Austria’s IT sector sits at the convergence of SaaS platforms, critical internet infrastructure, enterprise software, public-sector digital services, and an increasingly “financialized” tech layer (fintech, digital identity, payments, and blockchain-enabled products). That mix creates a distinct security reality: software supply chains, cloud dependency, third-party risk, and identity-driven access patterns are just as central as classic perimeter defense. The leaders below are shaping how Austrian tech organizations build resilient systems, meet rising regulatory expectations, and keep innovation moving without widening the blast radius.
Thomas Zraunig — Chief Information Security Officer, 21finance
Thomas Zraunig is Chief Information Security Officer at 21finance, and also holds a parallel CISO role at 21X—positions that place him directly in the security path of blockchain-enabled products and smart contract environments. Before that, he led information security at twinformatics as Head of Information Security, after earlier security and governance roles across ING Austria, Western Union International Bank, and the Erste Group IT ecosystem. Across those environments, his profile consistently points to security governance, risk oversight, and the realities of securing modern digital services where outsourcing, cloud, and partner integration are part of the operating model—not exceptions.
Andreas Blassnig — Chief Information Security Officer, ELGA GmbH
Andreas Blassnig serves as Chief Information Security Officer at ELGA GmbH, a role centered on protecting national-scale digital health infrastructure where confidentiality, integrity, and operational continuity are non-negotiable. Prior to ELGA, he was Group Chief Information Security Officer at Addiko Bank, alongside earlier roles that blended business continuity, outsourcing management, and operational risk responsibilities. That combination—security leadership plus continuity and outsourcing depth—fits the modern IT reality where resilience depends as much on vendor control and service dependencies as it does on internal security controls.
Benjamin Weissmann — Chief Information Security Officer, ecosio
Benjamin Weissmann is CISO at ecosio, where his stated focus spans end-to-end IT security for a SaaS platform, secure coding principles, employee security awareness, and resilience across a digital EDI supply chain. He brings a long background in incident response and business integrity domains, supported by significant experience in fraud prevention, compliance, computer forensics, and e-discovery—capabilities that matter in SaaS environments where investigations often cross technical, legal, and customer-trust boundaries. His profile signals an operator who can move between prevention, detection, and response without losing the thread of governance.
Michael Zach — Co-Chairman (CISO-SIG), European TLD ISAC
Michael Zach is Co-Chairman of the CISO-SIG at the European TLD ISAC and also serves as Chief Information Security Officer at nic.at, positioning him close to the security and resilience concerns of core internet and DNS-related infrastructure. His background blends information security leadership with experience in data science and machine learning, and he has progressed through analyst and officer roles within the same ecosystem. This is the kind of profile that matters when availability and trust are the product—where incident readiness, continuity, and risk governance must be disciplined and repeatable.
Oliver Simmerstatter — Chief Information Security Officer, SPAR ICS
Oliver Simmerstatter is Chief Information Security Officer at SPAR ICS, alongside responsibility as an Information Technology Strategist—an important pairing in an IT services environment that supports large-scale digital retail operations. His career path runs through CTO and enterprise architecture leadership, plus long-term ownership of software engineering and business solutions teams. That blend suggests a security leader who understands how modern platforms are built and scaled, and who can translate security requirements into practical architecture and delivery decisions.
Werner Duerr — Chief Information Security Officer, Digital Burgenland GmbH
Werner Duerr served as CISO at Digital Burgenland GmbH and previously held senior governance and banking services leadership roles at A1 Bank AG, including a long stretch combining governance and CISO responsibilities. Earlier, he served as CIO / Head of IT at Erste Asset Management and held other leadership roles across asset management solutions. That arc—CIO, governance head, banking services, and CISO—maps well to the reality of IT-sector security today: security posture is inseparable from how services are governed, delivered, and operationally controlled.
Thomas Kopeinig-Gatterer — Chief Information Security Officer, RUBICON IT GmbH
Thomas Kopeinig-Gatterer is Chief Information Security Officer at RUBICON IT GmbH, and previously served as CISO at SEC Consult Group—giving him both practitioner exposure and leadership experience across consulting and delivery contexts. Earlier roles as security analyst and consultant reinforce a hands-on foundation, while public-sector service experience suggests familiarity with structured environments and formal controls. This is a useful pattern in IT services: leaders who can bridge advisory rigor with implementation reality tend to raise security maturity faster.
Robert Geist — Chief Information Security Officer, Global Blue
Robert Geist is Chief Information Security Officer at Global Blue, after progressing through AVP and manager-level IT security leadership in the same organization. That internal trajectory typically signals operational depth: building programs over time, maturing controls, and learning where friction actually appears in real systems. With earlier experience in security management and system administration leadership, his profile points to a security leader who understands both governance and the infrastructure layer that keeps global services running.
Milan Orszagh — Chief Information Security Officer, ovos
Milan Orszagh is CISO at ovos and also serves as the company’s COO, placing him at the intersection of security leadership and operational execution. He previously led DevOps, and earlier worked in web development—an arc that often correlates with pragmatic security: awareness of delivery pipelines, platform reliability, and the tradeoffs that come with shipping software. In tech organizations, that blend can be a force multiplier when security needs to be integrated into product and operations rather than bolted on.
Why Austria’s IT Security Leaders Matter Right Now
Austria’s IT sector is increasingly defined by platforms, ecosystems, and dependency chains—cloud providers, SaaS integrations, outsourced operations, and identity-based access. The CISOs and security leaders above represent different slices of that reality: core internet infrastructure, digital public services, enterprise IT providers, SaaS platforms, and security-forward consulting. Together, they illustrate how Austria’s cybersecurity leadership is evolving from “security as a function” into “security as a design constraint” for the digital economy.
Much of Austria’s IT security posture ultimately converges in software itself, making the leaders featured in CISOs to Watch in Austria’s Computer Software Industry essential to understanding how secure systems are actually built and maintained.