|
Degroof-Petercam: Group CISO (Chief Information Security Officer)
|
since Jun 2017 |
- Definition and implementation of the Information Security Policies of the Group Degroof-Petercam.
- Liaison with and oversight of the local entities.
- Continuous assessment and monitoring of risks and definition of remediations.
- Design and conduct of a group-wide awareness program.
- Definition and management of security projects.
|
|
ING Belgium: Head of Information Risk Management, Retail and Commercial Banking
|
Oct 2013 - Jun 2017 |
- Independent assessment of Confidentiality, Integrity
and Availability requirements of ING Belgium Retail and Commercial
Banking business services.
- Independent assessment of IT risks in business projects.
- Monitoring and Reporting on IT and non-IT risks of
Retail and Commercial Banking value chains.
|
|
|
ING Belgium: Head of Information Risk Management, Retail
|
Jun 2012 to Oct 2013 |
- Independent assessment of Confidentiality, Integrity
and Availability requirements of ING Belgium Retail
business services.
- Independent assessment of IT risks in business projects.
- Monitoring and Reporting on IT and non-IT risks of the
Retail value chains.
|
|
MasterCard Worldwide, USA:
Senior Business Leader, Information Security Operations
|
Oct 2010 - Mar 2012 |
- Enforcement of information and data security policies:
Clear Desk, Data Leakage Prevention, Identity Management,
Awareness and Education. Providing internal customers with
expertise in Internal Control. Information Security
Helpdesk.
- Monitoring of and timely reaction to security events.
Management and oversight of third party vendors and security
providers.
- Administration and set-up of the technical tools used for
security monitoring (IDS/IPS, database monitoring system,
internal and external vulnerability scanners, etc.) Handling
level 2 and 3 escalation and providing response to identified
security incidents. Penetration testing of internal and
externally hosted application. Security Intelligence
gathering and reporting.
|
|
|
MasterCard Worldwide, Belgium:
Business Leader and
Senior Business Leader, Information Security |
Nov 2002 - Sep 2010 |
- Following activities managed for Europe and outsourced IT
Operations and Development centre in India (650+ FTEs):
Awareness and Education, Host and Network Security
Engineering, Detection and Response including forensic
investigations, Identity Management, localization of the
various Global Security Policies and Standards, Audit and
Control of MasterCard vendors or third party companies in
the context of M&A (Security Due Diligence process),
etc.
- Issuance of MasterCard specific security standards and
management of related compliance programs, with respect of
payment product manufacturers.
- Design, issuance and maintenance of several
PCI security standards, under the umbrella of PCI-PED
(PIN Entry Devices).
- Assessment of risks in projects and daily activities in
order to define appropriate mitigations.
|
|
|
MasterCard Worldwide, Belgium:
Senior IT Auditor |
Mar 2000 - Nov 2002 |
- Audit of the software development process using the
Capability Maturity Model (CMM).
- Audit of Research and Development of new products and
technologies.
- Ongoing compliance audit of the EMV Certificate
Authority.
- And many others !
|
|
|
MasterCard Worldwide, Belgium:
Senior IMS analyst |
May 1998 - Mar 2000 |
- Implementation of tools and procedures based on the ITIL
framework, to support configuration management, change
management, incident management and problem management for
24x7 operations at MasterCard Europe.
|
|
BNP Paribas Fortis, Belgium:
IT auditor |
Dec 1990 - Apr 1998 |
- Audit of the mainframe Production department, audit
follow-up of the implementation project of Windows-NT, IT
Audit of the subsidiaries, Due-diligence and M&A.
- Development and implementation of IT audit training
program for fellow auditors in the department.
|
|
Siemens Software, Belgium:
System analyst |
Sep 1989 - Dec 1990 |
- Graphical interfaces were in their infancy in 1990. I
joined a team that was in charge of a project that intended
to create a graphical interface for the BS2000 mainframe OS.
This project involved among others the design of a complete
C++ class library (the equivalent to what Microsoft later
called MFC).
|
|
TRT-CTI, FR: Intern |
Aug 1988 - Jan 1989 |
- Study and development of cryptographic algorithms (DES,
RSA). Study of smart card functionality and study of
tamper-resistant security modules for PC.
|
- OS: windows, Unix OS (Linux,
Solaris, HP-UX).
- DB: Oracle, MySQL.
- Programming: C, C++, PL/SQL, Shell
scripting, awk, sed, Pascal, Cobol.
- Security: IEEE 802.11 security,
network security, security policies, ISO2700x, ISAE3402, PCI-DSS,
PCI-PTS TCP/IP, SSH.
- Control frameworks: COBIT, COSO, CIS-20, NIST, ISO27001 ...
- Productivity: MS Office (Excel,
Access, Word, Powerpoint), Openoffice & Libreoffice suites.
|
