Actuellement : RSSI/CISO pour une banque et précédemment pour une assurance leader mondial.
• Accompagnement projets : Accompagnement des projets métier, s'assurer de la prise en compte de la politique de sécurité dans les projets (security by design), suivi des recommandations sur le cycle de vie du projet.
• Soutient auprès des équipes : Assistance et conseil aux équipes (internes et partenaires), sensibilisation des collaborateurs,
• Gouvernance sécurité : Evaluation du niveau de sécurité, mise en œuvre et suivi des plans d'action, revue des instances de gouvernance.
• Analyses de risques : Amélioration de la démarche de maîtrise des risques, conduite d'analyse de risques.
• Continuité Opération : Revue du PCA, préparation exercice de gestion de crise pour le COMEX.
• Veille : Suivi de l'actualité cybersécurité, des nouvelles vulnérabilités.
u AXA + Natixis Assets Management : Direction d’un programme de test d’intrusions (150 tests commandés sur 2,5 ans), suivi des plans de corrections et renforcement de la sécurité (Diminution de 80% des vulnérabilités d’un SI d’une centaine d’applications sur 2 ans, réduction de 20% de la surface d’attaque).
u Awareness sécurité, expertise de mise en place de la sécurité dans les projets (développements, refonte, RFP, etc.),
u Sécurisation de l’organisation pour ses réseaux (filaires, WIFI), postes de travail, durcissement des serveurs et au sens large de l’infrastructure,
u Data Leakage Prevention, actions diverses d’accompagnement de lutte sur l’évasion intentionnelle d’informations,
u Etablissement et maintient de la cartographie des traitements de données personnelles, classification des données,
u Surveillance de la bonne application du principe de la protection des données dans les projets ou prestations comportant un traitement de données personnelles, intégration des principes lors des analyses de risques,
u Nombreux projets d’alignements de politiques sécurités (PSSI), RACI, KPI du Groupe.
Senior Consultant, expert for strategic alignment, new technology definition and adoption.
Fujitsu Limited is a Japanese multinational information technology equipment and services company offering a diversity of products and services, Fujitsu has approximately 172,000 employees and its products and services are available in over 70 countries (world's third-largest IT services provider).
Various projects with Fujitsu as consultant for Consilium and European Commission (DG Communication) both in Brussels and with a fix-priced approach.
• Commercial offers and team building;
• Kick-off, roles and responsibilities, tasks dispatching;
• Project follow-up (meetings, meetings, deliverables, acceptances).
Projects are related to strategic alignment between business and IT for General Secretariat of Consilium (350 on-site users) and business users requirements and organisation for the next web content management of the European commission (30,000 internal users), methodologies used are Prince2, ITIL, COBIT, VAST & COBIT Risk for risks management, SWOT analysis, critical success factors and balanced scorecard (BSC).
I am also an auditor for Swiss private bankers in Luxembourg for BCP/DRP and continuous improvement.
ATOS is an international information technology services company with annual 2010 pro forma revenues of EUR 8.6 billions and 74,000 employees in 42 countries.
The objective of the Corporate Infrastructure Solutions for Information Systems Service Catalogue is to provide stakeholders with structured information about the services offered by EU from a business point of view. During this project the following tasks were performed:
• Project management and PID writing for Service Portfolio (goals, objectives, stakeholders, risk, …);
• Regular meetings with key users to capture the actual service definition;
• Definition of service portfolio template and dissemination mode towards 40 different units;
• Portfolio metrics and interaction with service desk.
Framework used was ITIL V3, Prince2, no specific tooling.
Déclinaison d’un ERM COSO, COBIT, 27.001, directives de sécurité associées et mesures de contrôles.
u Réalisation de plusieurs PSSI, assessment ISO 27.001/2.
u Définition et suivi des plans d’actions de l’audit interne et externe d’une banque à Luxembourg (150 mesures).
u Montage de dossier en vue d’homologation de sous-systèmes de SI au régulateur national (CSSF) pour des activités de e-Banking.
u Mission de forensic, établissement de la preuve et des contrôles à mettre en place pour une banque à Luxembourg suite à une fraude.
u Mesures de contrôles contre la cybercriminalité et la fraude interne.
u Mise en place d’un plan de continuité pour une banque privée Suisse et aux USA.
u Mise en place d’une fourniture de services via des Managed Services pour le compte de la Commission européenne.
u Support à différents RSSI/CISO (KBL, Commission européenne).
Eurocontrol is the European organisation for the safety of air navigation, is an intergovernmental organisation made up of 39 Member States and the European Community. The goal for this RFP is to outsource all kind of activities actually done by 18 different providers to a unique provider, activities include service desk, studies, coding, testing and maintenance. The business model is ruled on a fix-price basis with service orders based on a service catalogue. Activities in this project were;
• Initialisation and dispatch of activities in the bid team, based on 300 requirements;
• Building the overall strategy to reach the goal, especially in terms of due-diligence, transition, tooling, knowledge and change management;
• Drafting of due diligence description (goals, stakeholders, metrics, timeframe, approach);
• Team leader for due diligence (team of 10 people), dispatch of final due diligence report to Eurocontrol;
• Review of the transition phase and alignment with final due diligence;
• Review of the original bid for the Best and Final Offer (BAFO).
MSP comprises as a set of related service elements aiming at providing hosting services to specific customers, relying on a common infrastructure, operated in a managed way.
MSP is a 5 years contract estimated to 90 Mio/euros for 50 people (Service Desk, DBA, Cold Fusion, Weblogic, BMC Patrol, Business Objects, GIS, LAMP, etc.).
The number of users is estimated to 35,000 located word wild mostly concentrated in Europe, number of servers in main data centre is 1,500, number of buildings is 60.
The ticketing system is Peregrine (customised by IBM for EU) for the management of 55,000 incidents yearly, for problem management and reporting (weekly, monthly and yearly).
PMO, the prime contact for the customer (European Commission – DIGIT), has to setup the core services (PMO and service desk) then to initialise each new managed services (each MS can be viewed as a “work package”). The main goal is to move from a time and means mode to a fix price under SLA, each new managed service shall be operated within a pre-define delay with the customer during a preparation phase.
The service is managed under service level objectives (SLO) then move to service level agreement (SLA) mode, the preparation phase is a transition phase where metrics (KPIs) are measured, improvements are done but no financial penalties can be applied by the customer to the consortium.
In this MSP project, the following tasks where performed;
• Kick-off with officials, setup of regulars internal and external meeting (steering and operational committees), reporting to the EU management;
• Drafting of escalation procedure, with clear responsibilities for each side (RACI) for contractual aspects;
• Establishment of project plan, project initialisation documents (PID) for each new managed services (and impact on service desk such as training or shado...
European company with headquarters located in Luxembourg providing services in the governance area, that I created in March 2009.
Value is the heart of the vision that we share at S&G, especially by reviewing and aligning processes inside the organisation, and by implementing strong reporting for continual improvement, leading to elaborate a real value chain for the organisation.
We are delivery services in the following areas, project management, BPM, audit, risks management, continual improvement, and BSC, strategic alignment between business and IT, outsourcing, staff support, value creation and retention, services portfolio and more … Customers are mainly large-scale organisations, sustainable companies and local financial entities.
As Project Director and consultant, I am focused on project delivery on time and on budget, projects are highly complexes implying soft skills such as diplomacy, stress resilience, involving various stakeholders, requiring an open-minded and positive attitude, ethic, and honesty.