Resume / CV

Overview

Highly experienced, international information security leader with cross-cultural management experience and strong technology background.  Outstanding networker, innovative solutions-oriented strategist and critical advisor, excellent communicator, engaged coach, and pace-setter

Keywords: cybersecurity, information security, risk management, governance, compliance, GRC, resilience, business continuity management, CISO / vCISO, cyber threat defense, strategy, policy, consulting, team building

Education

2007 – 2008
INSEAD (France) – Master of Business Administration

1992 -1996
University of California, Berkeley (USA) – B.A. International Relations

Experience

Current
Various Clients
Independent Consultant – International
Expert advisor to customer cybersecurity, resilience, policy, GRC (governance, risk, compliance), strategy, and risk management projects

• Expert consultant to several information security solution providers (cyber-threat intelligence, security testing, high performance encryption)
• Development of cybersecurity product strategy and implementation planning/rollout
• Development of risk / compliance control maps for various cybersecurity products
• Creation of pilot industry mentorship programme for cybersecurity career aspirants in university
• Launch and management of communications strategy and public relations channels for various cybersecurity industry groups
• Coaching and board advisory function for multiple high-visibility, innovative cybersecurity startups
• Board membership, strategy and community development, and activity coordination for global crypto credit/lending industry advocacy association
• Development and maturing of cross sector consortium for legal protection of responsible cybersecurity vulnerability researchers

2014 – 2022
Financial Services Information Sharing and Analysis Center (FS-ISAC)
Regional Director, Europe (2014-2015) – Cologne (DE)
Regional Director, Australia & New Zealand (2015-2017) – Melbourne (AU)
Regional Director, EMEA (2017-Present) – Munich (DE), Barcelona (ES)
Regional lead at global financial sector consortium for collective defence and resilience building – world’s largest sector-specific information security community with more than 7,000 member firms

• Developed and led regional member community and services portfolio
• Responsible for >500% FS-ISAC regional membership revenue growth in EMEA and AUNZ over 7 years, building and managing relationships with large number of major financial institutions, including ca. 30% G-SIB member firms
• Initiated FS-ISAC expansion into Latin America
• Initiated and/or expanded FS-ISAC stakeholder and MoU network, with key entities such as Interpol, European Banking Federation, European Financial Services Round Table, numerous NCSCs, sector CSIRTs, and intergovernmental central banks’ cyber resilience coordination groups in Middle East and Africa
• Led, expanded, and professionalized CERES Forum for central banks, regulators, and supervisors, changing the way regulatory entities worldwide interact and collaborate
• Launched FS-ISAC participation in annual Locked Shields collective cyber-defence exercise – the world’s first collective sector involvement in any international public-private cyber defence activity.  Led first financial services technical component white team, and developed military – financial sector cooperation among multiple blue teams
• Led FS-ISAC inclusion in ENISA-led EU ISACs community
• Created and professionalized wide range of FS-ISAC activities (events, metrics/management reporting, membership contractual models), leading to major operational efficiency enhancements and revenue growth
• Organized and led dozens of successful, well-attended regional and local information security events in cooperation with banking associations, law enforcement, and security service providers
• Sought-after speaker at major industry events in support of collective resilience development and risk reduction
• Represented FS-ISAC in Europe-wide and national information security initiatives and related groups, resulting in significant growth in FS-ISAC visibility, credibility, and trust

2012 – 2014
UBS AG
Executive Director – Zurich (CH)
Senior leader in information security engineering organization of global systemically important bank

• Deputy and Chief of Staff to the Managing Director of 180-person security technology group in European strategy, business continuity, and staff leadership forums
• Managed highly experienced information security consulting team with 21 reports on 4 continents, and an annual budget exceeding CHF 8 million
• Delivered end-to-end application security testing framework for mission-critical software across all divisions of the bank, allowing UBS to systematically reduce risk from software vulnerabilities and compliance impact
• Led successful international rollout of software developer security education and software assurance program
• Improved information security capabilities with significant regulatory impact during major budget cuts

2009 – 2012
ABN AMRO (External Consultant)
Senior Risk Manager – Amsterdam (NL), Paris (FR), Cologne (DE)
Information security risk advisor for retail, commercial, investment, and private banking

• Responsible for information security risk analysis, avoidance and mitigation exposure for systems handling multibillion-euro transaction volumes, with quantifiable risk reduction of up to €30 million per project
• Single point of contact for corporate information security analysis organization on numerous major projects across Asia and Europe; principal risk manager for Germany and France
• Built strategic relationships between bank’s country organizations and corporate information

2000 – 2009
Chakraborty SW GmbH
Principal Consultant – Zurich (CH), Santiago (CL), Buenos Aires (AR)

May 2000 – Nov 2000
Deutsche Merchant AG
Chief Architect – Munich (DE)

Aug 1998 – May 2000
Perot Systems AGSystems and Security Engineer – Basel (CH)

Feb 1997 – Jul 1998
Bull (Suisse) SA
Systems and Security Engineer – Basel / Zurich (CH)

Languages

• English: native speaker
• German / Swiss German: native speaker
• French: fluent written/spoken
• Spanish: fluent written/spoken

Topics / Competencies

I have strong competency and experience in the following areas, including implementation of information security and resilience controls prescribed or recommended by

Regulations, Legal Frameworks, Regulatory Guidance

• Network and Information Systems Directive / NIS2 – Directive (EU) 2022/2555 (EU)
• Digital Operation Resilience Act / DORA – Regulation (EU) 2022/2554 (EU)
• Artificial Intelligence Act – Regulation (EU) 2024/1689 (EU)
• General Data Protection Regulation / GDPR – Regulation (EU) 2016/679 (EU)
• Payment Services Directive / PSD2 – Directive (EU) 2015/2366 (EU)
• MAS Technology Risk Management / Cyber Hygiene (SG)
• New York State DFS 23 NYCRR 500 (US) – PDF
• HIPAA (US)

Good Practices and Standards

• NIST Cybersecurity Framework (CSF) and NIST SP 800-61
• ISO/IEC 27001:2022 (Information Security Management Systems Protection) / 27002:2022 (Information Security Controls)
• ISO/IEC 42001:2023 (Artificial Intelligence)
• ISA/IEC 62443 (ICS Cybersecurity)
• AICPA SOC2 (Trust Services Criteria)
• NIST-AI-600-1 (AI Risk Management Framework)

Industries

I have worked with and implemented cybersecurity controls and activities in the following industries:

• Financial services (banking, insurance, financial market infrastructure, payment services, exchanges, fintech)
• Power generation and transmission
• Healthcare
• Telecommunications
• Rail transportation
• Industry
• Government (local and regional)

Key Words

Risk management, compliance, GRC, leadership, CISO, strategy, board advisor, security assurance, good practice, public-private, resilience, business continuity, collective defence, exercises, cybersecurity, information security, cyber-threat intelligence, fraud, leadership, consulting, sparring partner, security architecture, governance, security policy, security process, integration

Downloadable CV (PDF)