Descripción

I help organizations turn cybersecurity from a compliance burden into a business advantage.

As the Managing Director of ContrailRisks, a boutique cybersecurity and risk advisory firm based in Germany, I specialize in helping companies build clarity, direction, and resilience in their security strategy. My work bridges the gap between compliance frameworks and real-world implementation — ensuring that security programs are not only audit-ready but truly risk-informed and business-aligned.

I’ve spent over a decade working at the intersection of cybersecurity, risk management, and regulatory compliance across financial services, critical infrastructure, and technology sectors. Whether supporting a fintech with DORA or ISO 27001, a SaaS startup pursuing SOC 2, or a multinational improving governance and resilience, I bring a strategic yet pragmatic approach that prioritizes measurable outcomes and stakeholder confidence.

What I bring to the table:

Deep expertise in frameworks such as ISO 27001, ISO 42001, NIS2, DORA, SCF, and CMMC.
Proven track record designing and implementing security programs, risk registers, and GRC architectures.
Hands-on experience as a vCISO, helping organizations scale secure operations, governance, and culture.
Strong communication and executive alignment skills, translating technical risk into board-level clarity.

Typical projects:

vCISO engagements and cyber resilience assessments
ISO 27001 implementation and certification readiness
DORA, NIS2, and regulatory gap analysis
Security policy and control library design
Risk assessment, third-party risk, and incident response planning

My approach is simple: security should enable growth, not slow it down. I work as a trusted partner, not just a consultant, to help clients stay in control, compliant, and resilient in an evolving threat and regulatory landscape.

Ámbito de especialización en el sector

Idiomas

Inglés
Bilingüe o nativo
Italiano
Bilingüe o nativo
Español
Nociones

Preferencias de lugar de trabajo

Acepta trabajo presencial

Madrid (hasta 50 km)

Cyber Monks GmbH
Chief Information Security Officer
AGENCIAS DE SUBCONTRATACIÓN
septiembre de 2023 - marzo de 2026 (2 años y 6 meses)
Frankfurt, HE, Germany
Served as the first CISO, establishing the security vision and enterprise-wide program for a cloud-native, product-led SaaS. Elevated customer trust to accelerate revenue growth by enabling sales, marketing, and customer success teams. Defined strategic security priorities and represented the company externally as a thought leader. Drove modernization through DevSecOps adoption, embedding governance and security controls into CI/CD pipelines and Azure cloud infrastructure.
Security Leadership Cloud IAM IT-Security
ContrailRisks
Managing Director
CONSEJO & AUDITORÍA
noviembre de 2024 - Hoy (1 año y 7 meses)
Frankfurt, Germany
• Founded and lead a cybersecurity advisory firm focused on virtual CISO services for financial, SaaS, and critical infrastructure clients.
• Advise executive teams on cyber risk, regulatory compliance (DORA, NIS2, ISO 27001), and incident preparedness.
• Built and executed security programs from scratch, driving measurable maturity improvements.
• Delivered tailored risk assessments, policies, and cloud security guidance (AWS, Azure).
• Scaled the business through client acquisition, partnerships (Vanta, AWS, etc), and a network of senior consultants.
Cybersecurity IT-Security Security Leadership
Avanade
Group Manager
enero de 2023 - noviembre de 2024 (1 año y 10 meses)
Frankfurt, HE, Germany
• Oversaw a team of IAM and PAM consultants and specialists, ensuring high-quality delivery across multiple client engagements.
• Led both advisory and hands-on delivery of IAM/PAM solutions, aligning security and business priorities with Microsoft and partner technologies.
• Developed and scaled practice-wide IAM strategies, frameworks, and capability-building initiatives across regions.
• Managed executive-level client relationships, advising CxOs on security, identity governance, and Zero Trust adoption.
• Drove growth of Avanade's IAM offerings through presales, RFP's, and thought leadership, contributing to pipeline expansion.
• Aligned IAM initiatives with broader cybersecurity, compliance, and digital transformation programs to maximize client value.
• Recognized twice with the "Inspire Greatness" award for delivering high-impact cloud security training (AZ-900) to cross-European teams.