RST Beratung

• Contribute to the establishment and further development of data protection structures (Data Protection Management System - DSMS) and processes. • Serve as an appointed external Data Protection Officer for clients. • Implement and maintain documentation (e.g., Records of Processing Activities, policies, roles, pragmatic evidence of compliance). • Support DPIAs (Data Protection Impact Assessments): preparation, facilitation, and documentation. • Deliver training and awareness sessions aimed at making data protection understandable and embedding it sustainably in daily work. • Act as an interface with information/IT security and compliance: translate requirements between business, technical teams and regulators in a way that fits the audience. • Conduct privacy/data protection audits and/or accompany and support clients during inspections and assessments. • Participate in internal projects, structure and consolidate cross-cutting knowledge, and help evolve our consulting approach.

• Advising on the establishment and improvement of ISMS and BCMS across various industries and company sizes. • Advising on the integration and implementation of regulatory requirements such as the BSI Act, the KRITIS umbrella law, DORA (Digital Operational Resilience Act), and other standards. • Planning and conducting risk assessments and risk treatment with the aim of ensuring effective controllability (KPIs, roadmaps, prioritization). • Developing concepts and governance/rulebooks for clients in regulated sectors (KRITIS, NIS-2, KRITIS umbrella law). • Performing internal audits and preparing and supporting our clients for certification to ISO 27001 and/or TISAX. • Preparing and executing emergency/incident exercises. • Participating in internal projects, structuring our collective knowledge across the firm, and further developing our consulting approach.

• Advising on the setup and improvement of ISMS and BCMS across various industries and company sizes. • Advising on the integration and implementation of regulatory requirements from the BSI Act, the KRITIS umbrella law, DORA and other standards. • Planning and establishing risk analyses and risk treatment with the aim of effective controllability (KPIs, roadmaps, prioritization). • Developing concepts and policies for clients in regulated sectors (KRITIS, NIS-2, KRITIS umbrella law). • Conducting internal audits and preparing and supporting our clients during certification processes for ISO 27001 and/or TISAX. • Preparing and conducting emergency/exercise drills. • Participating in internal projects, organizing and structuring our collective knowledge, and further developing our consulting approach.

• Support the establishment and further development of data protection structures (data protection management system - DPMS) and related processes. • Serve as the appointed external Data Protection Officer (DPO). • Implement and maintain documentation (e.g., records of processing activities (ROPA), policies, roles, practical evidence). • Support Data Protection Impact Assessments (DSFA/DPIA): preparation, facilitation, and documentation. • Deliver training and awareness measures aimed at making data protection understandable and sustainably embedded in day-to-day work. • Act as an interface to information/IT security and compliance: translate requirements between business stakeholders, technical teams, and regulatory expectations in an audience-appropriate way. • Conduct data protection audits and/or accompany and support clients during audits and regulatory reviews. • Participate in internal projects, help structure cross-cutting knowledge, and contribute to the further development of our consulting approach.

• Mitarbeit beim Aufbau/Weiterentwicklung von Datenschutz-Strukturen (DSMS) und Prozessen. • Übernahme der Funktion als bestellter externer Datenschutzbeauftragter. • Umsetzung & Pflege von Dokumentation (z. B. Verzeichnis von Verarbeitungstätigkeiten, Richtlinien). • Unterstützung bei DSFA/DPIA: Vorbereitung, Moderation, Dokumentation. • Schulungen/Awareness mit dem Ziel, Datenschutz verständlich zu vermitteln. • Schnittstellen zu Informations-/IT-Sicherheit und Compliance. • Durchführung von Datenschutz-Audits.

• We're looking for experts like you who can develop and implement tailored strategies. • Contribute your expertise and help shape the following areas: establishment of management systems (information security, data protection, resilience and BCM). • Drafting and evaluating policies and security concepts, conducting risk analyses and preparing risk treatment measures. • Organizing and delivering awareness campaigns, workshops and training on information security and data protection. • Conducting audits and preparing for certification audits. • Performing vulnerability scans and penetration testing (pentesting). • Monitoring current legal developments related to information security and critical infrastructure as well as data protection aspects. • Applying business management methodologies and analyses, including PESTEL, KPI development, SWOT/opportunities-and-risks analyses, etc. • Preparing technical articles and presentations on relevant and current topics.