Information Security · Governance · Architecture

Seifeddine
Jeridi

Security Architecture · Risk Governance · Regulatory Compliance

Compliance does not create security — good security makes compliance inevitable. Lasting security is not built in tools, but in structure, ownership, and decisions made by people working together to protect what matters.

IT & Infrastructure Information Security Data Protection Risk & Compliance Security Governance Security Architecture

Get in Touch → About Me

Frankfurt · Germany

ISO 27001 Lead Auditor · ISO 42001 · CISM · CCSP · CEH · EU GDPR DPO · PMI-ACP

01 / About

A discipline, deliberately built

Experience

13+

Years across the discipline

Reach

GlobalInternational & multicultural environments

Current Role

Global Information Security
Management ArchitectNTT Data · Frankfurt

My path into information security was built deliberately, not by chance.

I started in IT and grew step by step into information security, data protection, compliance, and governance — the only way to understand security across every layer.

Over time, it became more than a profession — a discipline shaped by curiosity, responsibility, and continuous learning. I am driven by the need to understand how things work, where they fail, and how they can be made stronger, clearer, and more resilient.

I believe security is not built in tools — it is built in structure, ownership, and decisions. Lasting security comes from shared responsibility, clear ownership, and people working together through how they think and act.

02 / Expertise

Where I deliver

⬡

Security Architecture & ISMS

End-to-end ISMS design aligned to ISO 27001, NIST, and CIS. Gap assessments, SoA management, internal and external audit, and remediation planning across complex multi-region environments.

◇

Risk, Governance & Compliance

Enterprise risk, third-party risk, BCP/DR, and security governance. Regulatory expertise across ISO 27001, DORA, NIS2, TISAX, BSI, CRA, and GDPR — turning obligations into operational programmes.

▣

IT, OT & Infrastructure Security

Hands-on background in IT infrastructure, endpoint and network security, and cloud. OT/IT convergence, ICS/SCADA awareness, critical infrastructure protection under BSI IT-SiKat §11 EnWG and BSIG §8a/§8b.

⬜

AI, Emerging Tech & Offensive Security

ISO 42001 Lead Auditor and Implementer — AI governance and risk management. Adversarial ML threat modelling, ethical hacking, penetration testing, and emerging threat landscape assessment.

○

Executive Advisory & Communication

C-suite security posture dashboards, board presentations, maturity heatmaps, and KPI frameworks that translate technical risk into business decisions. Making security understandable at every level.

◉

Leadership & Programme Management

Team leadership across global multicultural environments. Headcount, performance, and conflict management. Programme and budget planning. Certified Agile Leader (IHK), Harvard Leadership Accelerator, PMI-ACP.

03 / Credentials

Validated by certification

13 years of progressive depth across every information security domain — from hands-on IT engineering to enterprise ISMS architecture. Each domain represents years of practical delivery, validated by recognised certification.

Cyber Resilience & Compliance

ISMS Design · Audit · Risk Governance

ISO/IEC 27001:2022 programme architecture, gap assessments, SoA management, internal and external audit, regulatory alignment across DORA · NIS2 · TISAX · BSI.

Certified: IRCA ISO 27001 Lead Auditor · ISO 27001 Internal Auditor · EU GDPR DPO

AI Security & Emerging Tech

AI Governance · Adversarial ML · AI Risk

Designing AI Management Systems aligned to ISO 42001 — governance frameworks for responsible AI. Adversarial machine learning threat modelling and countermeasures.

Certified: ISO 42001 Lead Auditor · ISO 42001 Lead Implementer · HiddenLayer Adversarial ML

Offensive Security & Ethical Hacking

Penetration Testing · Threat Modelling

Ethical hacking methodology, vulnerability assessments, penetration testing (network, application, cloud), STRIDE threat modelling, red team exercise facilitation.

Certified: CEH EC-Council · CompTIA Security+ · Post-Grad Cyber Security (MIT · EC-Council)

Cloud & Infrastructure Security

Cloud Security · Zero Trust · IAM

Cloud security architecture across multi-cloud environments, Zero Trust framework implementation, identity and access management, endpoint security, Microsoft Intune.

Certified: CCSP · ISC² Certified in Cybersecurity (CC) · CISSP training

IT Governance & Management

ITIL · Service Mgmt · Agile Leadership

IT service management and operational excellence, agile programme delivery, KPI and SLA governance, executive reporting, stakeholder management across global environments.

Certified: CISM · ITIL Foundation · ISO 20000 · IHK Agile Leadership · Harvard Leadership Accelerator · PMI-ACP

Leadership & Team Development

People Leadership · Escalation · Awareness

Leading cross-functional security teams across global environments — managing critical escalations, mentoring engineers, building security champion networks, and driving awareness programmes that change behaviour.

Certified: Harvard Business School Leadership Accelerator · IHK Agile Fachkraft Führung · PMI-ACP

Programme Management & Delivery

Security Programme · Change · Governance

Designing and delivering end-to-end security programmes across complex organisations — from scoping and stakeholder alignment through to control implementation, audit readiness, and continuous improvement.

Certified: ITIL Foundation · PMI-ACP · IHK Agile Leadership · CISM

04 / Mindset

Principles that hold

Architecture before tools

A security tool without architecture is a locked door with no building around it. Every control must trace back to a business risk. Design the programme first — buy the tools after you understand what you are protecting and why.

Know your posture — before the attacker does

Organisations that rely solely on audits to discover their gaps are always one step behind. Continuous self-assessment, structured GAP analysis, and honest maturity scoring separate security programmes from security theatre.

Compliance follows good security

Build your ISMS right — risk-driven, business-aligned, continuously measured — and ISO 27001, DORA, NIS2, and TISAX readiness come as a by-product. Treat compliance as the destination and you will never truly be secure.

Every department is an expert

IT knows the infrastructure. Legal understands the regulation. HR owns the human risk. Finance quantifies the cost of failure. Security architecture is the discipline that translates every team's expertise into a unified, defensible posture.

People are the programme

Security awareness, leadership commitment, and a culture where people report issues — not hide them — outlast any technical control. The strongest defence is a team that owns its security posture and understands why it matters.

Test before the incident does

Tabletop exercises, penetration tests, DR drills, and phishing simulations are not overhead — they are the only way to know if your controls actually work. A plan never tested is an assumption. Test it, fix what breaks, then test it again.

— Get in touch

A conversation, not a sales call

A second opinion, some guidance, or simply an exchange of ideas. I'm always open to connect and help where I can.

— or connect directly