The German retail and grocery sectors are home to some of the most complex and critical IT environments in the country. With large-scale operations, omnichannel commerce, and extensive supply chains, these organizations face constant cyber threats that require strategic oversight and resilient security programs. The CISOs and heads of information security leading these companies are responsible for protecting vast amounts of sensitive customer and operational data while embedding security into digital transformation initiatives and operational processes. From fostering security-aware cultures to implementing governance frameworks that comply with both national and EU regulations, these leaders exemplify how cybersecurity can be a true business enabler in the German retail and grocery landscape.
Simon Schmidt — Information Security Officer, EDEKA ZENTRALE Stiftung & Co. KG
Simon Schmidt serves as the Information Security Officer at EDEKA ZENTRALE, where he oversees information security, IT risk management, internal audit, and IT governance. He leads a global team of security experts and is responsible for implementing robust ISMS frameworks, ensuring compliance with TISAX, SOX, and ITIL standards, and driving secure IT project delivery. Simon has successfully managed mergers and acquisitions, ERP system migrations, and process optimizations, ensuring that EDEKA’s complex IT environment remains secure while supporting operational efficiency. With a strong focus on risk mitigation and governance, he aligns IT security initiatives with business objectives, balancing compliance, innovation, and strategic growth.
Vicky Sorge — Chief Information Security Officer, Kaufland e-commerce
Vicky Sorge is the Chief Information Security Officer at Kaufland e-commerce, leading international cybersecurity teams and shaping strategy for one of Europe’s most dynamic digital retail environments. With over 15 years of experience in corporate and IT security, she focuses on resilience, aligning security with business objectives, and making cybersecurity a growth enabler rather than a compliance exercise. Vicky emphasizes human-centric leadership, mentoring, and community engagement, organizing nationwide security meetups and advocating for diversity in tech. Her approach blends strategic oversight with empowerment, ensuring teams are equipped to address complex threats while fostering innovation and collaboration across the organization.
Christian Metzner — Head of IT, HR, and Data Protection, Dirk Rossmann GmbH
Christian Metzner leads IT, human resources systems, and data protection at Dirk Rossmann GmbH, one of Europe’s leading drugstore chains. He drives IT strategy, digital transformation, and operational innovation across the company, leveraging over 15 years of experience to deliver solutions that enhance efficiency, customer experience, and security. Christian combines technical leadership with business insight, ensuring that IT initiatives align with organizational goals while maintaining strong data protection and compliance practices. His focus includes enterprise-wide collaboration, change management, and implementing technologies that create tangible business value.
Melanie Hendrickx — Head of Information Security, Governance, Risk, and Compliance, METRO AG
Melanie Hendrickx oversees Information Security, Governance, Risk, and Compliance at METRO AG, managing security programs across 30+ countries and 45+ legal entities. With 13 years of experience building functional GRC frameworks, she focuses on AI governance, secure AI enablement, and regulatory compliance under EU directives such as the AI Act and NIS2. Melanie specializes in translating complex frameworks into practical, operational processes, ensuring that METRO’s global security posture is consistent, resilient, and scalable across diverse regulatory environments.
Franz-Josef Pelstring — Chief Information Security Officer, REWE Group
Franz-Josef Pelstring serves as CISO of REWE Group, responsible for driving cybersecurity strategy across the company’s retail operations. He focuses on proactive defense, operational resilience, and embedding a strong security culture throughout the organization. Pelstring leads initiatives in talent development, security awareness, and community engagement, including participation in Women4Cyber Germany and internal REWE podcasts. His approach emphasizes people-centric security, ensuring that employees are empowered to act as the first line of defense while supporting the organization’s digital and operational objectives.
Leading Cybersecurity in German Retail and Grocery
These cybersecurity leaders demonstrate the increasing sophistication and strategic importance of information security in Germany’s retail and grocery sectors. By blending technical expertise with leadership and cultural influence, they ensure that large, complex organizations remain resilient against cyber threats while supporting operational efficiency and business growth. Their work highlights how cybersecurity is not just a protective measure, but a critical enabler of digital transformation and long-term success in the German retail landscape.