PECB Management

Haydée is the President and CEO of Certified Risk Management Group, LLC. She has international and interdisciplinary subject-matter expertise in business continuity, risk management, governance and resilience management systems, records management, quality management, emergency response programs, health and safety, and liability risk management.

With the support of excellent professionals, each competent in their field, Haydée leads teams that have the responsibility of providing diverse management consulting and emergency response services.

Haydée’s experience also encompasses conducting research projects and analyzing emerging risks, presenting their results, and generating recommendations for organizational policies, governance, and resiliency.

Haydée holds a bachelor’s degree in Industrial Engineering from the University of Puerto Rico, Mayagüez Campus. She has a professional engineering license from the College of Engineers and Land Surveyors of Puerto Rico (CIAPR) and is a member of the Commission for risk management, emergencies, and disaster response of the CIAPR.

There are several causes that are dear to Haydée, among which is the protection of the planet and the environment. She is a volunteer on the Climate Change Council of Puerto Rico’s Working Group 3 —Effects on Society and Economy. Specifically, in disaster management and climate change risk assessments on critical infrastructure.

Considering that Haydée’s beloved Puerto Rico has gone through continuous catastrophic disasters in the past years, she provides trainings in emergency planning and response to communities, as she believes that it is in the heart of a community where the initial response takes place. The more educated and prepared, the better off is the community in surviving and overcoming the challenges they face.

Haydée is certified as ISO 31000 Lead Risk Manager, ISO 22301 Master, ISO 9001 Lead Implementer, and ISO 55001 Lead Auditor.

(CISA, CISM, CGEIT, CRISC, CBCP, Lead Implementer ISO 22301, ISO 27001, ISO 20000 Lead Auditor ISO 22301, ISO 27001, ISO 20000, Risk Manager ISO 31000, ITIL V3, COBIT 5 F).

As a professional with more than 35 years of experience, Carlos has held management positions in companies of recognized international prestige such as VISA, Synapsis, IQ Outsourcing, Superintendencia financiera de Colombia and Deloitte. Carlos Restrepo is part of the Technical Committee 262 of the International Organization for Standardization (ISO) which oversaw reviewing and updating the international standard for risk management ISO 31000: 2018. In recognition for promoting the risk culture in 16 Latin American countries, he was nominated by the newspaper specialized in economy and business “Portafolio” in the category of best business leader 2019, and he has won the award for Best Trainer in Ibero-America in 2017, 2018 and 2019 by PECB; to date becoming the Latin American that has taught the most international risk certification courses on risk, audit and control in the world in the last 5 years (274 executive trainings in 16 countries). Additionally, he has been invited as a speaker to several international conferences on Integrated Risk Management developing the topic: “Artificial Intelligence Applied to Risk Management”.

His ability to combine knowledge and experience as a lecturer, professor, consultant, auditor, implementer of Integrated Risk Management Systems; as well as exercising his role as Process and Risk Manager at VISA and ERS consultant at Deloitte, have allowed him to obtain the highest quality and satisfaction rating for each of the 3,740 participants in the courses he has carried out in: Mexico, Costa Rica, Honduras, Nicaragua, Guatemala, Panama, El Salvador, the Dominican Republic, Colombia, Venezuela, Peru, Bolivia, Chile, Ecuador, Paraguay and Argentina.

Mr. Keating is one of the Managing Partners at STEER. He has over 40 years of working experience in three Fortune 500 companies in Corporate Security, HR, and Legal and Integrity.

Mr. Keating has extensive experience in building and implementing comprehensive corporate compliance and integrity programs for multinational companies to include Code of Conduct, Corporate Directives, Employee Training, Global Whistleblower Programs, and Internal Investigations.

He also has extensive experience with successfully enhancing existing Corporate Compliance Programs in response to government FCPA Sanctions/Deferred Prosecution Agreements (DPAs).

He has lived in USA and Europe and performed services on all continents in over 70 countries.

Mr. Bleeker is one of the Managing Partners at STEER. He has 25 years of experience working in Finance, HR, Audit, and Legal and Integrity for two “big four” consultancy firms and a globally leading power and automation technology company. He has lived in Europe, USA, and Middle East/Asia and performed services on all continents in over 65 countries. In addition, Daniel established a Global Investigation Unit, and assisted in the development of a state-of-the-art Compliance Program, acknowledged by the U.S. Department of Justice.

He has managed investigations into Code of Conduct breaches, including fraud, self-enrichment, and allegations of FCPA violations. Daniel holds the PECB ISO 37001 Master credential.

.

As an Information Security, Data Protection and Risk Management trainer and consultant, Mr. van Dyk is equipped with the management and technical business skills obtained in medium and large organizations in both the public and private sectors.

As a consultant and (interim) manager, he has successfully helped organizations implement Information Security and Data Protection frameworks to comply with ISO/IEC 27001 standards and was from early on involved in helping organizations understand the implications of the GDPR on their business processes.

Along with his consulting activities, he is an active as certified trainer, delivering courses in the Netherlands, the UK and Scandinavia as well as for large enterprises on topics such as ISO/IEC 27001, ISO/IEC 27005, ISO31000 and GDPR-CDPO.

Jorge manages Information Security, Risk and Compliance for the Latin American region at Pink Elephant. He has a Computer Science Degree from the National Polytechnic Institute and holds an MBA from the IPADE Business School. Jorge is currently a PhD candidate in Information Technology Governance at Carlos III University in Madrid.

As a professional that has been involved in entrepreneurship for 32 years, Jorge has been the CIO of one of the largest data centers in Mexico (RedIT – currently KIO Networks), operating in San Diego and Latin America. He is a certified CISA, CRISC, CISSP and ISO/IEC 27001 LA, ISO 22301 LI, ISO/IEC 38500 Manager and ISO/IEC 27032 Lead Manager. Jorge has been an active member of the Governmental and Regulatory Agencies Board representing the Latin America Region as President at ISACA International, as well as a member of ISO/TC 292 and ISO/TC 27 representing Mexico.

Jorge is also a professor at Universidad Iberoamericana in Mexico involved in lecturing students enrolled in the Information Technology Governance Master´s Degree Program as well as Information Security. He has also authored the book “El gobierno de las TI en las empresas en México” published in 2017.

Stéphane is CEO of Smart Risk Consulting and Co-Founder of Risk-!n. His area of expertise includes Governance design, development, implementation of risk management methodologies and tools, Workshop facilitation, Risk Management Strategy, and Risk Management Process. Stéphane is a certified trainer for ISO 31000 by G31000 and PECB, as well as a Risk Management trainer at INSEAD and speaker for international conferences. Stéphane is a Risk Management professional with more than 16 years of experience internationally, in places such as Arcelor Mittal and Syngenta. During the period 2009 to 2015 Stéphane was Head of P&S Risk Management at Syngenta. Stéphane is also the founder of Swiss Risk Management Forum – SRMF.

Friedhelm Düsterhöft is an experienced Information Security and Data Protection consultant, trainer and auditor working in various industries. In 1992 he founded msdd.neT GmbH, providing targeted solutions and services for customers, mainly in the telecommunications, banking, insurance, energy and logistics sectors.

Mr. Düsterhöft has worked for many international operating customers, leading teams and giving advice on many facets of Information Security, as Vulnerability and Patch Management, Risk Management, Security Testing, Information Security Governance and Compliance Management.

His experience covers the full range, from more technical to strategical aspects of Information Security. His current certifications include CISSP, ISO/IEC 27001 Lead Auditor, Lead Implementer, Trainer, Certified Management Systems Auditor and Certified Data Protection Officer.

## Peter Geelen is a seasoned security professional and partner and executive director of Cyberminute, a prominent enterprise security and architecture firm based in Brussels, Belgium. With over 25 years of experience in the field, Peter has a proven track record of delivering high-quality services in identity and access management, information security, cybersecurity as well as cloud security, privacy and data protection.

Peter is not only certified ISO 27001 Master and accredited Lead Auditor in ISO/IEC 27001 (ISMS), ISO/IEC 27701 (PIMS), ISO 22301 (BCMS) and ISO 9001 (QMS), but also Fellow in Privacy, and he holds several renowned security certifications, including certified DPO, cloud auditor, ISO/IEC 27002 Lead Manager, Sr. Lead Cybersecurity Manager, Risk Management, Lead Incident Manager, Certified Lead Ethical hacking, Disaster Recovery, privacy solution engineer, privacy technologist, among others. He’s also accredited as ISO/IEC 17021 accreditation auditor.

He is also a certified and authorized global trainer who enjoys teaching, coaching, and facilitating knowledge transfer and certification through workshops, chalk and talk sessions, and other training methods.

He is passionate about exploring new frontiers in cloud security, cybersecurity and data protection, particularly in legislation and certification of products, services, and processes.

As the director and managing consultant at Cyberminute, Peter has dedicated his career to providing top-notch security solutions to clients across a variety of industries and size of companies.

Peter is a committed lifelong learner who continually seeks to expand his knowledge and expertise in his field, and he takes pride in sharing his knowledge and experience with others through training and mentorship.

Mr. Carlstedt is recognized as the mastermind behind the ISO/IEC 27008 standard, which provides guidance for auditors on how to audit Information Security controls. He has been actively involved directly in the development of the ISO/IEC 27000 series in key roles, such as the International Project Manager/Editor for three out of the eight fundamental standards on Information Security Management. In this capacity, Mr. Carlstedt is also currently co-editing the future ISO/IEC 27100 on Cyber Security Frameworks.

Throughout his career, Mr. Carlstedt has also been in Practice Leader roles within security services and Risk Management for companies such as PwC, Deloitte and Accenture to mention a few.

Currently, the Managing Director at PECB Nordic Group Ltd, Mr. Carlstedt represents PECB in Sweden, Norway, Finland, Denmark, and Iceland. Additionally, he is also the CEO of Parabellum CyberSecurity Group; a company specializing in advanced Information Security and Risk Management services.

Muneer Baig, founder & CEO of SYSUSA Inc., is an industry-recognized dynamic technology executive and visionary with over two decades of experience in developing, implementing and managing Information Technology and Information Security programs.

Mr. Baig, with an in-depth knowledge of technology and business operations, serves as a trusted and strategic advisor to senior leadership across industries focused on developing and implementing strategic Information Technology and Cybersecurity initiatives.

Prior to venturing into SYSUSA, Mr. Baig enjoyed his tenure at Microsoft where he played a key role as part of a team responsible for the development and execution of a global information security assessment program.

As part of the SYSUSA’s leadership team, Mr. Baig advises on IT Strategy, Cybersecurity, Risk Management, Governance, and Regulatory Compliance. Mr. Baig and his team of experts enable the transformation of organizations into high performing, secure and resilient enterprises and create a cyber-threat aware workforce.

Mr. Baig currently serves as a member of:

• American Public Transportation Association Cyber Security Working Group
• Prince William County Schools Career and Technology Education Board
• NORC Cyber Training & Education Roadmap Steering Committee
• George Mason University SciTech Advisory Board of Directors
• Commonwealth Cyber Initiative Northern Virginia Node

Lavol-Simon has indirectly implemented information security for 15 years as a developer, software engineer, and CTO. While serving as CEO of an SME, Lavol-Simon turned his attention to the privacy/data protection field at a time when interest in GDPR was increasing, and worked with both large and small public/private organizations.

Lavol-Simon always creates new value for organizations and ensures compliance based on his SCRUM-Agile capabilities. He successfully managed GDPR-related compliance projects, designed an IT risk assessment framework based on ISO/IEC 27005, and designed and implemented GDPR and information security audit checklists for internal/external audits based on ISO 19011, ISO/IEC 17021, and ISO/IEC 17065.

Since May 2018, Lavol-Simon has been a PECB certified instructor and has trained numerous DPOs. He has also delivered ISO/IEC 27005 lectures and supervised junior auditors and practitioners in various audit/practical projects.

In France, he has worked with companies such as SNCF Group (transportation, train stations, etc.), Crédit Mutuel ARKEA (finance), Aramis Group (healthcare, disability), and EVEN (agriculture).

b.larvolsimon@inovans.fr

Genevieve M. Grabman is an attorney and expert on strategic planning, governance, and risk management. Based in Washington, DC, she has advised public, private, non-profit, and United Nations organizations and helped draft and pass organizational policies and procedures, national laws and regulations, and international treaties. Ms. Grabman is PECB-certified as a risk manager and lead risk manager. She is certified as a change manager through Performance Horizons. In addition, she holds a master’s degree in health policy and management from Johns Hopkins University and earned a Juris Doctor from the Georgetown University Law Center.

As a Cyber Security and Risk Management professional, Mr. Graeme Parker is equipped with highly valuable technical business skills obtained in high profile private and public sector organizations.

With a proven experience in successfully implementing Information Risk Management Frameworks, as well as developing Effective Management Systems for Risk and Governance, his focus remains in shaping deliverable Cyber and Information Security strategies. Leading several projects to drive organizations through the successful implementation of ISO/IEC 27001, PCI-DSS and various compliance frameworks, Mr. Parker applies his knowledge and experience across many areas of security, including developing security architectures, business processes and procedures, training programs, risk frameworks, audit programs and business continuity plans.

Adding to his consulting competencies, Mr. Parker is also a certified trainer delivering courses to clients across the globe on topics such as ISO/IEC 27001, ISO 22301, Privacy and Data Protection, CISA, CISSP, CISM and Risk Management. Presently the Managing Director of PECB UK & Ireland and Parker Solutions Group, Mr. Parker is a former member of Capita Business Services, Fujitsu Services, the UK National Health Service, and the Yorkshire Bank.

Hanni is the founder and CEO of Abiline Advisors, a group of experts in governance, risk management, and compliance. He holds a Master’s degree in Mathematics and Computer Science from the Swiss Federal Institute of Technology and an MBA from the University of Lausanne Business School.

Hanni currently provides advisory services to large government institutions and multinational corporations in the fields of business continuity, information security, and risk management. He also supports various organizations in Switzerland as well as in Europe, the Middle East, and Southeast Asia in the implementation of ISO 22301 Business Continuity Management Systems, ISO/IEC 27001 Information Security Management Systems, and ISO 9001 Quality Management Systems.

He is an instructor for the Certificate of the Business Continuity Institute and also delivers lectures in French, English, and Spanish. He conducts PECB courses for ISO 22301, ISO/IEC 20000, ISO/IEC 27001, ISO 9001 Lead Auditor and Lead Implementer, as well as ISO/IEC 27005 Risk Manager.

Hanni is currently teaching governance and business continuity at Sorbonne University in Paris,

and leads various working groups and associations related to information security and business continuity.

henri.haenni@abileneadvisors.ch