IT Security & Compliance for mid-sized companies · Salzburg

Information security that stands up to an audit.

Over 10 years in security and more than 100 audits for TÜV Süd. I bring Austria's mid-sized companies to a security level that is verifiable — and that holds when it really counts.

NIS Act 2026: Are you affected? → Request a consultation
10+ years
in security — auditing, advisory and CISO sparring
100+ audits
information-security audits carried out for TÜV Süd
NISG · ISO 27001 · TISAX
proven standards first-hand — not from a textbook
Stefan Georg Schneider
Stefan Georg SchneiderISO 27001 auditor · 100+ audits for TÜV Süd
What sets me apart

I translate between management and IT.

Security is half technology — and half a question of organisation: whether management and IT speak the same language. With leadership experience from management and the depth of more than 100 audits, I build exactly that bridge. Pragmatic, working with you as equals.

About my approach →
Typical starting points

Do you recognise your situation?

Most mid-market engagements begin with one of these starting points — if one sounds familiar, an initial consultation is the right next step.

A major client suddenly demands an ISO 27001 certificate — and you have months, not years.

ISO 27001 & Audits →

A letter on NIS2 / NIS Act applicability is on the table — and no one knows what to do next.

NIS Act 2026 check →

Management asks: are we actually protected? — and needs a solid answer.

CISO Advisor →

Your team has no dedicated security function — you need an experienced counterpart on demand.

CISO Advisor →
What I do

One focus, three ways of working together: your information security.

One field — information security — in three forms of collaboration: from certification through leadership on demand to regulation. My home for over ten years.

01

ISO 27001 & Audits

Building an ISMS and preparing for certification audits — as separate packages or one continuous project. TISAX included.

Learn more →
02

NIS2 & Compliance

NIS Act 2026, risk management and reporting processes — toward demonstrable fulfilment of your regulatory duties.

Learn more →
03

CISO Advisor

A sparring partner for your management and IT leadership — reviews, roadmap, a counterpart who thinks with you. Responsibility stays with you.

Learn more →

The NIS Act 2026 is coming — are you affected?

With Austria's implementation of the EU NIS2 directive, information security becomes a legal obligation for many mid-sized companies — with personal responsibility for management. Find out in two minutes where you stand.

To the NIS Act 2026 check →

In force from 1 October 2026. Evidence isn't built overnight.

Working together

How working together unfolds.

From the first conversation to ongoing support — a clear, predictable path with no surprises.

1Consultation

Create clarity

We clarify your starting point, your goal and whether it's a fit — personally and professionally.

Free & without obligation
2Positioning

Status & proposal

Gap analysis and roadmap. You get a clear picture of where you stand and a fixed-price proposal by scope.

3Implementation

Deliver the measures

ISMS, policies and registers take shape — in focused workshops, translated between management and IT.

4Guidance

Audit & support

Preparation for certification and NIS audits and, on request, long-term ongoing support.

References

Trusted by companies where security matters.

citycom Graz
Pollmann International
MediaPrint
sproof
HeiserTec
Vivid Planet
Enexsa
AME – Automotive & Mobility Engineering
HSP Gruppe
Amium
Cloudunify

A selection from more than 100 audits and projects.

Client voices

What clients say.

With Stefan, we have an auditor who knows our operation. No off-the-shelf checks — findings that are genuinely relevant to us. That isn't a given.
Georg KrakolinigManaging Director · CityCom
For nine months, two days a week, Stefan accompanied us as our external security lead. In that time, more moved on the security side at our company than in all the years before. Structures, responsibilities, a real roadmap — and at the end, a clean handover to the internal team. Exactly what we needed.
Alexander EbnerHead of IT · MediaPrint
We faced the challenge of introducing an ISMS quickly and without much bureaucracy. With a range of templates, Stefan helped us build a simple and effective ISMS very efficiently. Today we have a lean, livable security structure.
Bernhard MaryschkaHead of IT · Pollmann International
We do the audits with Stefan because the result lands with us internally. The findings are easy to follow, the recommendations actionable. That moves us forward — and not every auditor manages that.
Andreas MörthHead of IT · HSP Gruppe
ISO 27001 was meant to bring us real security value, not to spiral into unnecessary bureaucracy. Together with Stefan, we found exactly that balance.
Rainer ForsthuberManaging Director · Vivid Planet
What can't be automated

Security isn't decided at the checklist — but by the judgement behind it.

Standardised audits are delivered by any tool today. What a security context needs is a person who stands behind the result. Four qualities I bring:

Judgement

Not "what the standard says", but "what matters in your specific situation".

Responsibility & reliability

A counterpart who carries the process and stands behind it — no deliver-and-leave.

Integrity

Professionally honest, even when it's uncomfortable. No scaremongering, no overselling.

Trust & relationship

On equal footing, pragmatic rather than formalistic. You book the person you believe in.

A clear boundary

What I'm not the right fit for.

Clarity also means being honest about what I don't do. Three things I deliberately leave to others — and I'll point you to the right partners.

30 minutes that bring clarity.

Without obligation, we clarify where your organisation stands and which path makes sense for you.

Request a consultation →