Available for Projects

Bodo
Hoffmann

IT Security, Governance & Compliance Expert based in Frankfurt am Main – with over 40 years of IT experience and over 30 years in information security, IT audit and data privacy.

Get in Touch Learn More
LinkedIn IT Future AG
Bodo Hoffmann - IT Security Expert Frankfurt am Main
Bodo Hoffmann - IT Security, Governance and Compliance Consulting

About Me

With over 40 years of IT experience – since 1983 – and over 30 years in information security (since 1991), I advise organizations in IT governance, risk management, compliance and data privacy. Beyond IT audit and security management, a core focus lies in the adoption of new technologies: from strategic evaluation to the secure implementation of innovative solutions in an enterprise context.

A particular focus lies in the use of Artificial Intelligence in an enterprise context – not as an end in itself, but as a tool that supports and empowers people in their daily work. AI governance, secure AI implementation and responsible human-AI collaboration are central themes. My conviction: IT serves both business and people equally – technology must drive business objectives while supporting people in everything they do.

As a CISSP, CISA, CISM, CGEIT and CDPSE certified expert, I combine deep technical knowledge with strategic governance competence. My certifications with ISACA and (ISC)² demonstrate long-standing, verified expertise at the highest level.

Location: Frankfurt am Main, Germany

"This profile represents a rare intersection of long-standing experience ("seniority") and the ability to leverage cutting-edge technological and psychological approaches for the benefit of the organization. This is an expert who is capable of not merely accompanying digital transformation, but leading it securely, compliantly and in a value-driven manner."
40+
Years IT Experience
30+
Years IT Security
14
Certifications
100+
Projects

Summary of all Skills & Expertise

Here is an overview of my skills, organized by the most important areas of expertise:

1. Strategic Leadership & Executive Management (C-Level & Board)

  • Enterprise IT Governance (GEIT)
    Design and implementation of governance frameworks for business-IT alignment.
  • Strategic IT Planning
    Development of long-term IT roadmaps and strategies for digital transformation.
  • Financial Management for IT & Security
    Investment analysis, budgeting (CAPEX/OPEX), business case development and cost-benefit analyses.
  • Benefits Realization Management
    Steering IT value contribution through metrics and value-oriented reporting.
  • Vendor & Third-Party Risk Management
    Strategic management of service providers and supply chain security.
  • Stakeholder Management & Board Reporting
    Presentation of complex risk situations to supervisory bodies and management.

2. Cybersecurity & Information Security Management

  • Security Strategy Development
    Building enterprise-wide Information Security Management Systems (ISMS).
  • Enterprise Risk Management (ERM)
    Quantitative and qualitative risk assessment, risk appetite definition and treatment strategies.
  • Cyber Resiliency & Incident Management
    Leading incident response, forensic coordination and crisis management.
  • Security Architecture & Engineering
    Designing secure infrastructures considering cloud, virtualization and network segmentation.
  • Identity & Access Management (IAM)
    Designing complex identity and access control systems.
  • Software Development Security
    Integrating security into the SDLC (DevSecOps) and reviewing application architectures.

3. IT Audit, Compliance & Quality Assurance

  • Full-Scope IT Auditing
    Planning and execution of complex IT audits according to CISA standards.
  • Quality Assurance Review (QAR)
    Quality assurance of audit processes and audit methodology.
  • Regulatory Compliance (IT Law)
    Monitoring legal requirements (GDPR, IT Security Act, MaRisk, KonTraG).
  • Payment Card Security (PCI DSS)
    Expert knowledge in protecting transaction data and cardholder security.
  • Internal Controls Review & Design
    Evaluation and optimization of internal control systems for IT.

4. Data Privacy & Privacy Engineering

  • Data Protection Officer (DPO)
    Assuming the statutory function and advising on complex data privacy matters.
  • Privacy by Design & by Default
    Technical implementation of data privacy requirements in products and systems.
  • Data Lifecycle Management
    Managing the entire data flow under compliance aspects.
  • Data Protection Impact Assessment (DPIA)
    Conducting and evaluating risk analyses for personal data.
  • Privacy Engineering
    Implementing PETs (Privacy Enhancing Technologies), anonymization and encryption methods.

5. IT Service Management & Operational Excellence

  • ITIL Lifecycle Management
    Process design from strategy to continual service improvement (CSI).
  • Service Delivery & Operations
    Managing IT operations according to Service Level Agreements (SLAs).
  • Change & Configuration Management
    Control over IT changes and asset integrity.
  • Business Continuity & Disaster Recovery Planning
    Design and testing of recovery plans for critical business processes.

6. Communication, Psychology & Leadership

  • Advanced Negotiation & Rapport
    Psychologically grounded negotiation and communication skills.
  • Crisis Communication & De-escalation
    Confident leadership and communication under pressure.
  • Behavioral Psychology (Human Factor Security)
    Developing effective awareness measures based on psychological insights.
  • Neuro-Communication
    Applying suggestion techniques to overcome resistance to change (Change Management).
  • Coaching & Mentoring
    Developing leaders and teams in IT and security environments.

Outlook: Relevance in the Age of Artificial Intelligence

My expertise has not only grown historically but demonstrates high relevance for current technological developments. The integration of Artificial Intelligence (AI) into business processes creates new demands on governance, security, audit and data privacy, which are ideally covered by my competency profile:

Certifications CISSP CISA CISM CGEIT CDPSE

Certifications

Internationally recognized qualifications in Security, Governance & Privacy

CISSP (since 2004)

(ISC)² – Certified Information Systems Security Professional
Since 2004 · Globally recognized certification for IT security professionals. Covers eight domains: Security & Risk Management, Asset Security, Security Architecture, Communication & Network Security, IAM, Security Assessment, Security Operations and Software Development Security.

CISA (since 2005)

ISACA – Certified Information Systems Auditor
Since 2005 · World's leading certification for IT auditors. Encompasses IT audit processes, IT governance, IS acquisition, development and implementation, IS operations and business resilience, and protection of information assets.

CISM

ISACA – Certified Information Security Manager
Certification for managing information security programs. Focus on Information Security Governance, risk management, development and management of IS programs, and incident management.

CGEIT

ISACA – Certified in the Governance of Enterprise IT
Certification for enterprise IT governance. Covers governance framework, strategic management, benefits realization, risk optimization and resource optimization at enterprise level.

CDPSE

ISACA – Certified Data Privacy Solutions Engineer
Technical data privacy certification. Focus on Privacy Governance, Privacy Architecture and Data Lifecycle Management. Bridges technical implementation with data privacy requirements (GDPR, BDSG).

aC|CISO (2024)

EC-Council – Associated Certified Chief Information Security Officer
2024 · Certification for aspiring CISOs. Covers Governance & Risk Management, IS Controls, Audit Management, Strategic Planning, Finance and Vendor Management at C-level.

COBIT Practitioner

ISACA – Control Objectives for Information and Related Technology
Practice-oriented certification for applying the COBIT framework for IT governance. Focus on implementing governance objectives, process optimization and stakeholder management.

ITIL Expert v3 / ITIL Service Manager v2

AXELOS – IT Infrastructure Library
Highest operational ITIL certification. Covers Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. Expert v3 requires 22+ ITIL credits.

ITGM – IT Governance Manager

ISACA Germany
German ISACA certification for IT governance management. Focus on strategic IT steering, compliance management and aligning IT with business objectives.

QAR-IT Auditor

ISACA – Accredited Quality Assurance Review Auditor
Accreditation for quality assurance in IT auditing. Authorization to conduct Quality Assurance Reviews (QAR) according to international standards (IIA, ISACA).

DSB-TÜV

TÜV – Data Protection Officer
TÜV-certified Data Protection Officer. Qualification under GDPR and BDSG for appointment as internal or external data protection officer.

PCI DSS Auditor / PA-QSA (until 04/2007)

PCI Security Standards Council
Qualified Security Assessor (QSA) and Payment Application QSA. Authorization to conduct PCI DSS audits and assess payment applications according to PCI standards.

Certified Hypnotist

TMI – Thermedius Institute
Certified training in hypnosis techniques. Applied in coaching, communication and personal development.
Professional Career - over 40 years of IT experience

Experience

Over 40 years of IT experience – from programming to board level

Board Member, Sen. Security Manager/Consultant

[ai:ti] - IT Future AG
Since Dec. 1998 · Over 27 years
CISA, CISM, CGEIT, CISSP, CDPSE, aC|CISO. Board-level responsibilities including budget and revenue accountability. Strategic IT security consulting, governance and compliance at enterprise level.

Managing Director

Identity Center GmbH
Since June 2009 · Over 16 years
Managing director in the field of Identity Management and IT Security.

GDPR Consultant – Partner / Shareholder

gdprconsult.eu
Since Jan. 2016 · Over 10 years
Consulting in the area of GDPR. Supporting organizations in implementing data privacy requirements.

PCI DSS Consultant

PCI-Consultants.de
Jan. 2005 – Jan. 2012 · 7 years
PCI DSS consulting and auditing. Guiding organizations in achieving and maintaining PCI DSS compliance.

Training: Communications Electronics Technician / IT & IT Security

Digital Equipment / RCT
From 1991
Training as a communications electronics technician at Digital Equipment – one of the leading IT companies of its time. Parallel entry into IT security and first experiences with DECnet and the Internet. Beginning of an over 30-year career in information security and an overall 40+ year IT career.

Freelance Consultant

Deutsche Bank AG
Previous position
Freelance consulting for Deutsche Bank AG in the area of new media and web presence.

Board Member

Börsen-Team TU Darmstadt
Previous position
Board member of the stock exchange team at the Technical University of Darmstadt.

Chart Analysis / Foreign Exchange Editorial

Office Dr. H.-D. Schulz
Previous position
Responsible for creating foreign exchange charts (Hoppenstedt). Chart analysis and editorial work in the area of currency markets. Multiple appearances on n-tv on the topic of chart analysis.

Programming & Personal Projects

Independent
Since 1983
Programming and implementation of personal IT projects since 1983. Early entry into the world of computers and software development.

Education & Languages

Psychology / Psychology in IT

Technical University of Darmstadt
Since Oct. 2013
Studies focusing on IT security, motivation and gamification as well as perception of IT security.

Industrial Engineering (EE) / Business Informatics

TU Darmstadt & University of Frankfurt am Main
1992 – 1998
Studies in industrial engineering (electrical engineering) and business informatics.
DE
German – Native
EN
English – Fluent

Interests & Hobbies

I am an ultra runner. Distances from 50 km to over 300 km in a single effort are my world. Ultra running is far more than sport to me – it is a confrontation with your own limits, with discipline and mental strength. Every run is a challenge that teaches you to keep going even when everything speaks against it. This mindset shapes not only my training but also my work: endurance, focus and the will to reach every goal.

Beyond that, what fascinates me is the human being itself: What drives people? Why do they do certain things – and not others? These questions motivate me and are the reason I study psychology. Understanding human behavior is the key for me – whether in ultra running, in IT security, or in working with teams and organizations.

Ultra Running 50 km – 300+ km Marathon Trail Running Psychology Open Source
Human Development Project - IT Future AG Research Project

Human Development Project

IT & People – Technology in Service of Personal Development

IT Future AG · Research Project

With the "Human Development Project", IT Future AG has a research project focused on supporting people in unlocking their personal potential through the consistent use of IT capabilities.

"How can IT systems be optimally deployed to support people in their being and to promote their personal progress? (Well-Being)"

In doing so, we strictly align our work with the WHO's "10 Core Life Skills" and strive to consistently foster these in order to support people in leading a positive and fulfilling life.

WHO – 10 Core Life Skills

1 Self-Awareness
2 Empathy
3 Creative Thinking
4 Critical Thinking
5 Decision Making
6 Problem Solving
7 Effective Communication
8 Interpersonal Relationships
9 Coping with Stress
10 Coping with Emotions

Contact

Ready for the next project? Let's talk.

IN

LinkedIn

linkedin.com/in/bodo-hoffmann
AG

IT Future AG

www.itfuture.eu

Location

Frankfurt am Main, Germany

I am open to exciting projects and collaborations. Feel free to contact me for:

  • IT Security Consulting & ISMS
  • IT Audit & Assurance
  • AI Governance & AI Security
  • Data Privacy (GDPR / BDSG)
  • IT Governance & Compliance
  • Risk Management & BCM