GRC (Data IT Information security)
Resume:
SUMMARY
I help companies to leverage the IT investments they make to achieve their business objectives, while managing the risks associated with IT use, as well as complying with their related legal and regulatory requirements. This is the practice of Digital GRC (Governance Risk Compliance). More specifically, I help companies to adopt and implement best practices in IT governance and management in the following areas:
Governance of Enterprise IT
Data governance
Information Security governance
Privacy and data protection (DPO on demand for Bill 25 in Quebec)
IT Service Management (ITSM)
Digital transformation
SKILLS
Results-oriented
Strong analysis and synthesis skills
Autonomous
Change enablement
Facilitator
Lead work group sessions and interviews
LANGUAGES
French (native language) English (professional working proficiency) ACCREDITED TRAINER
In addition to my consulting /auditing activities, I also deliver trainings in the fields below. These trainings can be delivered with or without the certification exam. IT Service Management (ITIL 4) Foundation
ITIL Specialist - Create Deliver and Support
ITIL Specialist - Drive Stakeholder Value
ITIL Specialist - High Velocity IT
ITIL Strategist - Direct - Plan and Improve
Digital Governance These trainings are related to enterprise digital governance:
Data governance
IT governance
COBIT 2019 Foundation
Andre Boutin 1/3
Andre Boutin
Consultant GRC (Data IT Information Security)
IT Service Management
Montreal, Quebec, Canada
Email: *******@******-****.***
WORK EXPERIENCE
Jan. 2005 - Present Consultant – Governance Risk Compliancy (GRC) Diverse clients
Montreal, Canada
I have carried out more than 20 consulting mandates, during which I have performed the following main activities:
Conduct audits of IT governance and/or management practices, by carrying out assessment interviews and producing a comprehensive report of recommendations;
Elaborate targeted strategic orientations, fostering a clear and structured vision for the evolution of practices;
Design and implement a sound IT governance and/or management framework, incorporating effective structures and appropriate control mechanisms;
Implement innovative IT governance and management practices in key areas such as the protection of personal identifiable information
(privacy), data governance, IT governance, IT service management and information security;
Develop an effective normative framework, defining policies, guidelines, standards and other relevant documents;
Lead IT governance and/or management workshops, fostering team collaboration and improving practices;
Analyze and improve existing control mechanisms to ensure sustainable compliance with legal and regulatory requirements;
Support teams in implementing new IT governance and/or management practices, facilitating knowledge transfer and driving change in a pragmatic way.
Some of the industry sectors I've worked in: Insurance, banking, provincial government, municipal government, high education institutions, pharmaceuticals, telecommunications, transportation, aerospace and other industrial sectors.
Some of the legal or regulatory frameworks I've worked with: Quebec Bill 25 • Guideline on Information and Communications Technology Risk Management of AMF (Financial Markets Authority) • Sarbanes-Oxley • Personal Information Protection and Electronic Documents Act (PIPEDA) • Quebec Act concerning the governance and management of the information resources of public bodies and government enterprises (LGGRI) • Quebec Act concerning the legal framework for information technology (LCCJTI).
Among used standards: COBIT, ITIL, ISO 27001 and 27002, NIST CSF and other NIST standards, CIS 18, ISO 31000, SOC 2 type 2. Jan. 1989 – Nov. 2004 Computer engineering
Diverse clients
Montreal, Canada
Paris, France
In the context of manufacturing IT projects, I have completed more than 15 projects, during which I have carried out the following main activities:
Design and develop high-performance SCADA, real-time and embedded systems;
Automate critical industrial processes.
Jan. 1986 – Dec. 1987 Electronics
Spectral
Paris, France
Provide technical support for customers' ICT infrastructures:
Resolve IT incidents and problems in the banking sector. Andre Boutin 2/3
EDUCATION
ACADEMIC
EDUCATION
Master degree in IT Governance, Audit and Information Security Sherbrooke University
Montreal, 2015
Second degree (DESS) in Organizational Management and Change Second degree thesis: Decision processes
Second University degree, CNAM, Paris, France, 1994
Computer Engineering
Major: Automation software systems
First University degree, CNAM, Paris, France, 1988
Computer Maintenance
College degree, Angers, France, 1985
CONTINUED
EDUCATION
ISO 31000 Risk Manager (2024)
DPO (2023) (for Quebec bill 25)
GRC P/A (Governance - Risk – Compliancy) Professional / Auditor, 2020
COBIT 2019 foundation (2020)
ITIL4 Managing Professional (2020)
ITIL4 (foundation), 2019
GDPR (Introduction - MOOC FUN), 2018
ISO 38500 Lead IT Corporate Governance Manager, 2017
RESILIA (cyber resilience) foundation and practitioner, 2015
Certified COBIT 5 Assessor and Implementer, 2014
COBIT 5 Foundation, 2013
Certified ISO 20000 Consultant/Manager and internal auditor, 2010
(IT Service Management)
CGEIT, 2010
[CGEIT: Certified in the Governance of Enterprise IT]
Certified ITIL® V3 Expert, 2009
Certified ITIL® V2 Master, 2008
Certified ISO 27001 Lead Auditor, 2008 (information security)
Certified ITIL® V2 Foundation, 2003
PROFESSIONAL
INVOLVEMENT
Member of the Canadian Standards Council to represent Canada in various ISO committees working in different areas of governance: IT, data, organizations, AI, etc. (since 2009).
References on demand
CV disponible en français
Andre Boutin 3/3
Contact this candidate