Your browser is outdated!

To ensure you have the best experience and security possible, update your browser. Update now

×

Frederic Georgel

Cybersecurity, Risk, Technology, Transformation,

Frederic Georgel
56 years old
Montréal (H9S 4Y4) Canada (Québec)
Professional Status
Employed
Open to opportunities
About Me
Natural Leader and Influencer, Solutions & Result-Oriented Executive, Recognized for Successfully Managing Complex Business and Technology Challenges. Over 20 years experience in Technology Team Management, Architecture and Risk, Cybersecurity, Governance, Compliance, Business Transformation and Program Management, International Experience (Europe and North America)

Experienced in the following fields: Telecommunications, Financial Services, Transportation, Aeronautics, Space and Defense, Entertainment, Public Administration.

Author of BestSeller books about IT Governance & IT Management

Career:
2018
Senior Director, Information Security (CISO)
(Cogeco) - Canada / US

2016
Stream Lead, GRC Project
(CN) - Canada

2014
Senior Consultant IT Security
(Cirque du Soleil) - Canada / US

2012
Director, IT Security Engineering
(Desjardins Bank) - Canada

2011
Director, IT Security Architecture
(Desjardins Bank) - Canada

2010
Team Lead, IT Compliance and Security
(Desjardins Bank) - Canada

2007
Senior Advisor, IT Compliance
(Desjardins Bank) - Canada

2004
Senior Consultant, IT Management & Governance
(Nudata, Smurfit Group, Kenzo, ...) - Europe

1999
Founder and CEO
(Hypsoneack) - Europe

1997
Director, Corporate Digital Publication
(Conseil General des Bouches-du-Rhône) - Europe

1992
Manager, Software Integration and Support
(Orkis) - Europe
Resume created on DoYouBuzz

Associate Partner

Ernst & Young
Since February 2021
Montreal
Canada - Québec
  • Advise and support companies to create a better secure environment to be more resilient against Cyber Threats.
  • Food Industry (client 6,13 B$ usd revenues)
    Conduct a cybersecurity governance (CSG) transformation
    ● Identify Business needs
    ● Identify and document Business and Cyber Risks using FAIR
    ● Design GSG capabilities
    ● Design Key processes

    For Banking Industry (client 6,3 B$ usd revenues)
    Define and deploy a crisis management framework
    ● Work in closed collaboration with the Chief Privacy Officer Team
    ● Define and document 10 key questions that the regulator likely to ask in case of PII leak
    ● Identify the gap and document the processes the bank must have in place

    For Banking Industry (client 14,6,3 B$ usd revenues)
    Define a governance structure for physical security transformation program
    ● Define Governance Charter, Role and responsibilities, collaboration processes with the Stakeholders

    For Manufacturing sector (client 100 M$ usd revenues)
    Conduct a cybersecurity maturity assessment
    ● Conduct interviews in 4 differents country (US, Canada, Germany, France) and analyse documentation
    ● Define recommendations and roadmap
    ● Provide Executive report and present to the Board

    For Energy Sector (client 1,3 B$ usd revenues)
    Conduct a NIST CSF and vulnerability assessment
    ● Conduct interviews in 6 companies owned by the parent company (US, Canada)
    ● Benchmark results against peers and cyber threat landscape
    ● Define recommendations and roadmap
    ● Provide Executive report and present to the Board

    For Pulp and Paper industry (client 1,2 B$ usd revenues)
    Define a cybersecurity program transformation
    ● Work in closed collaboration with the CIO
    ● Define the target state and do gap analysis against current state
    ● Design a 3 years program, with the first year budget, technology, and organizational structure
    ● Identify all projects and prioritize them based on the risk
Learn more

Senior Director, Information Security (CISO)

Cogeco
July 2018 to January 2021
North America (Canada / US)
  • Recruited World Class Talent (23 resources), 16 of which within first 3 months of approval
  • Approval of the Cybersecurity Management Model by CTO, CIO, CFO and Board within 6 months of nomination
  • Deployed Security Frameworks at the Strategic, Tactical and Operational Levels (NSIT / FAIR / CIS / ITIL / MaGMa) within 1 year
  • Delivered Security Program, Project and Activities to Roadmap Milestones in addition to Unplanned 360 project contributions delivered to business projects in 2019.
  • Build and Deploy Fusion Center (Soc Next Generation) with Chronicle, Forseti Security, Splunk, Qualys, Cortex, Terraform, Ansible, Crowdstrike
  • Implemented Cloud Security and DevSecOps practice throughout the Google Cloud Platform (adoption rate of 100% in 1 year)
  • Deployed Secure Coding Practice (Processes & Tools)
  • First known Cybersecurity team fully gender-balanced on day 1 in Canada
  • All team members Certified Itil Foundation, Google Cloud Platform Fundamental, and Agile within 12 months.
  • Voted Best Team with Mobilization rate (83%) in 2020 within the organisation
  • Build and Deploy Development Security Team for Advance Security Application Development
  • Rebuilt Cybersecurity Framework and Practices, Updated Policies and Standards
  • Innovative Awareness campaign deployed (videos, posters)
  • Design and Deploy Bespoke Automated Incident Response Solution
  • Increase the efficiency and responsiveness of Operational Security Center (Fusion Center) by 100%
  • Increase detection capability increased by more than 300% in 1 year
  • Chairman of Cybersecurity Governance Committee
  • Member of Canadian Security Telecommunications Advisory Committee
  • Member of Cablelabs Security Group
Learn more

Stream Lead, GRC Next Generation (mandate)

Canadian National Railway (CN)
November 2016 to June 2018
North America (Canada / US)
  • GRC Strategy
    • Define Governance approach
    • Define Risk approach
    • Define Compliance approach
    • Identify required capabilities
  • Implement FAIR Model (Quantitative Risk)
    • Analyze and Select Risk Methodology
    • Train People on FAIR Methodology
    • Implement FAIR in GRC Functions
    • Attach FAIR with Cyber Intelligence Process
  • Design GRC Functional Architecture
    • Identify GRC Key Functional Blocs
    • Define functional architecture for GRC next generation (Risk Based Approach)
    • Define Data Workflow
    • Define CI Structure
    • Managed GRC Processes with Business Analyst
    • Managed GRC Architecture
  • GRC Tools
    • Complete RFP
    • Define selection process
    • Analyze and evaluate Solutions
    • Select Vendor (MetricStream)
  • Advise Management for GRC Team
    • Define Professional profiles and skills to operate GRC Platform.
Learn more

Senior Consultant , IT Security (mandate)

Cirque du Soleil
May 2014 to November 2016
North America (Canada / US)
  • Secure Cirque’s shows technologies
    Ensure that technologies used by shows (Sound, Light, Automation, Projection and SFX) are secure.
    • Identify and define IT security measures
    • Deploy IT Security controls on shows (World Wide)
    • Implement Self-assessment and annual audit process
    • Implement IT Security training portal
  • Define and implement SIEM Next Generation.
    Replace RSA Envision platform by new generation: Alien Vault
    • Identify business needs and security requirements.
    • Complete RFP, vendor Analysis and product selection.
    • Complete architecture and detail design
  • Cloud Security (Microsoft Azur)
    Set IT security requirements for Cloud in IAAS mode, PAAS, SAAS.
    • Identify business needs and security requirements
    • Define and implement IT security standards with the architecture and operations groups
    • Define and implement Disaster Recovery Plan for the Cirque du Soleil website and all its micro sites (12) hosted on Microsoft's Azur Platform.
  • Achieve IT Security Audit
    • Define and implement strategic IT security pan,
    • Define and execute 4 security audits (Cloud, High Privilege Access, Servers in production, Development)
    • Produce reports and recommendations
    • Manage remediation plans
  • Define and implement application security development methodology
    • Design an application development security framework based on OWASP
    • Deliver application development security standards and development guide
    • Identify business needs and security requirements
    • Complete RFP, vendor Analysis and product selection (Veracode, WhiteHat, Synopsis)
    • Anonymize data production for development.
    • Identification of critical data (PII), define the rules of anonymization, write a reference guide for developers.
  • Execute IT Security Risk Analysis methodology
    • Provide Technological risk analysis for projects and major events management
    • Identify threats, probability of contact, attack surface, defensive measures, direct and indirect impacts.
  • IT Security Framework
    • Design a new IT Security framework (strategic, tactical and operational)
    • Define roles and responsibilities
    • Review corporate and administrative security policies
    • Write 10 new IT security standards and 6 operational guides
    • Design and implement a tool to manage and share security documents
    • Manage security requirements alignment to business needs.
  • Management
    • As member of TPG Cyber-Security Council, share cyber security trends experience and analysis with CSO TPG Capital companies (Uber, AirBnB, Burger King, Lenovo, McAfee, etc )
    • Define key performance indicators to measure the security program- Produce monthly performance dashboards.
  • IT Security Strategic plan:
    • Define strategic security plans (Roadmap 3 years)
    • Analyse security needs in regards of new threats.
    • Analyse technological enterprise orientation and outdated equipment.
Learn more

Director, IT Security Engineering

Desjardins Bank
December 2012 to February 2014
North America
Canada
  • Unit Management
    • Create Security Engineering Department
    • Implement Security Engineering Practices
    • Define and operationalize the security policies for the design and operation phases (NIST / ISO 27002). Result: Increase efficiency and consistency during the detailed design phase of the security features.
    • Define KPI, Dashboard and Reports
  • Change Management
    • Business Unit Mission statement
    • Define services & delivery processes
    • Restructure team
    • Define of roles and responsibility
  • Security Enginery Services Management
    • Engineering of protection systems (Anti-Virus, Anti-Spam, Web Filtering, Firewall next generation, IDS / IPS, WIPS)
    • Contribution to over 200 business projects per year.
  • Performance Management
    • Unit operational under three months
    • Increase the volume of contributions (120> 200 projects) without increasing staff
    • Best financial results in the vice presidency (income of $ 1.6 million in 2014)
    • Fluidisation of security interventions in projects by defining a RACI between architecture and engineering activities.
  • Resource management
    • Budget management
    • Financial Planning
    • Team Management (30 employees)
    • Recruiting
    • Enhance team skills by setting up a specific training program.
Learn more

Director, IT Security Architecture

Desjardins Bank
January 2011 to December 2012
North America
Canada
  • Unit Management
    Rebuild the unit after more than 18 months without a Director in place.
    • Manage activities in start-up mode.
    • Reorganize teams and practices.
    • Stop gap of financial losses and release of first revenues ($ 0.5 million / 2011 - $ 1M / 2012)
    • Increase mobilization rate over than 30%.
    • Define KPI, Dashboard and Reports
  • Security Architecture Management:
    • Review and improve the security framework: update of all Security Architecture Policy. Implement the SANS security framework.
    • Define evolution of the security architecture strategy roadmap.
  • Activity processes Management
    • Redefine activities processes
    • Implement security architecture committee review
    • Define roles and responsibilities
    • Increase customer satisfaction rate by 40%.
  • Critical Security Systems Management
    • Design and implement Operational Security Center (Arcsight / Mcafee EPO). Monitoring of 70 000 devices in 2014.
    • Consolidate Firewalls with new technology.
    • Redefine IT security perimeter.
    • Implement Juniper technology.
    • Reduce the number of firewalls, rules consolidation, reduce the operation and maintenance costs, increased the firewalls capacity.
  • Management tool
    • Define and implement advanced management tools
    • Increase performance of service delivery by 33% (80> 120 projects)
  • Resource management
    • Budget management
    • Financial Planning
    • Team Management (25 Employees)
    • Recruiting
    • Enhance team skills by setting up a specific training program.
Learn more

Team lead, IT Compliance and Security

Desjardins Bank
January 2010 to December 2011
North America
Canada
  • Define IT Security requirements and controls related to technological transformation programs:
    • Network and telephony contract negotiation with Bell
    • IT Operations contract negotiation (IBM, Compucom, Ecosys)
    • Printing contract negotiation (RR Donnelley)
    • Decrease IT Security and Compliance operating costs by $ 2 million/year.
  • Define security requirements related Governance, Risk and Control (GRC)
    • Describe detailed requirements of a GRC tool
    • Design functional requirements definition (UML)
    • Write details specifications
  • Negotiate contractual agreements with outsourcing vendors
    • Establish contractual requirements of management processes for service supplier (IBM)
    • Define Process Management Interface for IT security and compliance.
  • Design and implement IT Governance
    • Identify governance rules applicable.
    • Design governance framework with Deloitte.
    • Implement framework with all Desjardins VP IT.
Learn more

Senior Advisor, IT Compliance

Desjardins Bank
January 2007 to December 2010
North America
Canada
  • Harmonize IT Compliance approach. Define compliance strategic plans
    • Analysis requirements and scope of intervention,
    • Establish a roadmap and support strategy
    • Deliver IT Security requirements and compliance controls unified management (5970, 52-109, 3416, PCI)
  • Reduce compliance cost by setting up the first multi-compliance framework
    • Reduction of internal management efforts by 20 to 30%.
    • Reduction of expensive third-party providers operating direct cost by 25%.
  • Audit Management (internal and external verification)
    • Manage observation reports, define mitigation plan.
    • Reduce the number of recurrent observation and improved support.
  • Basel Regulation compliance:
    • Identify controls and connections in scope with the personal risk (R1)
    • Implement specific controls with the service supplier (CGI)
    • Basel agreement completed with success.
  • Unify controls with third party suppliers
    • Define a common framework of compliance controls for all suppliers.
    • Unify controls practice.
Learn more

Senior Consulant, IT Management & Governance (Mandates)

Nudata CRM, Smurfit Group, Kenzo, Eurocopter, Total.
January 2004 to December 2006
Europe
  • IT Compliance
    • Mandate: Design a management framework for SOX compliance (Client : L'Oreal Group) . Scope and requirements analysis, define and details Compliance Controls (Cobit)
  • IT Governance
    • Mandate : Define IT management processes, Role & Responsibility, Committees, Key indicators. (Client : Confidential / sector : Defense.
  • Asset Optimisation System
    • Mandate: Reduce the number widths production in factories. (Client : Smurfit Group). Design a calculation system to optimize production Width sizes. Develop and integrate algorithms. Provide User training.
    • Mandate: Define functional requirements for sales systems in developing territories (Client : Kenzo). Define functional requirements for integration in Salesforce. Write details specifications.
  • IT Strategic plan
    • Mandate: Define Technology road map for Control & Compliance management (Client : Total).
Learn more

Founder and CEO

HYPSONEACK
January 1999 to December 2003
Europe
France
  • Business Management
    • Create the company
    • Define company's services
    • Define and implement working processes & practices
    • Define and Implement growth strategy and financial structure
    • Develop business opportunities (business development) customers relations
    • Manage Human resources
    • Manage business successfully during global financial crisis (2001).
    • Manage selling company process
  • Software & Web Development
    • Manage Software and Web technologies
    • Define and implant development practices
  • Digital Marketing
    • Manage E-business, Web, Digital marketing projects. Clients : European Photo agencies of Hachette Filipacchi Medias group (Rapho, Magnum Photos, Keystone Hoaqui, TOP ....), Yves Saint Laurent Museum, Neti-Corp (IT Professional Services)
Learn more

Director, Corporate Publication

Conseil General des Bouches-du-Rhône
January 1997 to December 1999
Europe
France
  • Transform publications systems
    • Design & implement new Editing systems
    • Upgrade work practices & production processes
  • Ensure digital platforms development
    • Develop and implement the first Corporate website
  • Oversee external communication design
    • Manage marketing campains, publication of annual reports, magazine.
Learn more

Manager, Integration and Support

Orkis
January 1992 to December 1997
Europe
France
  • Systems Integration
    • Integrate client-server systems for client with complex architectures and sensitive data. Clients : European Space Center (Support 3 Ariane Flight, including Ariane 5 qualification flight), Commissariat à l'Energie Atomique (CEA), Eurocopter, EADS, CNES
    • Integrate and operationalize baggage screening systems simulation for the Direction General of Civil Aviation and Airports of Paris.
  • Data Modeling & Information Structure
    • Advise Customers for Data modeling
    • Define & implement Data Modeling services
  • Customers Support Management
    • Define and operationalize support processes (incident & problem management)
    • Work with development teams on problem & functional changes.
    • Manage Support Team.
    • Design & Implement Help Desk system.
  • External Relations Manager
    • Develop corporate communication
    • Design and produce marketing materials.
    • Manage Events (Apple Expo / International Days of Photography, etc ...).
    • Design and write publications.
Learn more

Publications

Dunod, CCH
January 2005 to December 2009
Europe
France
  • Gouvernance, Audit et sécurité des TI (Governance, Audit and IT Security)
    Book for Sherbrooke University / French
    Éditeur : CCH, 2008
  • IT Gouvernance : Maîtrise d’œuvre d’un système d’information
    Éditeur : Dunod / 01 Informatique 2005 (3e édition 2009) - Best Seller 2006/2007
  • IT Gouvernance : par où commencer?
    Éditeur : Information & Systèmes (2005)
  • Leadership
  • Strategy Alignement
  • IT Governance
  • Risk Management
  • Communication
  • Change Management
  • Third party management
  • Team management
  • Performance Management
  • Efficiency Optimization
  • Enterprise Architecture
  • Security Management & Governance
  • Technology Risk Management
  • Cyberthreats Management
  • Security Architecture
  • Cloud & SAAS Security Management
  • Identity and Access Management
  • Project Management
  • IT Compliance
  • Audit Management
  • Disaster Recovery Plan
  • Cable & Telecom Security

Implementing and Auditing 20 Critical Security Controls

SANS Technology Institut (USA)

March 2013

Cyber Defense - Essential Security 512

SANS Technology Institut (USA)

March 2012

Coaching successful team

Inspiraction (Canada)

March 2013

Change Management

GRID Institut

2007

Management of technologies

Institut of technology, Université Paul Cézanne, Marseille (France)

September 2006
Bachelors Degree

Computer Design

IMCA (France)

1991 to 1992
Mediterranean Institute of Communication and Audiovisual

Industrial Design

Jean-Perrin College (France)

1988 to 1990
Associate Degree