Name: Jean-François Raymond
Organisation: Independent consultant
Role: ICT for development, Project/Program management, Risk management.
WORK EXPERIENCE Independent consultant [2010 – present] • Areas of focus: ICT for development, Project/Program management, Risk management. TD Bank (Insurance), Montreal, Canada [2007 –2010] Head, special projects and planning, business operations, COO direct report Director, Information security, CIO direct report • Special projects and planning, business operations • Heavily involved in TD’s strategic planning activities • Managed a global policies and procedure initiative • Coordinated establishment and tracking of corporate objectives • Assessed insurance product profitability • Led analysis of call-center operational model and geographical footprint • Led evaluation of several potential business partnerships • Program stewardship • High visibility program, with activities addressing gaps with corporate information security policies and standards, executive management priorities and internal audit recurring themes; • Established objectives and ensured optimal alignment with organisational priorities and strategies; • Composed of over 30 activities (5MM+$) spanning several years (Identity and Access Management, PCI, security awareness, application security, infrastructure security, etc.); • Regular review of the program’s progress and orientation in various committees. • IT governance • Helped define and deploy corporate information security policies and standards. • Established a governance framework to ensure priorities and issues effectively managed and communicated • IT audit management: o Implemented an end-to-end audit finding management process; o Provided accompanying tool that help upper management understand the global status and progression of finding resolution activities. • Deployed technology risk indicators. • Led over twenty information sessions and workshops on IT governance, compliance, security and audit related topics. PricewaterhouseCoopers, Montreal, Canada [2005 – 2007] Manager, Advisory Services, Performance Improvement & Risk and Regulation • Project management: • Managed a major enterprise project for a local financial institution o Following several years of projects under-performing, we were able to regain control of the project and implement effective project management methodologies and mindsets. • Led a project recovery assignment: o Uncovered the main reasons why the project had failed and proposed actionable recommendations. • IT due diligence: • Conducted IT due diligence engagements (prior to mergers and acquisitions) • Technology management consulting • IT organizational model, service provider management, , business continuity, wireless payment security, enterprise single-sign-on, access management procedures, SAP access management, etc. • Audit/Risk management • Manager on several SOX and non-SOX external audit engagements (mainly in banking, telecom and aerospace sectors) • Evaluated a large financial institution’s application level controls (SWIFT, NOSTRO, SWAP, Core banking systems) • Evaluated a large organisation’s critical trading and optimization application Independent Consultant, Montreal, Canada  • Advanced statistical analysis of pseudo-random number generators. • Security and usability study of an advanced cryptographic toolkit Harvard University, Cambridge, USA [2003- 2005] Graduate Researcher • Areas of focus: Internet and Society / Security and privacy / Advanced networking • World Resource Institute fellow. Wrote a case study on the use of telecommunications in developing countries (field work in Asia) – see publication list below. • Harvard CASE fellow. Wrote a case study on the use of second hand computers in developing countries (field work in South America) – see publication list below. • Harvard law school’s Berkman Center for Internet and Society fellow: Researching policy, legal, business and technological aspects of DRM (Digital Rights Management) as part of the digital media initiative. (http://cyber.law.harvard.edu/media/) • Analysis of economic aspects of information security and US government interventions (CERT/CC, US-CERT, ISACs, PCIS, SANS, US-CERT, HIPAA, GLB, SOX). • Harvard DEAS Teaching Fellow for CS-143, “computer networks”. Basic networking concepts, telecom business models, advanced applications (VPN, Kerberos, 802.11, PGP, VoIP, SIP, firewalls, NATs, etc.) Accenture, Paris France [2001- 2003] Consultant, Business Intelligence • Functional analysis, design and implementation of business critical multi-million dollar CRM information systems for the telecom industry. • Led the data migration team that managed to clean and transfer operational and client data to a new Siebel CRM (9Telecom ) • Led the Operating Support Systems (OSS) and Business Support System (BSS) interface teams (Cegetel Enterprise). Zero-Knowledge Systems, Montreal, Canada [1999- 2001] Security Architect • Designed and developed a prototype digital payment system for mobile phones. • Assessed the feasibility and requirements of a digital payment protocol. • Led a due-diligence effort on a privacy enhancing technology patent suite. • Presented ZKS technologies to business partners, at international workshops, on a TV show. • Developed a privacy enhanced digital certificates prototype (PKI). • Conducted a feasibility study on the use of smart-cards in privacy enhancing applications. ACTIVITIES • Tennis, Badminton and Ski: Competed throughout Canada in junior and senior events. Obtained “coach” certification in all three disciplines. • Independent travel in Asia, Oceania, North, South and Central America, Africa and Europe. • Other: boxing, reading, yoga, running (marathon), windsurfing.