Germany’s hospitals and healthcare sector is a complex and highly regulated environment where cybersecurity is critical. As medical organizations digitize patient care, electronic records, and operational systems, robust information security leadership is essential. CISOs in this sector must balance technical protection, regulatory compliance, and operational continuity, often under critical infrastructure mandates. The following leaders exemplify the expertise and strategic vision required to secure Germany’s healthcare institutions.
Rafael Willeke — Chief Information Security Officer, Augenzentrum am St. Franziskus-Hospital
Rafael Willeke has over nine years of experience at Augenzentrum am St. Franziskus-Hospital, where he leads IT security operations and policy management. Rafael Willeke’s background also includes hands-on IT administration, hardware diagnostics, and PACS systems. He began his career as a paramedic and has steadily grown into a leadership role in medical IT security, ensuring both compliance and operational resilience within the hospital environment.
Duncan McNutt — Chief Information Security Officer, Universitätsklinikum Ulm
Duncan McNutt serves as Chief Information Security Officer at Universitätsklinikum Ulm, overseeing information security for an organization classified as critical infrastructure under EU-NIS and German KRITIS regulations. Duncan McNutt implements and guides the Information Security Management System (ISMS), conducts internal and external audits, monitors KPIs, and acts as the government contact point for cybersecurity oversight. He also founded a German University Hospitals CISO network and holds CISM, ISO 27001 Lead Implementer, and CSXP certifications.
Roland Hammelmann — Assistant Chief Information Security Officer, Universitätsklinikum Würzburg
Roland Hammelmann is Assistant Chief Information Security Officer at Universitätsklinikum Würzburg. Roland Hammelmann brings senior IT management experience across multiple industries, international leadership, and a deep understanding of IT business areas, supporting both strategic and operational security initiatives within the hospital environment.
Dr. Saadat Bunyatova — Director Head of Cybersecurity, Merck Healthcare
Dr. Saadat Bunyatova leads enterprise cybersecurity, regulatory readiness, and resilience at Merck Healthcare. Dr. Bunyatova advises executive leadership on cyber risk, governance, and crisis preparedness, while representing the organization in industry forums and serving as Advisory Board Member of CIONET Germany. She holds an Executive MBA, CCISO certification, a PhD in Information Security, and completed executive cybersecurity strategy training at Stanford.
Christian Kierdorf — Chief Information Security Officer, HÄVG Hausärztliche Vertragsgemeinschaft AG
Christian Kierdorf serves as Chief Information Security Officer at HÄVG Hausärztliche Vertragsgemeinschaft AG. Christian Kierdorf manages ISO 27001 compliance, security management, and IT-business integration, leveraging prior experience as Informationssicherheitsbeauftragter and IT Business Partner to align IT security initiatives with organizational objectives.
Gevorg Stepanyan — Chief Information Security Officer, EVK Düsseldorf
Gevorg Stepanyan is Chief Information Security Officer at Evangelisches Krankenhaus Düsseldorf. Gevorg Stepanyan focuses on advancing information security practices, fostering collaboration across IT and healthcare teams, and enhancing organizational resilience in line with regulatory standards.
Securing Germany’s Hospitals and Healthcare Networks
The German healthcare sector is increasingly reliant on digital systems, making CISOs indispensable to protecting sensitive patient data, ensuring regulatory compliance, and maintaining operational continuity. These leaders combine technical expertise, governance skills, and strategic vision to safeguard critical healthcare infrastructure across the country.