), technical threat and vulnerability assessments, web application security, and cloud security.
Identified and evaluated strategic IT risks for the DHL Group and defined IT audit plans.
Presented at conferences of the German Institute of Internal Auditors (DIIR).
Led and managed audit teams for various internal IT audits.
Developed risk and compliance-based audit programs for SAP ERP and HANA.
Presented audit findings and prepared audit reports.

Feb 2014 - Feb 2015

1 year 1 month

Cologne, Germany

Associate Security Consulting & IT Compliance

KPMG AG

Conducted IT audits for accounting-relevant IT systems within the scope of annual financial statement audits.
Audited archiving and email messaging systems according to regulatory requirements.
Provided consulting services for information security management systems according to ISO 27001 and business continuity management systems according to ISO 22301.

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Transportation, Energy, Chemical, and Professional Services.

Transportation

Energy

Chemical

Professional Services

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology and Audit.

Information Technology

Audit

Summary

Senior Cybersecurity & IT Audit Expert with over 10 years of experience in regulatory audit coordination, IT risk management, and operational resilience within international corporations and critical infrastructure environments. Specialized in regulatory compliance (DORA, NIS2, BAIT, EnWG, MaRisk, ISO 27001) as well as the coordination of complex audit and evidence collection processes involving internal and external auditors. Extensive experience in the structured implementation of ICT risk management, operational resilience frameworks, and third-party governance.

Skills

Cybersecurity & Isms: Design And Implementation Of Isms Aligned With Iso 27001, Bsi It-grundschutz And Nist; Regulatory Audit Readiness And Control Optimization.
It Governance, Risk & Compliance (Grc): It Risk Management And Regulatory Compliance (Kritis, Nis2, Dora, Bait, Vait, Marisk, Gdpr) In Regulated Environments.
Identity & Access Management: Privileged Access Management (Pam) And Identity Governance To Reduce Operational And Regulatory Risk.
Cloud Security: Azure And Sap Cloud Security Assessments, Governance Models And Control Enhancement.
Ot Security: Security Assessments And Resilience Improvement For Ics Environments (Scada, Plcs, Industrial Networks).
Operational Resilience & Itscm: Business Continuity, It Service Continuity And Disaster Recovery Governance.
Secure Development & Devsecops: Security-by-design In Ci/cd Pipelines (Sast, Dast, Sca, Owasp).
Third-party Risk & Service Governance: It Third-party Risk Assessments, Provider Oversight And Remediation Tracking.
Leadership & Talent Development: Steering Cross-functional Teams And Security Initiatives In Complex, Regulated Environments.

Languages

German

Native

English

Advanced

Education

Oct 2018 - Present

Fern Universität Hagen

Bachelor studies · Business Informatics · Hagen, Germany

Oct 2011 - Jan 2014

Bergische Universität Wuppertal

Master’s degree · Technology and Innovation Management · Wuppertal, Germany

Oct 2008 - Aug 2011

Hochschule Koblenz - RheinAhrCampus

Bachelor’s degree · Logistics, Supply Chain, and e-Business · Remagen, Germany

Certifications & licenses

Certified Information Systems Security Professional (CISSP)

Microsoft Azure Fundamentals (AZ 900)

Microsoft Security, Compliance, and Identity Fundamentals (SC 900)

Certified Information Systems Auditor (CISA)

Cobit® 5 Foundation

ISO 27001 Lead Auditor

Statistics

Experience

Total positions 4

Experience in Transportation 11 y

Avg length 3 y 5 m

Longest experience 8 y 7 m

Global Experience

Countries worked in 1 (Germany)

Primary country Germany

Expertise

Recent roles Head of Cybersecurity Audit and Advisory, Cybersecurity Management Consultant (IT/OT), Senior Manager IT Audits

Main industries Transportation, Energy, Chemical

Main business areas Information Technology, Audit

Qualifications

Highest degree Master

Certifications earned 6

Profile

Created

February 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Kerim based?

Kerim is based in Sankt Augustin, Germany.

What languages does Kerim speak?

Kerim speaks the following languages: German (Native), English (Advanced).

How many years of experience does Kerim have?

Kerim has at least 12 years of experience. During this time, Kerim has worked in at least 4 different roles and for 4 different companies. The average length of individual experience is 3 years. Note that Kerim may not have shared all experience and actually has more experience.

What roles would Kerim be best suited for?

Based on recent experience, Kerim would be well-suited for roles such as: Head of Cybersecurity Audit and Advisory, Cybersecurity Management Consultant (IT/OT), Senior Manager IT Audits.

What is Kerim's latest experience?

Kerim's most recent position is Head of Cybersecurity Audit and Advisory at Henkel Chemicals.

What companies has Kerim worked for in recent years?

In recent years, Kerim has worked for Henkel Chemicals, Freelance, and DHL Group.

Which industries is Kerim most experienced in?

Kerim is most experienced in industries like Transportation, Energy, and Chemical. Kerim also has some experience in Professional Services.

Which business areas is Kerim most experienced in?

Kerim is most experienced in business areas like Information Technology and Audit.

Which industries has Kerim worked in recently?

Kerim has recently worked in industries like Transportation, Energy, and Chemical.

Which business areas has Kerim worked in recently?

Kerim has recently worked in business areas like Information Technology and Audit.

What is Kerim's education?

Kerim holds a Master in Technology and Innovation Management from Bergische Universität Wuppertal, a Bachelor in Business Informatics from Fern Universität Hagen and a Bachelor in Logistics, Supply Chain, and e-Business from Hochschule Koblenz - RheinAhrCampus.

Does Kerim have any certificates?

Kerim has 6 certificates. Among them, these include: Certified Information Systems Security Professional (CISSP), Microsoft Azure Fundamentals (AZ 900), Microsoft Security, Compliance, and and Identity Fundamentals (SC 900).

What is the availability of Kerim?

Kerim is immediately available full-time for suitable projects.

What is the rate of Kerim?

Kerim's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.