Philippe Carletto

Group CISO | Technology & Cyber Executive | Digital Transformation IT Governance | IT/OT Security | Board Advisor | Digital Trust

France

About

Cybersecurity executive with 10+ years of experience as Group CISO, leading enterprise security, cyber risk governance, and digital resilience across global organizations (32,000 employees) in pharma, industrial, luxury, and retail sectors. I operate at the intersection of cybersecurity, enterprise risk, and business continuity, ensuring security is embedded as a strategic enabler of growth, regulatory compliance, and operational resilience. My expertise covers hybrid environments (on-prem, Azure, Oracle Cloud) with a strong focus on Zero Trust architecture, identity & access management, and secure-by-design transformation programs. I have deep experience in regulated and complex environments, ensuring alignment with ISO 27001, NIST frameworks, GDPR, LPD, NIS2, DORA and LPM requirements across multi-country organizations. Core leadership areas include: o Cyber Risk & Security Governance at Group level o Incident Response & Crisis Management (executive coordination) o Board-level reporting and executive communication on cyber risk posture o Global security strategy, operating model design, and budget ownership o Security transformation programs across cloud and hybrid infrastructures I work closely with Executive Committees, Boards, Audit & Risk Committees to translate cyber risk into clear business decisions and measurable resilience outcomes. Recognized for leading security organizations through high-impact incident response, regulatory transformation, and enterprise-scale security modernization programs.

Experience

  • Head of Cyber Security - CISO at INEOS
    Mar 2021 - Present · 5 yrs 5 mos

    • Developed and executed a comprehensive global security strategy for Petroineos Ineos, ensuring compliance with NIS2, GDPR, and PCI-DSS. • Led an European infrastructure team, enhancing the security and availability of IT systems. • Initiated and managed cybersecurity awareness programs, significantly improving the organization's security culture through regular training and assessments.

  • Virtual CISO at Freelance, Cybersecurity Engineering
    Apr 2019 - Feb 2021 · 1 yr 11 mos

  • Head of Security architecture at European Broadcasting Union
    Jun 2016 - Mar 2019 · 2 yrs 10 mos

    ▸ Designed and managed IT security solutions for data centers and hybrid clouds across Europe, the US, and Russia, coordinating cross-functional IT projects ▸ Conducted security assessments, vulnerability analyses, and risk evaluations, optimizing network and security architectures to enhance system security and address integration challenges

  • Head Of Security and Network at IRU
    Nov 2011 - Nov 2015 · 4 yrs 1 mo

    ▸ Outsourced network and security infrastructure (IaaS, PaaS) to Swisscom Cloud and managed the Disaster Recovery Plan (DRP) as CSIRT manager ▸ Coordinated audits, penetration tests, and remediation, overseeing the relocation of two data centers to Swisscom

  • Security and Network Team Lead at BT
    Dec 2007 - Apr 2011 · 3 yrs 5 mos

    ▸ Designed and implemented security and network solutions for trading room data centers, establishing standards, procedures, and security policies ▸ Conducted risk assessments, managed security incidents, and ensured compliance with defined standards and controls