Natural Leader and Influencer, Solutions & Result-Oriented Executive, Recognized for Successfully Managing Complex Business and Technology Challenges. Over 20 years experience in Technology Team Management, Architecture and Risk, Cybersecurity, Governance, Compliance, Business Transformation and Program Management, International Experience (Europe and North America)
Experienced in the following fields: Telecommunications, Financial Services, Transportation, Aeronautics, Space and Defense, Entertainment, Public Administration.
Author of BestSeller books about IT Governance & IT Management
Career: 2018 Senior Director, Information Security (CISO) (Cogeco) - Canada / US
2016 Stream Lead, GRC Project (CN) - Canada
2014 Senior Consultant IT Security (Cirque du Soleil) - Canada / US
2012 Director, IT Security Engineering (Desjardins Bank) - Canada
2011 Director, IT Security Architecture (Desjardins Bank) - Canada
2010 Team Lead, IT Compliance and Security (Desjardins Bank) - Canada
2007 Senior Advisor, IT Compliance (Desjardins Bank) - Canada
2004 Senior Consultant, IT Management & Governance (Nudata, Smurfit Group, Kenzo, ...) - Europe
1999 Founder and CEO (Hypsoneack) - Europe
1997 Director, Corporate Digital Publication (Conseil General des Bouches-du-Rhône) - Europe
1992 Manager, Software Integration and Support (Orkis) - Europe
Advise and support companies to create a better secure environment to be more resilient against Cyber Threats.
Food Industry (client 6,13 B$ usd revenues) Conduct a cybersecurity governance (CSG) transformation ● Identify Business needs ● Identify and document Business and Cyber Risks using FAIR ● Design GSG capabilities ● Design Key processes
For Banking Industry (client 6,3 B$ usd revenues) Define and deploy a crisis management framework ● Work in closed collaboration with the Chief Privacy Officer Team ● Define and document 10 key questions that the regulator likely to ask in case of PII leak ● Identify the gap and document the processes the bank must have in place
For Banking Industry (client 14,6,3 B$ usd revenues) Define a governance structure for physical security transformation program ● Define Governance Charter, Role and responsibilities, collaboration processes with the Stakeholders
For Manufacturing sector (client 100 M$ usd revenues) Conduct a cybersecurity maturity assessment ● Conduct interviews in 4 differents country (US, Canada, Germany, France) and analyse documentation ● Define recommendations and roadmap ● Provide Executive report and present to the Board
For Energy Sector (client 1,3 B$ usd revenues) Conduct a NIST CSF and vulnerability assessment ● Conduct interviews in 6 companies owned by the parent company (US, Canada) ● Benchmark results against peers and cyber threat landscape ● Define recommendations and roadmap ● Provide Executive report and present to the Board
For Pulp and Paper industry (client 1,2 B$ usd revenues) Define a cybersecurity program transformation ● Work in closed collaboration with the CIO ● Define the target state and do gap analysis against current state ● Design a 3 years program, with the first year budget, technology, and organizational structure ● Identify all projects and prioritize them based on the risk
Recruited World Class Talent (23 resources), 16 of which within first 3 months of approval
Approval of the Cybersecurity Management Model by CTO, CIO, CFO and Board within 6 months of nomination
Deployed Security Frameworks at the Strategic, Tactical and Operational Levels (NSIT / FAIR / CIS / ITIL / MaGMa) within 1 year
Delivered Security Program, Project and Activities to Roadmap Milestones in addition to Unplanned 360 project contributions delivered to business projects in 2019.
Build and Deploy Fusion Center (Soc Next Generation) with Chronicle, Forseti Security, Splunk, Qualys, Cortex, Terraform, Ansible, Crowdstrike
Implemented Cloud Security and DevSecOps practice throughout the Google Cloud Platform (adoption rate of 100% in 1 year)
Deployed Secure Coding Practice (Processes & Tools)
First known Cybersecurity team fully gender-balanced on day 1 in Canada
All team members Certified Itil Foundation, Google Cloud Platform Fundamental, and Agile within 12 months.
Voted Best Team with Mobilization rate (83%) in 2020 within the organisation
Build and Deploy Development Security Team for Advance Security Application Development
Rebuilt Cybersecurity Framework and Practices, Updated Policies and Standards
Secure Cirque’s shows technologies Ensure that technologies used by shows (Sound, Light, Automation, Projection and SFX) are secure.
Identify and define IT security measures
Deploy IT Security controls on shows (World Wide)
Implement Self-assessment and annual audit process
Implement IT Security training portal
Define and implement SIEM Next Generation. Replace RSA Envision platform by new generation: Alien Vault
Identify business needs and security requirements.
Complete RFP, vendor Analysis and product selection.
Complete architecture and detail design
Cloud Security (Microsoft Azur) Set IT security requirements for Cloud in IAAS mode, PAAS, SAAS.
Identify business needs and security requirements
Define and implement IT security standards with the architecture and operations groups
Define and implement Disaster Recovery Plan for the Cirque du Soleil website and all its micro sites (12) hosted on Microsoft's Azur Platform.
Achieve IT Security Audit
Define and implement strategic IT security pan,
Define and execute 4 security audits (Cloud, High Privilege Access, Servers in production, Development)
Produce reports and recommendations
Manage remediation plans
Define and implement application security development methodology
Design an application development security framework based on OWASP
Deliver application development security standards and development guide
Identify business needs and security requirements
Complete RFP, vendor Analysis and product selection (Veracode, WhiteHat, Synopsis)
Anonymize data production for development.
Identification of critical data (PII), define the rules of anonymization, write a reference guide for developers.
Execute IT Security Risk Analysis methodology
Provide Technological risk analysis for projects and major events management
Identify threats, probability of contact, attack surface, defensive measures, direct and indirect impacts.
IT Security Framework
Design a new IT Security framework (strategic, tactical and operational)
Define roles and responsibilities
Review corporate and administrative security policies
Write 10 new IT security standards and 6 operational guides
Design and implement a tool to manage and share security documents
Manage security requirements alignment to business needs.
Management
As member of TPG Cyber-Security Council, share cyber security trends experience and analysis with CSO TPG Capital companies (Uber, AirBnB, Burger King, Lenovo, McAfee, etc )
Define key performance indicators to measure the security program- Produce monthly performance dashboards.
IT Security Strategic plan:
Define strategic security plans (Roadmap 3 years)
Analyse security needs in regards of new threats.
Analyse technological enterprise orientation and outdated equipment.
Define and operationalize the security policies for the design and operation phases (NIST / ISO 27002). Result: Increase efficiency and consistency during the detailed design phase of the security features.
Define KPI, Dashboard and Reports
Change Management
Business Unit Mission statement
Define services & delivery processes
Restructure team
Define of roles and responsibility
Security Enginery Services Management
Engineering of protection systems (Anti-Virus, Anti-Spam, Web Filtering, Firewall next generation, IDS / IPS, WIPS)
Contribution to over 200 business projects per year.
Performance Management
Unit operational under three months
Increase the volume of contributions (120> 200 projects) without increasing staff
Best financial results in the vice presidency (income of $ 1.6 million in 2014)
Fluidisation of security interventions in projects by defining a RACI between architecture and engineering activities.
Resource management
Budget management
Financial Planning
Team Management (30 employees)
Recruiting
Enhance team skills by setting up a specific training program.
Mandate: Design a management framework for SOX compliance (Client : L'Oreal Group) . Scope and requirements analysis, define and details Compliance Controls (Cobit)
IT Governance
Mandate : Define IT management processes, Role & Responsibility, Committees, Key indicators. (Client : Confidential / sector : Defense.
Asset Optimisation System
Mandate: Reduce the number widths production in factories. (Client : Smurfit Group). Design a calculation system to optimize production Width sizes. Develop and integrate algorithms. Provide User training.
Mandate: Define functional requirements for sales systems in developing territories (Client : Kenzo). Define functional requirements for integration in Salesforce. Write details specifications.
IT Strategic plan
Mandate: Define Technology road map for Control & Compliance management (Client : Total).
Define and implement working processes & practices
Define and Implement growth strategy and financial structure
Develop business opportunities (business development) customers relations
Manage Human resources
Manage business successfully during global financial crisis (2001).
Manage selling company process
Software & Web Development
Manage Software and Web technologies
Define and implant development practices
Digital Marketing
Manage E-business, Web, Digital marketing projects. Clients : European Photo agencies of Hachette Filipacchi Medias group (Rapho, Magnum Photos, Keystone Hoaqui, TOP ....), Yves Saint Laurent Museum, Neti-Corp (IT Professional Services)
Integrate client-server systems for client with complex architectures and sensitive data. Clients : European Space Center (Support 3 Ariane Flight, including Ariane 5 qualification flight), Commissariat à l'Energie Atomique (CEA), Eurocopter, EADS, CNES
Integrate and operationalize baggage screening systems simulation for the Direction General of Civil Aviation and Airports of Paris.
Data Modeling & Information Structure
Advise Customers for Data modeling
Define & implement Data Modeling services
Customers Support Management
Define and operationalize support processes (incident & problem management)
Work with development teams on problem & functional changes.
Manage Support Team.
Design & Implement Help Desk system.
External Relations Manager
Develop corporate communication
Design and produce marketing materials.
Manage Events (Apple Expo / International Days of Photography, etc ...).