Abdul Ameti

Information Security Consultant specializing in ISO 27001, BSI C5, NIS2, and DORA compliance. Available for project-based engagements, internal audit consultancy, and end-to-end certification support. Proven track record delivering BSI C5 attestation, NIS2 gap assessments, and ISO 27001 implementation. Combines hands-on technical security operations (SIEM, Blue Team, SOC) with GRC leadership. Experienced in bridging technical security controls with regulatory requirements in hybrid cloud environments. Previously reported to CISOs and assumed CISO responsibilities ad interim.

Skills

Security Frameworks & Compliance

ISO 27001/27002
NIS2 Directive
BSI C5
DORA
GDPR
Risk Assessment
Security Audits
Policy Development

Blue Team & SOC Operations

SIEM (Splunk, Sentinel, Kibana)
Threat Detection & Response
Incident Handling
Log Analysis
Phishing Simulation
Security Awareness Training
Vulnerability Management
XDR Solutions

Security Tools & Technologies

Microsoft Defender
Microsoft Sentinel
Nessus Tenable
Nucleus
Palo Alto NGFW
Juniper SRX
CheckMK

Cloud Security

Microsoft Azure Security
Microsoft 365 Security
AWS Security
Google Cloud Security
Cloud Compliance
Identity & Access Management

Infrastructure & DevSecOps

Linux Administration
Kubernetes
Terraform
Git
Jenkins
Python
VMware vSphere
Docker

Work Experience (5)

Aug 2024 - Current

IT Compliance Manager | Information Security Coordinator

Remote/Hybrid Germany

Full-time role focusing on BSI C5 attestation, NIS2 compliance, and cross-functional team coordination in SaaS agile development environments.

Spearheaded the successful attainment of BSI C5 attestation, demonstrating strong leadership and technical project management skills translating business requirements into tangible tech stack solutions
Participated in NIS2 scope evaluation and cross-mapped BSI C5 criteria and ISO27001 to identify the remaining gaps for its full implementation
Utilized technical expertise in SaaS agile development workflows to coordinate cross-functional teams and drive compliance initiatives
Bridged communication between technical and non-technical stakeholders, translating complex business compliance needs into actionable technical requirements
Authored the comprehensive system description and drafted key policies, SOPs, documentation, and controls to align with compliance standards
Overcame challenges related to tight deadlines by prioritizing the project with the sponsorship of senior management
Coordinated and delivered cross-departmental initiatives in Agile environments, ensuring compliance with timelines, budget constraints, and scope
Acted as the single point of contact (SPOC) for stakeholders across technical and business teams in multiple geographies
Contributed to the application of SDLC frameworks from requirements through design, testing, and deployment in security compliance and cloud migration projects
Conducted risk assessments and mitigation planning for regulatory and infrastructure initiatives

Aug 2023 - Aug 2024

Technical Security Consultant | Corporate Systems Security Administrator

Remote/Hybrid Germany & Belgium

Freelance role providing technical support for critical infrastructure security, SIEM integration, and compliance consulting.

Provided technical support for critical infrastructure security, including SIEM integration and configuration
Contributed to ISO 27001 reviews to ensure compliance with security standards
Managed Azure and Microsoft 365 corporate security, implementing XDR solutions and proactive measures against threats (Microsoft Sentinel, Splunk)
Implemented DORA for clients in the financial sector, coordinated and recommended in-depth evaluation of existing controls and mitigated gaps
Developed and maintained internal technical documentation: reports of status, SOPs, new how-tos or guidelines
Pivotal in evaluating and selecting security products to ensure solutions meet clients' needs
Was the Single Point of Contact (SPOC) for security inquiries
Streamlined workflows through automation with tools like Power Automate
Organized security awareness trainings, executed phishing simulation campaigns, and maintained technical knowledge base and SOPs

Sep 2022 - Aug 2023

Information Security Engineer | IT Operations Engineer

Oetker Digital

Freelance role in Berlin, Germany focusing on security awareness, vulnerability assessment, and DevSecOps collaboration.

Key contributor to the security team, responsible for increasing employee security levels and cyber awareness
Assessed the effectiveness of established countermeasures to present phishing attacks
Simulated attacks to identify possible vulnerabilities
Delivered comprehensive and insightful presentations on the results of phishing simulation attacks during All-hands meetings
Collaborated with the DevSecOps team to evaluate vulnerability monitoring procedures
Triaged false positives, analysed, and responded to security incidents
Used various SIEM tools to oversee threats and vulnerabilities and enhance filters and playbooks
Utilized technical expertise in SaaS agile development workflows to coordinate cross-functional teams and ensure milestone-based compliance delivery
Acted as the single point of contact for senior management and technical teams, bridging the gap between regulatory expectations and technical execution
Authored comprehensive system descriptions, drafted key policies and controls, and ensured alignment with compliance standards through structured SDLC practices
Proactively identified delivery risks and introduced contingency planning strategies to mitigate them

May 2021 - Aug 2022

IT Systems Administrator | Network and Security

Spark Networks

Systems administration role in Berlin, Germany managing Linux infrastructure, network security, and cloud services.

Installation, configuration, and administration of Linux solutions, including Ubuntu, Debian, and RedHat, as well as management of PostgreSQL databases and Apache/NGINX web servers
Highly proficient in setting up and maintaining email services using Postfix, collaboration platforms like Atlassian Jira Data Center and Confluence Data Center, and file sharing with NextCloud
Experienced in monitoring solutions such as CheckMK for network and system health
Expertly managed network and hardware infrastructure, including Juniper SRX and Palo Alto NGFW firewalls, HP and DELL switches, Aruba WiFi solutions, and HP Proliant and Fujitsu servers
Skilled in virtualization with VMware vSphere and Microsoft Hyper-V
Proficient in utilising storage solutions like HP MSA and Kaminario
Well-versed in Amazon Web Services (AWS) services such as EC2, EBS, EFS, VPC, S3, and FSx
Proven track record in planning and implementing new solutions to enhance security, reliability, and functionality across various services and platforms

Jan 2009 - May 2021

ICT Engineer | Support Coordinator

Stefanini EMEA | Easyfairs | European Commission | ING Bank | Orange

ICT support and coordination role in Brussels, Belgium working with major European organizations.

Coordinated communication across various teams in Belgium and across Europe; responsible for the roll-out of a new CRM implementation
Provided side-by-side mentorship for junior employees
Accurately documented security incidents via technical reports
Trouble-shooting and resolving technical issues occurred during important meetings with VIP users, such as the Chief of Staff of the European Commission
Devised workflow improvement initiatives, effective shortcuts, and new work methods
Actively contributed to workshops, presentations, meetings, and reports
Responsible for E2E follow-up of complex cases

Education (2)

2008 - 2011

Bachelor

Computer Science

Haute Ecole de la Ville de Liege

2008 - 2008

Certificate

CESS (Secondary Education Certificate)

ECSSA, Liege

Certificates

ISO 27001 Lead Implementer

PECB

ISO 27001 Lead Auditor

Mastermind

TWN DevOps/DevSecOps

TWN

Security Blue Team SOC Analyst

Security Blue Team

Languages

English

Fluent

French

Native speaker

Albanian

Native speaker

German

Intermediate (B1)

Spanish

Conversational