Corporate Advisory
Helping leaders and their teams make informed
risk decisions and improve business performance
In a nutshell
Background
When I started to work in the advisory industry, my initial core focus had been corporate risk management with a wide international scope and within the context of internationalization and market access strategy. Over the years, I have been specializing in cyber risk management and I now help manage cyber risk & information security within the broader context of enterprise risk management & integrated risk management..
Line of work
Firmly convinced that proactively managing risks is a driver of value, I have been striving to integrate cyber security into enterprise risk management. This is why I favor a multi-stakeholder approach that is bringing business sense to cyber risk with the aim of achieving cyber resilience. As cyber security is not just a technology risk but rather an enterprise risk, I also like to emphasize the human component of cyber risk.
Achievements
Throughout my work experience in the advisory industry, I have been helping companies of all sizes in various types of industries and in different countries. This versatile experience often coupled with intercultural dimensions has enabled me to feel comfortable working across silos at different levels of the organization, whether with C-level executives or business lines, business management teams and IT departments, and across corporate geography.
Background
I have been working in the advisory industry since 2005. I first started to work for a French risk management firm operating internationally where I handled issues such as information assets protection, fight against online counterfeiting, E-reputation, country risks and competitive risks. One of my first assignments was for a Telco company going beyond borders in a highly regulated area. This initial professional experience has enabled me to see the value in managing risks and has given me a taste for advising and helping businesses achieve their objectives.
When I set up later on my own advisory boutique, I have been focusing on managing risks in international contexts especially for highly regulated industries and within a geographical scope mostly dedicated to Europe and the Asia-Pacific region. Over the years, I have been more and more involved in risk management issues around information security and competitive intelligence especially within the framework of internationalization, market access and cross-border M&A operations.
Over time, I realized that it would make sense to deepen my scope of action in the field of information security and cyber security especially as it has a strong external dimension, i.e. not solely an internal spectrum. Today, I am working on both external and internal aspects of risk and cyber risk management.
Line of work
My line of action in the advisory industry revolves around cyber security & information security and strategy & risk management at internal corporate level, within the context of value chains and ecosystems as well as across corporate geography.
⇛ In the field of cyber security & information security strictly speaking, I focus my efforts on bringing value regarding:
◉ Assistance to IT security managing teams
◉ Managing and implementing security governance (ISO 27001-27002)
◉ Formulating security policies
◉ Carrying out information security risk assessments (ISO 27005, EBIOS, NIST)
◉ Security management in projects
◉ Assistance to compliance (ISO 27001, GDPR, Health data hosting etc…)
◉ Definition of indicators, security dashboards and presentation to decision makers
◉ User security awareness & training and promoting the human component of cyber risk
⇛ In the field of overall strategy & risk management, I focus my efforts on bringing value regarding:
◉ Integration of cybersecurity into enterprise risk management
◉ Working out risk and cyber across silos
◉ Cyber risk assessment and cyber security compliance in international market engagement
◉ Risk and security policy & strategy
◉ Business continuity management
◉ Third-party risk management
◉ Information security governance and performance
◉ Information assets protection strategy
Achievements
I have been helping companies of all sizes in various types of industries and in different countries.
⇛ Hereafter are the sectors in which I have gained experience:
◉ Digital economy
◉ Telcos
◉ Aerospace-Defense
◉ Pharma-biotechnology
◉ Automotive
◉ Energy
◉ Banking-Finance
◉ Agribusiness
⇛ Hereafter are a few examples of assignments I have performed:
In the field of cyber security and information security strictly speaking:
◉ Acting CISO as-a-service for a French company (business line level)
◉ Assistance to ISO 27001 compliance strategy & implementation for a French company (group level)
◉ Assistance to ISO 27001 compliance strategy & implementation for a French company (business line level)
◉ Enterprise risk assessment with a focus on cyber risk assessment for a French company
◉ Information security audit for an overseas branch of a French company
In the field of overall strategy & risk management:
◉ Opportunity & risk assessment of innovation and digital transformation in China including AI, Big Data and new technologies for a French company in the energy sector
◉ Risk assessment of innovation competition and intellectual property in the Asia-Pacific region for a Belgian company in the pharmaceutical industry
◉ Market & competitive risk assessment for a European aerospace company
◉ Providing international best practice advice for framing cybersecurity strategy and policy at national level in Asia
◉ Identification, validation and qualification of prospects and business partners in South Korea for a French company in the field of cyber security