Your browser is outdated!

To ensure you have the best experience and security possible, update your browser. Update now


Frederic Georgel

Chief Information Security Officer (CISO)

Frederic Georgel
52 years old
Montréal (H9S 4Y4) Canada (Québec)
Professional Status
Open to opportunities
About Me
Curious, influencer, passionate by challenges, fascinated by people and technology.

Solutions and result-oriented leader. Recognized for successfully managing complex business and technology.

Over 20 years experience in Technology Risk Management , Cyber Security, People and Technology Management, Governance, Compliance, Business Transformation and Project Management.

Senior Director, Information Security (CISO)
(Cogeco) - Canada / US

Stream Lead, GRC Project
(CN) - Canada

Senior Consultant IT Security
(Cirque du Soleil) - Canada / US

Director, IT Security Engineering
(Desjardins Bank) - Canada

Director, IT Security Architecture
(Desjardins Bank) - Canada

Team Lead, IT Compliance and Security
(Desjardins Bank) - Canada

Senior Advisor, IT Compliance
(Desjardins Bank) - Canada

Senior Consultant, IT Management & Governance
(Nudata, Smurfit Group, Kenzo, ...) - Europe

Founder and CEO
(Hypsoneack) - Europe

Director, Corporate Digital Publication
(Conseil General des Bouches-du-Rhône) - Europe

Manager, Software Integration and Support
(Orkis) - Europe

Senior Director, Information Security (CISO)

Since July 2018
North America (Canada / US)
  • Define Cyber Security Strategy (risk Based Approach)
  • Implement Technology Risk Management based on FAIR methodology
  • Report and advise to Board Members & Executive Management
  • Manage IT Security in multiple Business Unit (US & Canada)
  • Optimize IT Security Processes and Technologies (Strategic / Tactic / Operations)
  • Define Security Program & Road Map
  • Define Cloud Security Strategy (Google Cloud Platform & SAAS Services)
  • Member of Canadian Security Telecommunications Advisory Committee
  • Member of Cablelabs Security Group
Learn more

Stream Lead, GRC Next Generation (mandate)

Canadian National Railway (CN)
November 2016 to June 2018
North America
  • GRC Strategy
    - Define Governance approach
    - Define Risk approach
    - Define Compliance approach
    - Identify required capabilities
  • Implement FAIR Model (Quantitative Risk)
    - Analyze and Select Risk Methodology
    - Train People on FAIR Methodology
    - Implement FAIR in GRC Functions
    - Attach FAIR with Cyber Intelligence Process
  • Design GRC Functional Architecture
    - Identify GRC Key Functional Blocs
    - Define functional architecture for GRC next generation (Risk Based Approach)
    - Define Data Workflow
    - Define CI Structure
    - Managed GRC Processes with Business Analyst
    - Managed GRC Architecture
  • GRC Tools
    - Complete RFP
    - Define selection process
    - Analyze and evaluate Solutions
    - Select Vendor (MetricStream)
  • Advise Management for GRC Team
    - Define Professional profiles and skills to operate GRC Platform.
Learn more

Senior Consultant , IT Security (mandate)

Cirque du Soleil
May 2014 to November 2016
North America (Canada / US)
  • Secure Cirque’s shows technologies
    Ensure that technologies used by shows (Sound, Light, Automation, Projection and SFX) are secure.
    - Identify and define IT security measures
    - Deploy IT Security controls on shows (World Wide)
    - Implement Self-assessment and annual audit process
    - Implement IT Security training portal
  • Define and implement SIEM Next Generation.
    Replace RSA Envision platform by new generation: Alien Vault
    - Identify business needs and security requirements.
    - Complete RFP, vendor Analysis and product selection.
    - Complete architecture and detail design
  • Cloud Security (Microsoft Azur)
    Set IT security requirements for Cloud in IAAS mode, PAAS, SAAS.
    - Identify business needs and security requirements
    - Define and implement IT security standards with the architecture and operations groups
    - Define and implement Disaster Recovery Plan for the Cirque du Soleil website and all its micro sites (12) hosted on Microsoft's Azur Platform.
  • Achieve IT Security Audit
    - Define and implement strategic IT security pan,
    - Define and execute 4 security audits (Cloud, High Privilege Access, Servers in production, Development)
    - Produce reports and recommendations
    - Manage remediation plans
  • Define and implement application security development methodology
    - Design an application development security framework based on OWASP
    - Deliver application development security standards and development guide
    - Identify business needs and security requirements
    - Complete RFP, vendor Analysis and product selection (Veracode, WhiteHat, Synopsis)
    - Anonymize data production for development.
    - Identification of critical data (PII), define the rules of anonymization, write a reference guide for developers.
  • Execute IT Security Risk Analysis methodology
    - Provide Technological risk analysis for projects and major events management
    - Identify threats, probability of contact, attack surface, defensive measures, direct and indirect impacts.
  • IT Security Framework
    - Design a new IT Security framework (strategic, tactical and operational)
    - Define roles and responsibilities
    - Review corporate and administrative security policies
    - Write 10 new IT security standards and 6 operational guides
    - Design and implement a tool to manage and share security documents
    - Manage security requirements alignment to business needs.
  • Management
    - As member of TPG Cyber-Security Council, share cyber security trends experience and analysis with CSO TPG Capital companies (Uber, AirBnB, Burger King, Lenovo, McAfee, etc )
    - Define key performance indicators to measure the security program- Produce monthly performance dashboards.
  • IT Security Strategic plan:
    - Define strategic security plans (Roadmap 3 years)
    - Analyse security needs in regards of new threats.
    - Analyse technological enterprise orientation and outdated equipment.
Learn more

Director, IT Security Engineering

Desjardins Bank
December 2012 to February 2014
North America
  • Unit Management
    - Create Security Engineering Department
    - Implement Security Engineering Practices
    - Define and operationalize the security policies for the design and operation phases (NIST / ISO 27002). Result: Increase efficiency and consistency during the detailed design phase of the security features.
    - Define KPI, Dashboard and Reports
  • Change Management
    - Business Unit Mission statement
    - Define services & delivery processes
    - Restructure team
    - Define of roles and responsibility
  • Security Enginery Services Management
    - Engineering of protection systems (Anti-Virus, Anti-Spam, Web Filtering, Firewall next generation, IDS / IPS, WIPS)
    - Contribution to over 200 business projects per year.
  • Performance Management
    - Unit operational under three months
    - Increase the volume of contributions (120> 200 projects) without increasing staff
    - Best financial results in the vice presidency (income of $ 1.6 million in 2014)
    - Fluidisation of security interventions in projects by defining a RACI between architecture and engineering activities.
  • Resource management
    - Budget management
    - Financial Planning
    - Team Management (30 employees)
    - Recruiting
    - Enhance team skills by setting up a specific training program.
Learn more

Director, IT Security Architecture

Desjardins Bank
January 2011 to December 2012
North America
  • Unit Management
    Rebuild the unit after more than 18 months without a Director in place.
    - Manage activities in start-up mode.
    - Reorganize teams and practices.
    - Stop gap of financial losses and release of first revenues ($ 0.5 million / 2011 - $ 1M / 2012)
    - Increase mobilization rate over than 30%.
    - Define KPI, Dashboard and Reports
  • Security Architecture Management:
    - Review and improve the security framework: update of all Security Architecture Policy. Implement the SANS security framework.
    - Define evolution of the security architecture strategy roadmap.
  • Activity processes Management
    - Redefine activities processes
    - Implement security architecture committee review
    - Define roles and responsibilities
    - Increase customer satisfaction rate by 40%.
  • Critical Security Systems Management
    - Design and implement Operational Security Center (Arcsight / Mcafee EPO). Monitoring of 70 000 devices in 2014.
    - Consolidate Firewalls with new technology.
    - Redefine IT security perimeter.
    - Implement Juniper technology.
    - Reduce the number of firewalls, rules consolidation, reduce the operation and maintenance costs, increased the firewalls capacity.
  • Management tool
    - Define and implement advanced management tools
    - Increase performance of service delivery by 33% (80> 120 projects)
  • Resource management
    - Budget management
    - Financial Planning
    - Team Management (25 Employees)
    - Recruiting
    - Enhance team skills by setting up a specific training program.
Learn more

Team lead, IT Compliance and Security

Desjardins Bank
January 2010 to December 2011
North America
  • Define IT Security requirements and controls related to technological transformation programs:
    - Network and telephony contract negotiation with Bell
    - IT Operations contract negotiation (IBM, Compucom, Ecosys)
    - Printing contract negotiation (RR Donnelley)
    - Decrease IT Security and Compliance operating costs by $ 2 million/year.
  • Define security requirements related Governance, Risk and Control (GRC)
    - Describe detailed requirements of a GRC tool
    - Design functional requirements definition (UML)
    - Write details specifications
  • Negotiate contractual agreements with outsourcing vendors
    - Establish contractual requirements of management processes for service supplier (IBM)
    - Define Process Management Interface for IT security and compliance.
  • Design and implement IT Governance
    - Identify governance rules applicable.
    - Design governance framework with Deloitte.
    - Implement framework with all Desjardins VP IT.
Learn more

Senior Advisor, IT Compliance

Desjardins Bank
January 2007 to December 2010
North America
  • Harmonize IT Compliance approach. Define compliance strategic plans
    - Analysis requirements and scope of intervention,
    - Establish a roadmap and support strategy
    - Deliver IT Security requirements and compliance controls unified management (5970, 52-109, 3416, PCI)
  • Reduce compliance cost by setting up the first multi-compliance framework
    - Reduction of internal management efforts by 20 to 30%.
    - Reduction of expensive third-party providers operating direct cost by 25%.
  • Audit Management (internal and external verification)
    - Manage observation reports, define mitigation plan.
    - Reduce the number of recurrent observation and improved support.
  • Basel Regulation compliance:
    - Identify controls and connections in scope with the personal risk (R1)
    - Implement specific controls with the service supplier (CGI)
    - Basel agreement completed with success.
  • Unify controls with third party suppliers
    - Define a common framework of compliance controls for all suppliers.
    - Unify controls practice.
Learn more

Senior Consulant, IT Management & Governance (Mandates)

Nudata CRM, Smurfit Group, Kenzo, Eurocopter, Total.
January 2004 to December 2006
  • IT Compliance
    - Mandate: Design a management framework for SOX compliance (Client : L'Oreal Group) . Scope and requirements analysis, define and details Compliance Controls (Cobit)
  • IT Governance
    - Mandate : Define IT management processes, Role & Responsibility, Committees, Key indicators. (Client : Confidential / sector : Defense.
  • Asset Optimisation System
    - Mandate: Reduce the number widths production in factories. (Client : Smurfit Group). Design a calculation system to optimize production Width sizes. Develop and integrate algorithms. Provide User training.
    - Mandate: Define functional requirements for sales systems in developing territories (Client : Kenzo). Define functional requirements for integration in Salesforce. Write details specifications.
  • IT Strategic plan
    - Mandate: Define Technology road map for Control & Compliance management (Client : Total).
Learn more

Founder and CEO

January 1999 to December 2003
  • Business Management
    - Create the company
    - Define company's services
    - Define and implement working processes & practices
    - Define and Implement growth strategy and financial structure
    - Develop business opportunities (business development) customers relations
    - Manage Human resources
    - Manage business successfully during global financial crisis (2001).
    - Manage selling company process
  • Software & Web Development
    - Manage Software and Web technologies
    - Define and implant development practices
  • Digital Marketing
    - Manage E-business, Web, Digital marketing projects. Clients : European Photo agencies of Hachette Filipacchi Medias group (Rapho, Magnum Photos, Keystone Hoaqui, TOP ....), Yves Saint Laurent Museum, Neti-Corp (IT Professional Services)
Learn more

Director, Corporate Publication

Conseil General des Bouches-du-Rhône
January 1997 to December 1999
  • Transform publications systems
    - Design & implement new Editing systems
    - Upgrade work practices & production processes
  • Ensure digital platforms development
    - Develop and implement the first Corporate website
  • Oversee external communication design
    - Manage marketing campains, publication of annual reports, magazine.
Learn more

Manager, Integration and Support

January 1992 to December 1997
  • Systems Integration
    - Integrate client-server systems for client with complex architectures and sensitive data. Clients : European Space Center (Support 3 Ariane Flight, including Ariane 5 qualification flight), Commissariat à l'Energie Atomique (CEA), Eurocopter, EADS, CNES
    - Integrate and operationalize baggage screening systems simulation for the Direction General of Civil Aviation and Airports of Paris.
  • Data Modeling & Information Structure
    - Advise Customers for Data modeling
    - Define & implement Data Modeling services
  • Customers Support Management
    - Define and operationalize support processes (incident & problem management)
    - Work with development teams on problem & functional changes.
    - Manage Support Team.
    - Design & Implement Help Desk system.
  • External Relations Manager
    - Develop corporate communication
    - Design and produce marketing materials.
    - Manage Events (Apple Expo / International Days of Photography, etc ...).
    - Design and write publications.
Learn more


Dunod, CCH
January 2005 to December 2009
  • Gouvernance, Audit et sécurité des TI (Governance, Audit and IT Security)
    Book for Sherbrooke University / French
    Éditeur : CCH, 2008
  • IT Gouvernance : Maîtrise d’œuvre d’un système d’information
    Éditeur : Dunod / 01 Informatique 2005 (3e édition 2009) - Best Seller 2006/2007
  • IT Gouvernance : par où commencer?
    Éditeur : Information & Systèmes (2005)
  • IT Strategy
  • IT Governance
  • Communication
  • Leadership
  • Change Management
  • Third party management
  • Team management
  • Performance Management
  • Efficiency Optimization
  • Security Management & Governance
  • Technology Risk Management
  • Cyberthreats Management
  • Security Architecture
  • Cloud & SAAS Security Management
  • Identity and Access Management
  • Project Management
  • IT Compliance
  • Audit Management
  • Disaster Recovery Plan
  • Cable & Telecom Security

Implementing and Auditing 20 Critical Security Controls

SANS Technology Institut (USA)

March 2013

Cyber Defense - Essential Security 512

SANS Technology Institut (USA)

March 2012

Coaching successful team

Inspiraction (Canada)

March 2013

Change Management

GRID Institut


Management of technologies

Institut of technology, Université Paul Cézanne, Marseille (France)

September 2006
Bachelors Degree

Computer Design

IMCA (France)

1991 to 1992
Mediterranean Institute of Communication and Audiovisual

Industrial Design

Jean-Perrin College (France)

1988 to 1990
Associate Degree