Contern, Luxembourg, Luxembourg
Operational / Technology Risk and Cybersecurity governance executive specialising in Second Line of Defence oversight within regulated financial institutions, advising senior management and boards on technology risk, operational resilience and regulatory strategy. More than 20 years of experience across banking, payments, fintech and digital asset environments, working within supervisory contexts shaped by CSSF, FCA, BaFin and ACPR, and EU regulatory frameworks including BASEL, DORA, NIS2, MiCAR and PSD2. Experience gained across diverse roles and multicultural organisations, spanning technology, security and risk governance. Recognised for building and strengthening Technology Risk and Information Security control functions, defining governance structures, and translating regulatory expectations into practical and effective control environments. 🔹 Provide advisory to Boards and executive management on technology risk posture, resilience and regulatory strategy 🔹 Lead transformation initiatives and governance modernisation across complex matrix organisation 🔹 Drive governance, independent oversight and regulatory alignment across international frameworks 🔹 Operate in regulated Key Function Holder and authorised roles, interacting with regulators and Boards 🔹 Build and manage high-performing teams while steering stakeholders through organisational change My governance perspective is informed by earlier hands-on experience in security engineering and operational security leadership, providing a practical understanding of how technology risks manifest in real systems and organisations. Core Expertise: Operational Risk Management | ICT & Technology Risk Management | Operational Resilience | AI Governance | Information Security Governance | Regulatory Compliance | Third-Party Risk Management | Data Protection | Board & Executive Advisory | Distributed Finance & Cryptocurrency Selected Certifications: CISM | CSSLP | Certified Cryptocurrency Expert (CEE) | Certified DORA Practitioner | ISO 27001 Lead Implementer | ISO 31000 Lead Risk Manager | ISO 27032 Lead Cybersecurity Manager | Certified Data Protection Officer
Executive Director and Non-Financial Risk Control Lead – Key Function Holder and Technology Risk Control Function (2LoD) overseeing ICT Risk, Information Security, Incident Management and Operational Resilience. Specialising in Operational Risk Management, Technology risk governance and regulatory strategy alignment. Certified DORA Practitioner / Certified Risk Manager / Certified Information Security Manager
Executive Director - Head of Technology Risk & Technology Compliance (2LoD), responsible for independent oversight of Technology Risk (ICT / AI / Data) and regulatory compliance. Focus on operational Risk Management, Board and Executive Committee reporting. Accountable for technology risk governance, board reporting and regulatory engagement with CSSF and other supervisory authorities, ensuring alignment with EU regulatory frameworks including DORA, GDPR, PSD2, CSSF/EBA guidelines.
Appointed as Head of IT with full responsibility for ICT operations within a CSSF regulated e-money and payments institution (EMI/PI), reporting to the COO. In addition, led ICT outsourcing and vendor governance and oversaw all ICT aspects of the German subsidiary, including operations and infrastructure.
Key function holder, responsible for ICT and operational risk oversight across HSBC’s Luxembourg entities (private banking, funds, corporate banking), reporting to the CRO.
Expanded the 2LoD mandate across all Amazon’s European entities, hired and managed a Team, responsible for technology risk governance, regulatory engagement and structured control frameworks aligned with legal and supervisory expectations across multiple EU jurisdictions. Part of the GDPR Core Team and Privacy Bar Raiser.
Established and lead the 2LoD Security Risk & Compliance function for Amazon’s Luxembourg-regulated e-money institution (Amazon Payments S.C.A). Strong focus on Information Security Control and Risk Management, responsible for technology, security and privacy governance across Amazon’s European payments business. Oversaw information security risk, compliance, control frameworks and regulatory alignment within a regulated E-Money and Payment Institution. Worked actively with Public Policy to shape the future of Fintech Regulation.
Promoted to lead the EMEA Threat & Vulnerability Management practice within a CSSF-regulated PSF, providing functional leadership across a 30+ person team delivering technology risk and security programmes for major financial institutions and international organisations. Advised Boards and C-level stakeholders on technology risk exposure and control maturity, shaped enterprise governance initiatives, and served as Subject Matter Expert to the European Commission (DG CONNECT) on the Network and Information Security Directive. Frequent speaker on regulatory and cyber risk developments.
Joined as Principal Consultant delivering technology risk, offensive security and incident response engagements across EMEA for financial institutions and multinational organisations. Led penetration testing, vulnerability research and incident response programmes, developed incident response procedures and technology risk assessments, and advised clients on secure SDLC integration, threat modelling and enterprise security strategy. Mentored junior consultants and contributed to regional assessment methodologies. Recognised by IBM as a Top 10 vulnerability researcher worldwide and contributed to the development of the (ISC)² CSSLP certification framework.