Professional Summary

Senior Security Consultant with 20+ years directing ISO and NIST anchored programs across SaaS and hospitality enterprises. For the past six years, served as CISO of a new business unit formed from four acquisitions, scaling the security team to 50 professionals, integrating Zero-Trust cloud tools (Netskope CASB, Microsoft DLP, Palo Alto IPS), lifting product-maturity scores 30% YoY. Mapped controls to PCI DSS, SOC 2 Type 2, GDPR and NIS2 guidance, turning risk data into board-ready decisions. Lowered cyber-insurance premiums 15 %. Combine deep engineering roots with commercial savvy to advise C-suites, steer post-merger security roadmaps, and position cybersecurity as a growth catalyst. Committed to enabling secure digital transformation and resilient business operations through pragmatic, risk-aligned security leadership.

Key Experience

Group Deputy CISO
Amadeus
Jan 2023 - Jun 2025
  • Oversaw the 6 BISO teams worldwide, unifying governance, consistent security policy implementation and alignment with enterprise architecture
  • Mentored regional CISOs (RISOs), driving regulatory compliance, security maturity uplift, and secure post-merger integration initiatives
  • Chaired the Security Governance Council: issued group-wide security standards, maintained PGSSI alignment, and delivered quarterly risk posture reports to executive leadership
  • Led the design and implementation of Amadeus's AI Security Framework, embedding privacy and security review gates, model classification, and PIA workflows into AI/ML development lifecycle in alignment with the EU AI Act. Initiated integrated governance with enterprise platforms (Archer and ServiceNow), enabling risk mapping, real-time dashboarding, and automation of over 2,300 third-party AI/data vendor reviews
  • Developed and deployed a global security awareness and training strategy, tailored by region and role (Dev, Product, Delivery), to improve cultural security adoption and risk-based behavior
  • Served as BISO for the Nextwave innovation division, overseeing security architecture and controls for cloud-native and experimental products
  • Partnered with the Group CISO on global risk strategy, policy lifecycle design, and regulatory framework crosswalks across jurisdictions
CISO
Amadeus Hospitality
Jan 2019 - Jun 2025
  • Built and led the cybersecurity organization for a $900M SaaS business unit formed from four acquisitions
  • Directed a global team of 50 professionals (SOC, GRC, PMO, SDLC), overseeing hiring, training, and performance with an $8M annual budget
  • Designed and executed a security roadmap structured around four integrated pillars: GRC (ISO 27001, PCI DSS, SOC 2 Type 2, NIST CSF, GDPR, NIS2, CCPA, EU AI Act), PMO (Cross-functional risk reduction programs and customer assurance), SDLC (OWASP-aligned practices, embedded in agile product teams), and SOC Operations (24/7 monitoring, incident response, threat simulation)
  • Expanded ISO 27001 certification to 10 product lines across 6 global sites and renewed PCI DSS for 20 products, with zero major non-conformities
  • Aligned regional and global GRC programs to ISO/IEC standards and NIST CSF, enabling cross-functional integration with enterprise risk strategy
  • Managed policy lifecycle and exception handling workflows in Archer GRC, supporting global policy alignment and real-time dashboarding
  • Reduced post-architecture rework by 25% by embedding security leads in weekly design reviews
  • Led quarterly pentests across infra and app layers with vendor coordination and prioritized remediation
  • Increased asset visibility to 98% and application maturity to 100%, enabling data-driven lifecycle decisions
  • Lowered incident severity (Critical → Low) in under two years through revamped IR plan and recurring drills
  • Implemented a defense-in-depth architecture across Azure, GCP, and on-premise environments, deploying endpoint protection (CrowdStrike), SaaS lockdown policies (Microsoft 365, Zoom, Salesforce, Meta, Google), insider risk monitoring tools, and advancing detection and response maturity with SIEM (Splunk), SOAR, FIM, and email security solutions
  • Delivered executive risk dashboards (KPI/KRI) and quarterly compliance briefings to the CISO and VP leaders
  • Collaborated with legal, compliance, product, and platform teams to ensure regulatory and contractual obligations were embedded in product lifecycle decisions and third-party engagements
Regional Security Officer, Asia Pacific (APAC)
Amadeus
May 2014 - Dec 2018
  • First Regional Security Officer for APAC, establishing and leading the region's cybersecurity program
  • Developed comprehensive cyber program including discovery, on-site security audits, and direct customer engagement
  • Built standardized processes for risk assessment and incident management tailored to regional needs
  • Selected to lead and deploy the program across Americas and Europe, ensuring global consistency
Earlier Experience, Global Network & Facilities Leadership
Amadeus
1999 - 2014
  • Progressive leadership of network services (€80M budget), global telecommunications, and data-center buildouts for Amadeus across Europe and the US, laying the infrastructure foundation for SaaS growth, supporting operational resilience and regulatory modernization as Amadeus transitioned to SaaS delivery

Core Competencies

Leadership & Strategy

  • Cybersecurity Leadership
  • Risk Management
  • Stakeholder Engagement
  • Team Building & Scaling
  • Executive Communication

Compliance & Governance

  • ISO 27001, PCI DSS, SOC 1&2
  • GDPR, CCPA, NIS2, DORA
  • EU AI Act
  • Security Architecture
  • Secure SDLC (OWASP)

Technical Expertise

  • Cloud Security (Azure, AWS, GCP)
  • Vulnerability Management
  • Incident Response
  • Zero Trust Architecture
  • IAM & Infrastructure Security

Certifications

CISSP

Certified Information Systems Security Professional - ISC²

CEH

Certified Ethical Hacker - Firebrand

ISO 27001 Lead Auditor

Information Security Management Systems Lead Auditor

ITIL Foundation

Information Technology Infrastructure Library

FedRAMP

Federal Risk and Authorization Management Program (Customer Engagements)

Education

Master of Science in Engineering

École Nationale des Arts et Métiers (ENSAM), France

Post-Master's Degree in Robotics

Université Pierre et Marie Curie (Paris 6), France

Languages

French

Native

English

Fluent

German

Fluent

Personal Projects

Home AI Lab (Ongoing)

Maintain a GPU-powered Kubernetes cluster to prototype open-source LLMs, fine-tune models with LangChain and Hugging Face, and test MLOps pipelines (Docker, GitHub Actions, VMs, NAS).

✈️ Willing to travel for the right opportunity