MSC CruisesGlobal Head of Information Security
Jan. 2016 - Jun. 2018Geneva Area, SwitzerlandI started this assignment by talking with the CEO, to understand the company's risk appetite, and then I discussed with the C-Suite to understand which were the directions of the company and the most burning issues. After three weeks, I managed to propose a business case for the security strategy I envisioned. Achievements:
- Designed, presented, and received acceptance for a 2.5 years Security strategy
- Full PCI-DSS compliance within the first 100 days
- TUV certification of the DACH websites within first 200 days
- Built the Security Team (6 persons)
- Proposed the GDPR project, obtaining mandate and resources
- Along with the security team, took the lead of the project. - Given advice to C-Suite members for Privacy Related matter Other tasks and duties
- Following the security program, produced all the required policies and procedures using the NIST framework
- Created a partial CSIRT capability inside MSC, and consequently managed 200+ security- and privacy-related incidents. - Technical risk assessments and penetration testing. - In charge of on-board technical security. Vendor management, software selections. Reporting level: Boards of Directors, and C-suite.