Markus Willems - KRITIS Consultant

Q: Where is Markus based?

Markus is based in Berlin, Germany and prefers 100% remote projects.

Q: What languages does Markus speak?

Markus speaks the following languages: German (Advanced), English (Advanced), French (Intermediate), Dutch (Elementary) .

Q: How many years of experience does Markus have?

Markus has at least 26 years of experience. During this time, Markus has worked in at least 48 different roles and for 54 different companies . The average length of individual experience is 4 months . Note that Markus may not have shared all experience and actually has more experience.

Q: What is Markus's latest experience?

Markus's most recent position is KRITIS Consultant at Oil Company .

Q: What companies has Markus worked for in recent years?

In recent years, Markus has worked for Oil Company , Medical Sector Software House , Software Service Provider , Investment Bank , and Investment House .

Q: Which industries is Markus most experienced in?

Markus is most experienced in industries like Government and Administration , Professional Services , and Information Technology . Markus also has some experience in Banking and Finance , Real Estate , and Transportation .

Q: Which business areas is Markus most experienced in?

Markus is most experienced in business areas like Information Technology , Legal , and Project Management . Markus also has some experience in Quality Assurance , Audit , and Operations .

Q: Which industries has Markus worked in recently?

Markus has recently worked in industries like Professional Services , Government and Administration , and Real Estate .

Q: Which business areas has Markus worked in recently?

Markus has recently worked in business areas like Legal , Information Technology , and Quality Assurance .

Recommended expert

Berlin, Germany

Experience

Mar 2025 - Dec 2025

10 months

KRITIS Consultant

Oil Company

Preparing an oil company for KRITIS auditing
KRITIS consulting
Creating necessary policies, processes, and guidelines in line with KRITIS requirements
Tools and methodologies used: ISO/IEC 27001, BSI IT Baseline Protection, KRITIS-V

Mar 2025 - Apr 2025

2 months

Consultant in BSI C5 Environment

Medical Sector Software House

Reviewing, correcting, and drafting policies and guidelines for BSI C5 certification
Coordinating the client on the path to certification

May 2024 - Dec 2025

1 year 8 months

Switzerland

ISMS Implementation Consultant

Software Service Provider

Implementing ISMS ISO/IEC 27001 at a software service provider in Switzerland
Drafting policies
Designing processes
Establishing the ISMS and reporting structures
Training staff

Mar 2024 - Aug 2024

6 months

Security Consultant

Investment Bank

Assisting an investment bank in implementing and meeting DORA requirements aligned with ISO 27001, as well as NIS2 and EU-CER, and IDW PS 951 for IT aspects

Feb 2024 - Present

2 years 2 months

Security Consultant

Investment House

Assisting an investment bank in implementing and meeting DORA requirements aligned with ISO 27001, as well as NIS2 and EU-CER, and IDW PS 951 for IT aspects

Jul 2023 - Oct 2024

1 year 4 months

Germany

IT Security Consultant

Public Authority

Development of security, risk, and emergency plans for a nationwide authority operating in multiple locations
Conducting data protection impact assessments and completing data protection concepts
Applying GDPR, BSI IT Baseline Protection 200-2, 200-3, ISO 27001, ISO 27005

Apr 2023 - Jun 2023

3 months

Cloud Security Consultant

Software and Hardware Manufacturer

Advising on C5 cloud security and BSI IT baseline protection security concepts according to BSI 200-2, 200-3
Creating a data protection impact assessment for the cloud platform
Technical concepts for backup, software programming, and technical analysis of Windows 10 systems in kiosk mode
Developing the data protection concept for the use of the cloud platform

Mar 2023 - Dec 2023

10 months

KRITIS Security Consultant

IT Service Provider for Highway Maintenance Departments

Revising documents according to KRITIS requirements
Revising and clarifying KRITIS-related documentation to prepare for the next audit (ISO 27001, BSI 200-1, 200-2, 200-3, 100-4, and 200-4)

Sep 2022 - Dec 2023

1 year 4 months

Switzerland

ISDS Officer

Swiss Federal Administration

Advising on IT baseline protection for the development of a new digitization platform for the Swiss Federal Administration
Applying the Swiss Data Protection Act

Jun 2022 - Mar 2023

10 months

KRITIS Security Consultant

Regional Transport Company

Revising documents according to KRITIS requirements to prepare for the next audit
Implementing the rules from EU-CER and NIS2

Apr 2022 - Dec 2025

3 years 9 months

ISO 27001 Security Consultant

Property Management Company

Preparation of a large property management company (approx. 60,000 residential units) according to ISO 27001 and BSI IT Basic Protection to achieve ISO 27001 certification
Coordination with data protection officers and development of data protection concepts
Consideration of requirements from NIS2 and EU-CER

Apr 2022 - Sep 2022

6 months

Berlin, Germany

Security Consultant

Bank

Review security concepts, SFO, policies and concepts to prepare for a §44 KWG audit
Standards: ISO 27001, KRITIS, BSI Basic Protection 200-(1,2,3,4), BAFIN, BAIT

Apr 2022 - May 2022

2 months

Cloud Security Consultant

Software Vendor

Development of security concepts for a software vendor
C5-Cloud-Security, BSI IT Basic Protection security concepts according to BSI 200-2, BSI 200-3
Preparation of a data protection impact assessment for the cloud platform (AWS, MS Azure, RegioIT Aachen)

Feb 2022 - Feb 2025

3 years 1 month

Switzerland

Security Consultant for ISDS Concepts

Swiss Federal Administration

Creation of information security and data protection concepts according to Si001 ICT Basic Protection for a government authority project in Switzerland in line with NCSC guidelines
Grouping of protection objects according to the NATO C3 taxonomy
Development of ISDS concepts for the test and production environment, and initial creation of the P042-Hi03 emergency plan for production
Adjustment of the ISDS concepts with all standard documents and deliverables for release planning
Creation of deliverables according to standard document P042 for extended protection requirements (Hi01 Schuban, RINA analysis, Information Protection Ordinance)
Analysis of individual procedures according to ICT Basic Protection P042-Hi01
Development of the Hi01 ISDS concept and Hi02 risk analysis according to ICT Basic Protection
Consulting project teams regarding ISDS requirements and gathering information from the specialist groups
Communication with the ISBO for timely approval of the ISDS
Communication with project management and creating schedules for the delivery of deliverables
Participation in planning meetings and planning deliveries per release
Support during tests and feedback of findings into the security concept

Jan 2022 - Mar 2022

3 months

Emergency Manager

Insurance Service Provider

Emergency management and development of an emergency plan for an insurance service provider
Standards: ISO 27005, ISO 31000, BSI 200-4

Nov 2021 - Dec 2021

2 months

IT Compliance Consultant

Bank

Review IT security documentation for the bank's large data center
Preparation for BaFin credit law §44 audit (BAIT, MARISK, ISO 27001, BSI IT Baseline Protection, GDPR)

Aug 2021 - Dec 2021

5 months

TISAX Security Consultant

Audit organization

Review documents and create policy to prepare for a TISAX audit

Jul 2021 - Dec 2021

6 months

Data Protection Consultant

Ministry

Data protection impact assessment (DPIA) for the introduction of electronic record keeping

Jun 2021 - Jul 2021

2 months

IT Security Consultant

University

IT security concept based on BSI IT Baseline Protection for introducing an overall management application
Security concept and risk analysis based on BSI IT Baseline Protection modules 200-2, 200-3, ISO 27001, ISO 27005

Apr 2021 - May 2021

2 months

IT Security Consultant

Charitable organization

IT security concept based on BSI IT Baseline Protection for a charitable organization with 60 locations
BSI IT Baseline Protection modules 200-2, 200-3, ISO 27001, ISO 27005

Mar 2021 - Jun 2021

4 months

Berlin, Germany

IT Security Architect

Startup

Designing an IT environment for a startup in the financial sector based on the Zero Trust Architecture model
Approach according to NIST 800-207 Zero Trust Architecture, PCI-DSS

Feb 2021 - Dec 2022

1 year 11 months

Germany

IT Security Consultant

Government Agency

Creating security, risk, and emergency plans for a nationwide government agency
Developing security concept, risk analysis, emergency plans, and data protection impact assessment

Jan 2021 - Jan 2021

1 month

Penetration Tester

Unknown Company

Penetration testing and vulnerability analysis for web applications and mobile apps (iOS/Android)
Advising on remediation strategies for discovered vulnerabilities
Focus: Security DevOps, ethical hacking, vulnerability analysis

Dec 2020 - Jan 2021

2 months

IT Security Architect

Medical Assessors

Creating an IT security concept for an application used by medical assessors
Security concept, risk analysis, and data protection impact assessment (GDPR, BSI IT Baseline Protection, ISO 27001)

Jul 2020 - Oct 2020

4 months

Interim Manager and Security Consultant

Bank

Reviewing and refining the security concept in preparation for an audit
Developing concepts and policies according to ISO 27001 and BSI IT Baseline Protection

Jun 2020 - Jun 2020

1 month

IT-Security Assessor

Manufacturing Company

Examination and assessment of the IT security settings of a medium-sized company
Optimization of IT security

May 2020 - Jun 2020

2 months

IT Security Consultant

Library Solution

Analysis of a library solution and creation of security concepts according to BSI IT-Grundschutz
Risk analysis and data protection impact assessment according to ISO 27005, ISO 31000, and GDPR
Conducting employee training
Cloud analysis (AWS and MS Azure) according to BSI IT-Grundschutz

Feb 2020 - Dec 2020

11 months

IT Security Subproject Lead

Public TV and Radio Broadcaster

Development of a network zoning concept to secure the IT environment
Creation of an IT security concept for the migration to a new security zone model
Mitigation of findings from penetration tests and vulnerability analyses
Forensic analysis and incident response

Jan 2020 - Jun 2020

6 months

Compliance Consultant

Bank

Preparation for ISO 27001 audit based on IT-Grundschutz
Migration from GS 15.EL to GS Compendium 2020
Tracking BaFin §44 KWG audit and formulating countermeasures
Analysis and optimization of the process landscape according to ITIL
Analysis of the CMDB i-doIT and cloud services

Nov 2019 - Nov 2019

1 month

Trainer

Unknown Company

Training on creating security concepts according to the BSI IT-Grundschutz Compendium
Topics: risk analysis, emergency planning, and concept development according to BSI 200-x and 100-4

Sep 2019 - Dec 2019

4 months

Berlin, Germany

ISO 27001 Consultant

Data Center

Creation of all relevant documents and pre-audits before ISO 27001 certification
Preparation for ISO 27001 certification based on the IT baseline protection compendium

Aug 2019 - Aug 2019

1 month

Incident Response Consultant

Financial Sector Company

Restoring IT operations after a cyber attack
Security analysis, pentest, and vulnerability assessment
Leading the emergency organization and communicating with management

Aug 2019 - Aug 2019

1 month

Security DevOps Consultant

IT Service Provider

Incident response after a cyber attack and restoring IT operations
Security analysis, pentest, and implementing recommendations
Coordinating internal and external service providers

Jun 2019 - Jul 2019

2 months

Incident Response Consultant

Manufacturing Company

Managing security incidents after a cyber attack
Security analysis, pentest, and practical implementation of countermeasures
Coordinating the emergency organization

Jun 2019 - Jul 2019

2 months

Incident Response Consultant

Logistics Company

Restoring IT operations after a cyber attack
Analyzing business security requirements and vulnerability assessment
Leading the emergency organization

May 2019 - May 2019

1 month

Data Protection Consultant

Large Architecture Firm

Setup of all GDPR-relevant documents and processes

Apr 2019 - Oct 2019

7 months

IT Security Concept Designer

University

Security concept for MS Windows Server 2016/2019 rollout, Office 365, and MS Azure
Review of existing processes and concepts for security incidents
Preparation of application documents for the staff council

Mar 2019 - Mar 2019

1 month

Incident Response Consultant

Facility Services Company

Restoring IT operations after a hacker attack
Penetration testing and implementation of security recommendations

Mar 2019 - Mar 2019

1 month

Incident Response Consultant

Clinic

Management of security incidents in healthcare after a hacker attack
Coordination of service providers to restore IT operations

Feb 2019 - Mar 2019

2 months

Incident Response Consultant

Mid-sized Consulting Firm

Security analysis and incident response after a hacker attack
Definition and implementation of mitigation measures

Apr 2018 - Present

8 years

Data Protection Consultant and External Data Protection Officer

Various clients

Advising on the EU GDPR for various clients

Jan 2018 - Mar 2019

1 year 3 months

IT Security and Process Consultant

Bank

Creation of security processes and review of existing processes
Design according to MaRisk and BAIT
Reviews and implementations within the SOC/SIEM of a bank data center
Standards considered: COBIT, ITIL, ISO 27001, PCI-DSS, BSI IT Baseline Protection, NIST, SOX

Nov 2017 - Dec 2017

2 months

Brandenburg, Germany

Security Concept Mentor

Municipality in Brandenburg

Tutoring and support in creating security concepts

Aug 2017 - Dec 2017

5 months

ISMS Consultant

University

Review and optimization of the ISMS
Development of measures based on BSI 200-x and EU GDPR

Jan 2017 - Nov 2017

11 months

Security Consultant

Unknown Company

Consulting based on BSI IT Baseline Protection for 3 projects of a program
Audit preparation according to ISO 27001 and PCI-DSS
IT security concept design and cloud security consulting

Jul 2016 - Dec 2017

1 year 6 months

Security Analyst

Transport sector

Security analysis, auditing, and creation of IT security concepts

Jun 2016 - Nov 2016

6 months

Security Analyst

Banking environment

BSI IT baseline protection consulting and optimization of measures in the web environment of a direct bank
Creation of operational concepts and manuals

Apr 2016 - Jul 2016

4 months

ISMS Consultant

University

Security analysis and ISMS implementation based on ISO 27001 and BSI 100-x

Jan 2016 - Sep 2016

9 months

Brandenburg, Germany

ISMS Consultant

Municipalities in Brandenburg

Security analysis and ISMS implementation for several municipalities
BSI IT baseline protection analysis and establishment of the ISMS

Sep 2015 - Jan 2016

5 months

Luxembourg

ITIL Process Consultant

Project RENITA

Process design and consulting for a digital radio network in the BORS environment
ITIL process design and Continual Service Improvement
Support during acceptance tests

Jan 2015 - Sep 2015

9 months

Switzerland

Security Auditor and Project Manager

Swiss Federal Authority

Security analysis and ISMS implementation according to ISO 27001 and COBIT
Project management of server migration to virtualize and secure the infrastructure
Methods used: HERMES 5, BSI IT-Grundschutz, NESSUS, WebInspect

Dec 2014 - Dec 2014

1 month

ISMS Auditor

Authority

Preparation for ISO 27001 certification and pre-certification audit according to BSI 100-x

Aug 2014 - Aug 2014

1 month

ISMS Auditor

Unknown Company

Preparation for ISO 27001 certification and execution of a pre-audit

Apr 2014 - May 2014

2 months

Switzerland

ISMS Auditor

Swiss Federal Administration

Preparation for ISO 27001 certification and pre-audit according to BSI 100-x

Jan 2013 - Dec 2014

2 years

Switzerland

Administrator and Project Manager

Swiss Federal Administration

Administration of a web platform on LAMP/SLES
Technical project manager for server migrations using HERMES 5

Jan 2012 - Dec 2012

1 year

Linux Administrator

Unknown Company

SLES administration of a large server farm (approx. 500 servers)
Security analysis and pen testing according to BSI Basic Protection

Jul 2009 - Dec 2011

2 years 6 months

Linux Administrator

Public Sector

Administration of a SLES-based server farm (approx. 800 servers)
Monitoring servers with Check_MK

Jan 2008 - Dec 2009

2 years

ITIL Consultant

Mid-sized Client

Continual service improvement of existing processes
Tools used: COBIT, ITIL, PRINCE2

Jan 2008 - Jun 2009

1 year 6 months

Subproject Manager

Government Environment

Creating the detailed migration plan as part of a nationwide migration

Jan 2007 - Dec 2007

1 year

Web Administrator

Banking Environment

Administration of a web platform using Apache Tomcat and Apache web server on SLES 9 and 10

Jul 2006 - Dec 2006

6 months

System Architect

Manufacturing Industry

Conceptual design of standardized Linux server systems on RedHat Linux

Mar 2006 - Jun 2006

4 months

Bern, Switzerland

Subproject Manager

SBB

Subproject management for a large-scale project at SBB

Jan 2005 - Dec 2005

1 year

Infrastructure Consultant

IT service provider

Migration of the infrastructure from NT 4.0 to Windows Server 2003
Creating high-level and detailed concepts for server migrations
Implementing Microsoft Operations Manager 2005

Feb 2004 - Nov 2005

1 year 10 months

Project Manager

Public sector environment

Project management of the complete migration of a public sector environment including client and server infrastructure

Oct 2003 - Feb 2004

5 months

Migration Specialist

Manufacturing Industry

Migration of a corporate network to Windows Server 2003 and Windows XP
Virtualizing services with VMWare

Mar 2001 - Oct 2002

1 year 8 months

Trainer and Administrator

Training/Consulting Center

Trainer, Administrator for Windows and Linux servers, Consultant and Coach

Dec 1999 - Mar 2001

1 year 4 months

Network Planner

Small and medium-sized companies

Project implementation, network planning, network installation and maintenance

Dec 1999 - Mar 2000

4 months

IT Support

Retailer

Network installation, delivery and on-site support

Apr 1999 - Dec 1999

9 months

Administrator

Student computer pool

Pool administration and consulting within an Office project

Jan 1999 - Aug 1999

8 months

Network Administrator

Adult Education Center

Administration of a training and production network

Jul 1998 - Aug 1998

2 months

IT Technician

Unknown Company

Setting up Linux servers on SuSE Linux
PC service and on-site support at customer sites

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Government and Administration, Professional Services, Information Technology, Banking and Finance, Real Estate, and Transportation.

Government and Administration

Professional Services

Information Technology

Banking and Finance

Real Estate

Transportation

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Legal, Project Management, Quality Assurance, Audit, and Operations.

Information Technology

Legal

Project Management

Quality Assurance

Audit

Operations

Skills

Itil Expert In Service Management
Iso 27001 Isms Auditor/lead Auditor
Kritis Auditor
Hermes Advanced Swiss Project Manager
Prince2 Practitioner
Managing Director
Data Protection Officer
Ai Consultant And Ai Manager
Ai Compliance
Ai Consulting And Ai Strategy
Nis2 Consulting
Cyber Resilience Act And Ai Act Consulting
Kritis Auditor And Consultant
Pentester, Ethical Hacker
It Forensics Expert
Expert Authorized To Produce Court-admissible Reports
Consultant For Mitigating Security Incidents, Recovery
Bsi Baseline Protection And Security Concepts Consultant
Nist Security Concepts Consultant
Iso 27001 Framework Consultant
Itil Consultant And Service Manager
Change Management, Incident And Problem Management, Release Management
Continual Service Improvement For Business Processes And Services
Designing And Optimizing Process Landscape
Measuring The Effectiveness Of End-to-end Business Processes
Process Implementation
Project Manager, Subproject Manager, And Program Management
Security Consultant And Auditor According To Iso 27001
Pre-analysis And Recommendation Of Measures To Achieve Iso 27001 Certification
Conducting Pre-audits And Audits According To Iso 27001
Analyzing Environments From A Security Perspective And Developing Countermeasures
Quality Management And Quality Assurance In Ongoing And Critical Projects
Business Analysis And Business Requirements Engineering
Service Design And Support In The Transition Phase
Service Level Management, Operational Level Management, And Agreements
Incident And Problem Management
All Activities Within The Itil Environment Across All Itil Processes
Interim Management Of It Departments
Preparing Legally Sound It Forensic Reports
Pentesting (Ethical Hacking) Of It Environments As Part Of Vulnerability Assessments
Consulting On All Implementation Aspects Of The Eu Gdpr (General Data Protection Regulation)
Data Protection Officer

Languages

German

Advanced

English

Advanced

French

Intermediate

Dutch

Elementary

Certifications & licenses

Auditor according to §8a BSiG (KRITIS Auditor and Consultant)

BSI Practitioner

Cert. Ethical Hacker

Cert. Forensics Professional

CIO Compliance and Integrity Officer

Compliance and Integrity Officer

Data Protection Officer

Hermes Adv. Swiss Project Manager

Hermes Advanced Project Manager

Hermes Hsptp

ISO 27001 ISMS Auditor/ISMS Lead Auditor

ISO/IEC 42001

ISO27001 Auditor/Lead Auditor

IT Forensics Certified Specialist (ICT Forensics, Incident Response & IT Law)

ITIL Expert in Service Management

ITIL Expert V3

AI Manager

KRITIS Auditor and Consultant

Linux Professional Institute LPIC Level 2

Lpic3

McdbA

MCSE Security and Messaging

Mct

Microsoft Certified Database Administrator

Microsoft Certified Systems Administrator

Microsoft Certified Systems Administrator Messaging

Microsoft Certified Systems Administrator on Windows Server

Microsoft Certified Systems Administrator Security

Microsoft Certified Systems Engineer Security

Microsoft Certified Systems Engineer Windows

Microsoft Certified Trainer (MCT: 2002, 2003, 2004, 2005)

Microsoft ISA Server 2000 Certified

Offensive Security Certified Professional

PRINCE2 Practitioner

Red Hat Certified Engineer (RHCE)

Red Hat Certified Examiner (RHCX, currently inactive)

Red Hat Engineer and Examiner

Statistics

Experience

Total positions 71

Experience in Government and Administration 13 y

Avg length 9 m

Longest experience 7 y 11 m

Global Experience

Countries worked in 3 (Switzerland, Germany, Luxembourg)

Primary country Switzerland

Expertise

Recent roles KRITIS Consultant, Consultant in BSI C5 Environment, ISMS Implementation Consultant

Main industries Government and Administration, Professional Services, Information Technology

Main business areas Information Technology, Legal, Project Management

Qualifications

Certifications earned 37

Profile

Created

January 2025

Last Update

December 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Markus based?

Markus is based in Berlin, Germany and prefers 100% remote projects.

What languages does Markus speak?

Markus speaks the following languages: German (Advanced), English (Advanced), French (Intermediate), Dutch (Elementary).

How many years of experience does Markus have?

Markus has at least 26 years of experience. During this time, Markus has worked in at least 48 different roles and for 54 different companies. The average length of individual experience is 4 months. Note that Markus may not have shared all experience and actually has more experience.

What roles would Markus be best suited for?

Based on recent experience, Markus would be well-suited for roles such as: KRITIS Consultant, Consultant in BSI C5 Environment, ISMS Implementation Consultant.

What is Markus's latest experience?

Markus's most recent position is KRITIS Consultant at Oil Company.

What companies has Markus worked for in recent years?

In recent years, Markus has worked for Oil Company, Medical Sector Software House, Software Service Provider, Investment Bank, and Investment House.

Which industries is Markus most experienced in?

Markus is most experienced in industries like Government and Administration, Professional Services, and Information Technology. Markus also has some experience in Banking and Finance, Real Estate, and Transportation.

Which business areas is Markus most experienced in?

Markus is most experienced in business areas like Information Technology, Legal, and Project Management. Markus also has some experience in Quality Assurance, Audit, and Operations.

Which industries has Markus worked in recently?

Markus has recently worked in industries like Professional Services, Government and Administration, and Real Estate.

Which business areas has Markus worked in recently?

Markus has recently worked in business areas like Legal, Information Technology, and Quality Assurance.

Does Markus have any certificates?

Markus has 37 certificates. Among them, these include: Auditor according to §8a BSiG (KRITIS Auditor and Consultant), BSI Practitioner, and Cert. Ethical Hacker.

What is the availability of Markus?

Markus is immediately available full-time for suitable projects.

What is the rate of Markus?

Markus's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.