Experience — Frederic Georgel

About Me

Natural Leader and Influencer, Solutions & Result-Oriented Executive, Recognized for Successfully Managing Complex Business and Technology Challenges. Over 20 years experience in Technology Team Management, Architecture and Risk, Cybersecurity, Governance, Compliance, Business Transformation and Program Management, International Experience (Europe and North America)

Experienced in the following fields: Telecommunications, Financial Services, Transportation, Aeronautics, Space and Defense, Entertainment, Public Administration.

Author of BestSeller books about IT Governance & IT Management

Career:
2018
Senior Director, Information Security (CISO)
(Cogeco) - Canada / US

2016
Stream Lead, GRC Project
(CN) - Canada

2014
Senior Consultant IT Security
(Cirque du Soleil) - Canada / US

2012
Director, IT Security Engineering
(Desjardins Bank) - Canada

2011
Director, IT Security Architecture
(Desjardins Bank) - Canada

2010
Team Lead, IT Compliance and Security
(Desjardins Bank) - Canada

2007
Senior Advisor, IT Compliance
(Desjardins Bank) - Canada

2004
Senior Consultant, IT Management & Governance
(Nudata, Smurfit Group, Kenzo, ...) - Europe

1999
Founder and CEO
(Hypsoneack) - Europe

1997
Director, Corporate Digital Publication
(Conseil General des Bouches-du-Rhône) - Europe

1992
Manager, Software Integration and Support
(Orkis) - Europe

Resume created on DoYouBuzz

Experiences

Advise and support companies to create a better secure environment to be more resilient against Cyber Threats.
Food Industry (client 6,13 B$ usd revenues)
Conduct a cybersecurity governance (CSG) transformation
● Identify Business needs
● Identify and document Business and Cyber Risks using FAIR
● Design GSG capabilities
● Design Key processes

For Banking Industry (client 6,3 B$ usd revenues)
Define and deploy a crisis management framework
● Work in closed collaboration with the Chief Privacy Officer Team
● Define and document 10 key questions that the regulator likely to ask in case of PII leak
● Identify the gap and document the processes the bank must have in place

For Banking Industry (client 14,6,3 B$ usd revenues)
Define a governance structure for physical security transformation program
● Define Governance Charter, Role and responsibilities, collaboration processes with the Stakeholders

For Manufacturing sector (client 100 M$ usd revenues)
Conduct a cybersecurity maturity assessment
● Conduct interviews in 4 differents country (US, Canada, Germany, France) and analyse documentation
● Define recommendations and roadmap
● Provide Executive report and present to the Board

For Energy Sector (client 1,3 B$ usd revenues)
Conduct a NIST CSF and vulnerability assessment
● Conduct interviews in 6 companies owned by the parent company (US, Canada)
● Benchmark results against peers and cyber threat landscape
● Define recommendations and roadmap
● Provide Executive report and present to the Board

For Pulp and Paper industry (client 1,2 B$ usd revenues)
Define a cybersecurity program transformation
● Work in closed collaboration with the CIO
● Define the target state and do gap analysis against current state
● Design a 3 years program, with the first year budget, technology, and organizational structure
● Identify all projects and prioritize them based on the risk

Company website

https://www.ey.com/en_ca/people/frederic-georgel

Recruited World Class Talent (23 resources), 16 of which within first 3 months of approval
Approval of the Cybersecurity Management Model by CTO, CIO, CFO and Board within 6 months of nomination
Deployed Security Frameworks at the Strategic, Tactical and Operational Levels (NSIT / FAIR / CIS / ITIL / MaGMa) within 1 year
Delivered Security Program, Project and Activities to Roadmap Milestones in addition to Unplanned 360 project contributions delivered to business projects in 2019.
Build and Deploy Fusion Center (Soc Next Generation) with Chronicle, Forseti Security, Splunk, Qualys, Cortex, Terraform, Ansible, Crowdstrike
Implemented Cloud Security and DevSecOps practice throughout the Google Cloud Platform (adoption rate of 100% in 1 year)
Deployed Secure Coding Practice (Processes & Tools)
First known Cybersecurity team fully gender-balanced on day 1 in Canada
All team members Certified Itil Foundation, Google Cloud Platform Fundamental, and Agile within 12 months.
Voted Best Team with Mobilization rate (83%) in 2020 within the organisation
Build and Deploy Development Security Team for Advance Security Application Development
Rebuilt Cybersecurity Framework and Practices, Updated Policies and Standards
Innovative Awareness campaign deployed (videos, posters)
Design and Deploy Bespoke Automated Incident Response Solution
Increase the efficiency and responsiveness of Operational Security Center (Fusion Center) by 100%
Increase detection capability increased by more than 300% in 1 year
Chairman of Cybersecurity Governance Committee
Member of Canadian Security Telecommunications Advisory Committee
Member of Cablelabs Security Group

Company Description

Cogeco Inc. is a Canadian telecommunications and media company headquartered in Montreal, Quebec, which serves residential and commercial customers through various subsidiaries. The company provides cable television, telephone, and Internet connectivity services to consumers in parts of Ontario, Quebec, and some regions of the United States.

Company website

http://www.cogeco.com

GRC Strategy
- Define Governance approach
- Define Risk approach
- Define Compliance approach
- Identify required capabilities
Implement FAIR Model (Quantitative Risk)
- Analyze and Select Risk Methodology
- Train People on FAIR Methodology
- Implement FAIR in GRC Functions
- Attach FAIR with Cyber Intelligence Process
Design GRC Functional Architecture
- Identify GRC Key Functional Blocs
- Define functional architecture for GRC next generation (Risk Based Approach)
- Define Data Workflow
- Define CI Structure
- Managed GRC Processes with Business Analyst
- Managed GRC Architecture
GRC Tools
- Complete RFP
- Define selection process
- Analyze and evaluate Solutions
- Select Vendor (MetricStream)
Advise Management for GRC Team
- Define Professional profiles and skills to operate GRC Platform.

Company Description

Canadian National (CN; French: Canadien National ) is a Canadian Class I freight railway headquartered in Montreal, Quebec that serves Canada and the Midwestern and Southern United States.

Company website

http://www.cn.ca

Secure Cirque’s shows technologies
Ensure that technologies used by shows (Sound, Light, Automation, Projection and SFX) are secure.
- Identify and define IT security measures
- Deploy IT Security controls on shows (World Wide)
- Implement Self-assessment and annual audit process
- Implement IT Security training portal
Define and implement SIEM Next Generation.
Replace RSA Envision platform by new generation: Alien Vault
- Identify business needs and security requirements.
- Complete RFP, vendor Analysis and product selection.
- Complete architecture and detail design
Cloud Security (Microsoft Azur)
Set IT security requirements for Cloud in IAAS mode, PAAS, SAAS.
- Identify business needs and security requirements
- Define and implement IT security standards with the architecture and operations groups
- Define and implement Disaster Recovery Plan for the Cirque du Soleil website and all its micro sites (12) hosted on Microsoft's Azur Platform.
Achieve IT Security Audit
- Define and implement strategic IT security pan,
- Define and execute 4 security audits (Cloud, High Privilege Access, Servers in production, Development)
- Produce reports and recommendations
- Manage remediation plans
Define and implement application security development methodology
- Design an application development security framework based on OWASP
- Deliver application development security standards and development guide
- Identify business needs and security requirements
- Complete RFP, vendor Analysis and product selection (Veracode, WhiteHat, Synopsis)
- Anonymize data production for development.
- Identification of critical data (PII), define the rules of anonymization, write a reference guide for developers.
Execute IT Security Risk Analysis methodology
- Provide Technological risk analysis for projects and major events management
- Identify threats, probability of contact, attack surface, defensive measures, direct and indirect impacts.
IT Security Framework
- Design a new IT Security framework (strategic, tactical and operational)
- Define roles and responsibilities
- Review corporate and administrative security policies
- Write 10 new IT security standards and 6 operational guides
- Design and implement a tool to manage and share security documents
- Manage security requirements alignment to business needs.
Management
- As member of TPG Cyber-Security Council, share cyber security trends experience and analysis with CSO TPG Capital companies (Uber, AirBnB, Burger King, Lenovo, McAfee, etc )
- Define key performance indicators to measure the security program- Produce monthly performance dashboards.
IT Security Strategic plan:
- Define strategic security plans (Roadmap 3 years)
- Analyse security needs in regards of new threats.
- Analyse technological enterprise orientation and outdated equipment.

Company Description

Cirque du Soleil is a Canadian entertainment company specializing in artistic contemporary circus.

Company website

https://www.cirquedusoleil.com

Unit Management
- Create Security Engineering Department
- Implement Security Engineering Practices
- Define and operationalize the security policies for the design and operation phases (NIST / ISO 27002). Result: Increase efficiency and consistency during the detailed design phase of the security features.
- Define KPI, Dashboard and Reports
Change Management
- Business Unit Mission statement
- Define services & delivery processes
- Restructure team
- Define of roles and responsibility
Security Enginery Services Management
- Engineering of protection systems (Anti-Virus, Anti-Spam, Web Filtering, Firewall next generation, IDS / IPS, WIPS)
- Contribution to over 200 business projects per year.
Performance Management
- Unit operational under three months
- Increase the volume of contributions (120> 200 projects) without increasing staff
- Best financial results in the vice presidency (income of $ 1.6 million in 2014)
- Fluidisation of security interventions in projects by defining a RACI between architecture and engineering activities.
Resource management
- Budget management
- Financial Planning
- Team Management (30 employees)
- Recruiting
- Enhance team skills by setting up a specific training program.

Company Description

The Mouvement des Caisses Desjardins is a movement of savings and credit cooperatives with 6 million members, including 400,000 businesses, 45,000 employees, and manage assets of 210 billion Canadian dollars.

Company website

https://www.desjardins.com

Unit Management
Rebuild the unit after more than 18 months without a Director in place.
- Manage activities in start-up mode.
- Reorganize teams and practices.
- Stop gap of financial losses and release of first revenues ($ 0.5 million / 2011 - $ 1M / 2012)
- Increase mobilization rate over than 30%.
- Define KPI, Dashboard and Reports
Security Architecture Management:
- Review and improve the security framework: update of all Security Architecture Policy. Implement the SANS security framework.
- Define evolution of the security architecture strategy roadmap.
Activity processes Management
- Redefine activities processes
- Implement security architecture committee review
- Define roles and responsibilities
- Increase customer satisfaction rate by 40%.
Critical Security Systems Management
- Design and implement Operational Security Center (Arcsight / Mcafee EPO). Monitoring of 70 000 devices in 2014.
- Consolidate Firewalls with new technology.
- Redefine IT security perimeter.
- Implement Juniper technology.
- Reduce the number of firewalls, rules consolidation, reduce the operation and maintenance costs, increased the firewalls capacity.
Management tool
- Define and implement advanced management tools
- Increase performance of service delivery by 33% (80> 120 projects)
Resource management
- Budget management
- Financial Planning
- Team Management (25 Employees)
- Recruiting
- Enhance team skills by setting up a specific training program.

Company Description

Company website

https://www.desjardins.com

Define IT Security requirements and controls related to technological transformation programs:
- Network and telephony contract negotiation with Bell
- IT Operations contract negotiation (IBM, Compucom, Ecosys)
- Printing contract negotiation (RR Donnelley)
- Decrease IT Security and Compliance operating costs by $ 2 million/year.
Define security requirements related Governance, Risk and Control (GRC)
- Describe detailed requirements of a GRC tool
- Design functional requirements definition (UML)
- Write details specifications
Negotiate contractual agreements with outsourcing vendors
- Establish contractual requirements of management processes for service supplier (IBM)
- Define Process Management Interface for IT security and compliance.
Design and implement IT Governance
- Identify governance rules applicable.
- Design governance framework with Deloitte.
- Implement framework with all Desjardins VP IT.

Company Description

Company website

https://www.desjardins.com

Harmonize IT Compliance approach. Define compliance strategic plans
- Analysis requirements and scope of intervention,
- Establish a roadmap and support strategy
- Deliver IT Security requirements and compliance controls unified management (5970, 52-109, 3416, PCI)
Reduce compliance cost by setting up the first multi-compliance framework
- Reduction of internal management efforts by 20 to 30%.
- Reduction of expensive third-party providers operating direct cost by 25%.
Audit Management (internal and external verification)
- Manage observation reports, define mitigation plan.
- Reduce the number of recurrent observation and improved support.
Basel Regulation compliance:
- Identify controls and connections in scope with the personal risk (R1)
- Implement specific controls with the service supplier (CGI)
- Basel agreement completed with success.
Unify controls with third party suppliers
- Define a common framework of compliance controls for all suppliers.
- Unify controls practice.

Company Description

Company website

https://www.desjardins.com

IT Compliance
- Mandate: Design a management framework for SOX compliance (Client : L'Oreal Group) . Scope and requirements analysis, define and details Compliance Controls (Cobit)
IT Governance
- Mandate : Define IT management processes, Role & Responsibility, Committees, Key indicators. (Client : Confidential / sector : Defense.
Asset Optimisation System
- Mandate: Reduce the number widths production in factories. (Client : Smurfit Group). Design a calculation system to optimize production Width sizes. Develop and integrate algorithms. Provide User training.
- Mandate: Define functional requirements for sales systems in developing territories (Client : Kenzo). Define functional requirements for integration in Salesforce. Write details specifications.
IT Strategic plan
- Mandate: Define Technology road map for Control & Compliance management (Client : Total).

Detailed Description

.
Client: Kenzo
Mandate: Define functional requirements for sales systems in developing territories (Asia and Eastern Europe)
- Define functional requirements for integration in Salesforce
- Write details specifications.
  .

Business Management
- Create the company
- Define company's services
- Define and implement working processes & practices
- Define and Implement growth strategy and financial structure
- Develop business opportunities (business development) customers relations
- Manage Human resources
- Manage business successfully during global financial crisis (2001).
- Manage selling company process
Software & Web Development
- Manage Software and Web technologies
- Define and implant development practices
Digital Marketing
- Manage E-business, Web, Digital marketing projects. Clients : European Photo agencies of Hachette Filipacchi Medias group (Rapho, Magnum Photos, Keystone Hoaqui, TOP ....), Yves Saint Laurent Museum, Neti-Corp (IT Professional Services)

Company Description

Web & Development agency

Transform publications systems
- Design & implement new Editing systems
- Upgrade work practices & production processes
Ensure digital platforms development
- Develop and implement the first Corporate website
Oversee external communication design
- Manage marketing campains, publication of annual reports, magazine.

Detailed Description

Upgrade work practices and technology (workstation, digital printing systems).
.
Develop and implement the first website
.
Manage Projects, campaigns, publication of annual reports, magazine.

Company Description

Conseil General des Bouches-du-Rhône is a Departemental administration in charge of : social action, roads, education, intercity transportation, public reading, departmental archives, assistance to rural communities ...

Company website

https://www.cg13.fr

Systems Integration
- Integrate client-server systems for client with complex architectures and sensitive data. Clients : European Space Center (Support 3 Ariane Flight, including Ariane 5 qualification flight), Commissariat à l'Energie Atomique (CEA), Eurocopter, EADS, CNES
- Integrate and operationalize baggage screening systems simulation for the Direction General of Civil Aviation and Airports of Paris.
Data Modeling & Information Structure
- Advise Customers for Data modeling
- Define & implement Data Modeling services
Customers Support Management
- Define and operationalize support processes (incident & problem management)
- Work with development teams on problem & functional changes.
- Manage Support Team.
- Design & Implement Help Desk system.
External Relations Manager
- Develop corporate communication
- Design and produce marketing materials.
- Manage Events (Apple Expo / International Days of Photography, etc ...).
- Design and write publications.

Detailed Description

Integrate client-server systems for customers with complex architectures and sensitive data:
- Kourou Space Centre, Operating (system administrator on 3 launches, including qualification flight)
- Commissariat à l'Energie Atomique (CEA)
- Eurocopter, EADS, CNES
- Integrate and operationalize baggage screening systems simulation for the Direction General of Civil Aviation and Airports of Paris.
  .
Managing customer support
- Define and operationalize support processes (incident & problem management)
- Work with development teams
- Manage Support Team.
- Design & Develop Help Desk database system.
  .
Develop & Manage Corporate Communication
- Design and produce marketing materials.
- Manage Events (Apple Expo, etc ...).
- Design and write technical documentation.

Company Description

Software company specialized in Digital Asset Management

Company website

http://www.orkis.com

Gouvernance, Audit et sécurité des TI (Governance, Audit and IT Security)
Book for Sherbrooke University / French
Éditeur : CCH, 2008
IT Gouvernance : Maîtrise d’œuvre d’un système d’information
Éditeur : Dunod / 01 Informatique 2005 (3e édition 2009) - Best Seller 2006/2007
IT Gouvernance : par où commencer?
Éditeur : Information & Systèmes (2005)

Your browser is outdated!

Frederic Georgel

Cybersecurity, Risk, Technology, Transformation,

Associate Partner

Senior Director, Information Security (CISO)

Stream Lead, GRC Next Generation (mandate)

Senior Consultant , IT Security (mandate)

Director, IT Security Engineering

Director, IT Security Architecture

Team lead, IT Compliance and Security

Senior Advisor, IT Compliance

Senior Consulant, IT Management & Governance (Mandates)

Founder and CEO

Director, Corporate Publication

Manager, Integration and Support

Publications