About me
Julian Forss Link to heading
Staff Information Security Engineer
Information Security | Governance | Compliance | Business Resilience
Bremen, Germany
Profile Link to heading
I help organizations build and operate secure, compliant and resilient environments in highly regulated industries.
My work sits at the intersection of security engineering, compliance, and distributed systems — translating regulatory requirements into practical controls that hold up under audits, certifications, and real-world operational pressure.
I’m typically involved when organizations need clarity and direction at system level. This includes risk analysis across complex architectures, regulatory interpretation, audit readiness, and enabling expansion into new markets without compromising compliance or delivery.
Areas of Impact Link to heading
- Information Security Governance & Risk Management
- Security Architecture & System-Level Risk Analysis
- ISO 27001 Implementation & Audit Readiness
- Business Continuity Management (BCM) & Resilience
- Certification & External Audit Coordination
- Regulatory Compliance across International Markets
- Privacy & Data Protection (incl. DPO responsibilities)
- Secure Platform Governance in Distributed Systems
Experience Link to heading
Staff Information Security Engineer (2026 – ) Link to heading
In this role, I work at the intersection of engineering, compliance, and system behavior in highly regulated environments, including US market requirements.
The focus is on ensuring that security and regulatory controls hold in real production systems under operational and audit pressure — not just in documentation. This involves identifying where intended controls diverge from actual system behavior across complex architectures, and working with engineering teams to resolve those gaps.
A key part of my work is acting as an interface between engineering teams and external auditors, aligning technical implementation with regulatory expectations. Certification and audit efforts are supported through hands-on system analysis rather than purely process-driven approaches.
Compliance Delivery Manager (2022 – 2026) Link to heading
As Compliance Delivery Manager, I focused on building and operating the structures required to achieve and maintain regulatory compliance across multiple international markets.
This included leading the implementation of an ISO 27001-aligned ISMS, from initial gap analysis through control design to successful external certification. I owned the delivery of regulatory certifications across Europe, North America, and Latin America, defining certification roadmaps and coordinating audit activities with accredited testing labs and certification bodies.
The role required translating regulatory requirements into organizational controls, governance structures, and audit evidence processes that could be consistently applied across complex, distributed systems.
In addition, I supported Business Continuity and operational resilience initiatives, including risk assessments, Business Impact Analyses (BIA), continuity planning, and the evaluation of operational risks affecting critical business services. These activities helped ensure that compliance requirements were aligned with practical operational resilience objectives.
I also acted as a central coordination point between engineering, leadership, and external auditors, and served as local Data Protection Officer across multiple locations.
Product Owner (Regulated Platform Domain) (2018 – 2022) Link to heading
As Product Owner for regulated platform domains, I worked at the intersection of product, engineering, and regulatory requirements in distributed systems under continuous scrutiny.
The focus was on maintaining compliance while enabling delivery — translating regulatory expectations into actionable priorities for engineering teams and aligning system evolution with international requirements.
Earlier Experience (Selected) Link to heading
Product and project roles in international, software-driven environments
Certifications Link to heading
- Certified Scrum Product Owner (CSPO)
- IPMA Level D (Project Management)
Education Link to heading
Bachelor of Arts in Business Administration (BA)
How I Work (in Practice) Link to heading
I focus on making security and compliance clear and actionable, so that teams know what to do and why it matters. Because compliance that exists only in documentation does not hold up in real systems — it needs to be understood and applied in day-to-day operation.
What I find most rewarding about this work is turning complexity into clarity, and making sure that what is defined actually works in practice and is accepted by regulators and external testing bodies.
In practice, this means translating regulatory requirements into engineering decisions that work in real systems and stand up to audits.