Experience

  • Head of Data Security

    at East-West United Bank

    May 2019 - at Present

    District de Luxembourg

    • Head of Data Security in charge of all security and GDPR aspects to ensure and protect personal data at employees and clients level. • Develop and implement a BCP/DRP program, design and manage Business Continuity and Disaster Recovery plans and procedures. • Coordinated Business Impact Analysis, Disaster Recovery, and Business Continuity plans and testing • Implementation of GDPR solution to manage day to day tasks of the DPO • Development of a data classification policy and implementation of a solution to classify sensitive bank data, • Implementation of a solution to manage and respond to any security incidents and follow investigation process in case of breaches. • Development and implementation of GDPR Framework. Main achievements: Implementation of GDPR Solution for DPO to manage: Implementation of eLearning Solution Implementation of Data classification solution

  • Chief Information Security Risk Officer

    at Catella Bank

    July 2018 - April 2019

    District de Luxembourg

    • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program, • Maintain the Information Security to be in line with regulations, company standards and business agreements. • Act as incident manager during Information security incidents. • Responsible for supervise implementation and setup of Data Classification Solution, • Managing the prevention and resolution of security breaches, initiating required incident and problem management processes to ensure compliance to Information Security Management Policy. • Presenting the findings to the business, CRO, CIO and advise of new measures required to prevent reoccurrence of similar breaches • follow-up of investigations in case of breaches. Main achievements: Managing SOC with IT and Provider Implementation of Identity and Access Governance (IAG) solution Define, improve, and test BCP / DRP Implementation of Data classification solution

  • Head of Information Security department

    at Aubay Luxembourg

    January 2017 - June 2018

    District de Luxembourg

    Consultant BCP/DRP (La Baloise) • Review the BCP/DRP plans, scenario, • Review the BIA, processes and procedures PROJECT MANAGER GDPR (PWC & Circuit Foil) • Support for the implementation of GDPR solutions (Governance, Data identification, Risk analysis, etc…), Written procedures for Breach notification, Privacy by Design (PWC). PROJECT MANAGER GDPR (Circuit Foil) • Privacy by Design, Data Breach, Identity & Access Governance (Circuit Foil) • Support a customer to identify and resolve non-conformity identified at the GDPR level (Circuit Foil). SECURITY AWARENESS TRAINING (CA Indosuez) MANAGEMENT (CALIE) • Support for a client to choose and implement an Identity & Access Governance solution PROJECT MANAGER IMPLEMENTATION SOC solution (POST) • Customer support for SOC implementation GDPR PROJECT MANAGER AUBAY EUROPE • Support Aubay at European business operations level (sales, services & solutions, delivery, IT,...) in compliance, privacy, or security-related issues.

  • Head of Information Security & Risk Management

    at Pictet & Cie

    August 2015 - December 2016

    District de Luxembourg

    • Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks. • Provide leadership and direction whenever necessary in the execution of the key area processes related to the provision of Corporate Security, Safety and Business Continuity services at Pictet Group. • Oversee incident response planning as well as the investigation of security breaches. • Define security policies and controls during projects. • Deliver services that meet regulatory specifications. Main achievements : • Oversee incident response planning and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary. • Implementation of an IT compliance committee to work closely with senior management and IT management to ensure that the objectives of information security are managed in time.

  • Chief Information Security Officer

    at Bank J. Safra Sarasin

    January 2008 - July 2015

    District de Luxembourg

    Managed logical access control systems, including the AS/400, Avaloq, Swift and various other platforms, as well as application specific security systems. • Define and elaborate the information security strategy at Group level. • Develop and review risk management processes on a regular basis. • Establish and maintain information security policies that support business goals and objectives. • Define the needs and assess the most appropriate solution to fit the information security governance framework at Group level. • Coordinated Business Impact Analysis, Disaster Recovery, and Business Continuity plans, programs, and testing. • Design, elaborate and implement processes for detecting, identifying and analyzing security related security events. Main achievements • Implementation of comprehensive encryption across platforms and devices where encryption process is transparent for secure collaboration.

  • Chief Information Security Officer

    at Fideuram Bank Luxembourg

    September 2001 - December 2007

    District de Luxembourg

    • Design, plan and implement comprehensive security architecture. • Establishing and implementing security policies, procedures, standards and guidelines (ISMS). • Implement security strategies and develop policies and procedures using standards (NIST, ISO 27002 & 27001). • Perform periodic vulnerability and system penetration tests. • Design and manage Business Continuity and Disaster Recovery plans and procedures. • Working with other high-level executives to establish disaster recovery (DR) and business continuity plans. • Provided guidance on developing, implementing and effectively managing security processes and programs (BCP, Incident Response Planning, Risk Management, Vulnerability Management, and Privacy). • Perform risk assessments across the business and provide recommendations to mitigate the identified risk. Main achievement • Developed and implemented ISMS (ISO 27001 & ISO 27002) for the bank. • Developed and implemented a BCP/DRP program.

  • Senior Consultant

    at CTG Luxembourg

    August 2000 - August 2001

    District de Luxembourg

    • Staff management, incl. hiring (technical capabilities) and budgeting. • Analysis of customers’ infrastructure and proposal to improve their operational processes. • Project leader for the migration of Domino servers and Lotus Notes client (from R4 to R5) in our customers’ infrastructures. • Project management: implementation of mail server solutions, development and customization of Lotus Notes databases. • Negotiation and follow up of customers’ contracts and their licenses (including proposals, SLAs, etc.). • Negotiation and follow up of providers’ contracts (Lotus Notes and Microsoft). Main Achievement • Creation of a Lotus Notes Competence Center: coaching and leading 15 experts and proposing, coordinating and prioritizing new activities.

  • LAN Administrator & IT Security Officer

    at EY Luxembourg

    April 1992 - July 2000

    District de Luxembourg

    LAN o Manage and maintain DOS workgroups, Novell Netware 3.x/4.x servers & Windows NT4 & 2000. o Manage day-to-day tasks of company network and systems. o Design and implement company e-mail servers (Lotus Notes). Information Security o Implement multi-layered firewalls and conduct regular security audits. o Update policies, procedures and applications o Prepare incident and project status reports to Management.

Education

  • Master en Management de la Sécurité des Systèmes d'Informations

    at Université Luxembourg

    2014 - 2016 (2 years) District de Luxembourg

  • CRISC

    at ISACA

    2010 - 2010 (1 year) District de Luxembourg

  • ISO 27001

    at LSTI

    2007 - 2007 (1 year) Île-de-France

  • Enseignement Supérieu

    at Izel

    1985 - 1987 (2 years) Walloon Region

Knowledge and keywords

Languages

  • English Conversation

  • French Native

Hives