Philippe Bourdon
CIO / CISO executive profile + fit-check chatbot

Strategy-to-execution leadership for teams that need faster delivery, resilient platforms, and trusted operations.

Executive leader with equal depth across CIO and CISO mandates, open to CIO, CISO, or combined responsibilities based on business needs.

I help leadership teams translate priorities into shipped outcomes, stable platforms, and durable trust with customers and regulators.

Run Fit CheckBook timeLinkedInResume
See capabilities
Execution cadence
roadmap, owners, measurable outcomes
Platform reliability
SLOs, resilience, and cost discipline
Trust posture
security, compliance, customer confidence

CIO / CISO outcomes

Outcomes you can measure across delivery, resilience, and trust.

Match me to a JD
Define and execute technology strategy tied to business priorities through multi-quarter roadmaps, architecture choices, and measurable delivery outcomes.
Modernize infrastructure and cloud platforms with reliability, scalability, and cost discipline built into day-to-day execution.
Improve engineering delivery with practical SDLC, DevOps/SRE, release quality, and developer enablement practices.
Translate customer and regulatory expectations into practical controls and ways of working that fit the company's maturity and risk profile.
Design and stand up ISMS programs and audit readiness for ISO 27001 and SOC 2 with clear control ownership and evidence.
Strengthen resilience and security with incident response playbooks/tabletops, IAM hardening, monitoring/logging, and vulnerability management.

Capabilities

I run practical execution systems across technology and security: clear priorities, accountable owners, and measurable outcomes.

Enterprise Technology Strategy + Delivery
Portfolio priorities, architecture direction, and execution cadence that keep systems reliable and teams productive.
  • Portfolio and roadmap planning tied to business outcomes, budget, and capacity
  • Architecture and platform standards that improve reliability, scalability, and cost efficiency
  • Execution cadence across product, engineering, and IT operations with clear ownership and metrics
Infrastructure + Platform + Engineering Delivery
Reliable foundations and delivery practices that let teams ship safely and quickly.
  • Infrastructure and cloud platform modernization across network, compute, storage, and observability
  • Engineering enablement: SDLC standards, DevOps/SRE practices, and release quality
  • Reliability disciplines: service objectives, capacity planning, runbooks, and recovery readiness
Technology + Security Strategy + Executive Alignment
Business-aligned leadership with decision-ready tradeoffs across growth, delivery, risk, and compliance.
  • Translate business strategy and customer commitments into integrated technology and security roadmaps
  • Board/auditor/customer communication in plain language (posture, risk narratives, tradeoffs)
  • Cross-functional decision framework across engineering, IT operations, security, and compliance with clear ownership
ISMS + Audit Readiness (ISO/SOC 2)
Defensible controls and evidence that match reality.
  • ISO 27001-aligned ISMS design and implementation; SOC 2 readiness
  • Risk assessments that meaningfully justify controls (not copy/paste templates)
  • Audit and customer security reviews: evidence, narratives, and standard-based defenses
Incident Response + Resilience
Prepared teams and steady leadership when pressure is highest.
  • Incident response plans, playbooks, and tabletop exercises
  • Executive/customer communications during incidents; calm, action-oriented updates
  • Operational resilience improvements that are sustainable for lean teams
Cloud + Identity + Security Operations
Security guardrails that support speed instead of blocking it.
  • Cloud-native security architecture and right-sized guardrails
  • Identity strategy: SSO, MFA, privileged access, and joiner/mover/leaver processes
  • Monitoring/logging and vulnerability management practices that teams can maintain

Experience

Selected roles and outcomes.

Mastech Digital — Chief Information Officer / Chief Information Security Officer
2023 – Present · Pittsburgh, PA

Own enterprise technology and security outcomes across infrastructure, engineering delivery, risk, and compliance in a multi-client service model.

  • Directed enterprise operating-model redesign across IT, engineering, and security to improve execution cadence and accountability.
  • Established board and audit reporting cadence with decision-ready technology investment, risk, and control maturity metrics.
  • Achieved ISO 27001/27701, SOC 2 Type II, and GDPR alignment within 12 months through enterprise control redesign and evidence discipline.
C&S Wholesale Grocers — Vice President, IT Infrastructure
2018 – 2023 · Keene, NH

Led enterprise infrastructure, cloud, and core platform operations for a $30B national grocery distribution business.

  • Negotiated a $68M Google enterprise agreement and migrated 400+ applications (~90% of workloads) to GCP in 18 months.
  • Managed a large annual IT operating budget while improving resilience and service continuity across 52 distribution centers.
  • Modernized enterprise network and security architecture with a 60-firewall refresh and SD-WAN rollout delivered with zero downtime.
  • Accountable for enterprise security architecture, network segmentation, and platform hardening across 52 distribution centers.
Survey Sampling International — VP of IT Infrastructure & Global Support
2013 – 2018 · Shelton, CT

Directed global infrastructure, support, and security operations in a shared-services model spanning 30 international offices.

  • Led global infrastructure and support operations across 30 international offices with standardized service governance.
  • Executed secure data center migrations to compliant colocation facilities with controlled regional cutovers.
  • Reduced vulnerability exposure by 30% through unified IAM and endpoint security standards.
  • Directed global security operations, IAM governance, and endpoint control standards across 30 international offices.
Webster Financial Corp — VP of Enterprise Systems
2004 – 2013 · Waterbury, CT

Led enterprise systems and infrastructure modernization in a regulated financial-services environment.

  • Led enterprise systems modernization to reduce legacy complexity and improve platform stability in a regulated environment.
  • Completed two data center migrations to compliant colocation facilities while preserving business continuity.
  • Maintained regulatory alignment through multi-year infrastructure and platform transformation governance.
  • Partnered directly with OCC examiners during regulatory audits, supporting infrastructure, control, and security governance reviews within a federally regulated banking environment.
IKON Office Solutions — Sr. AIX Administrator / Project Manager
1999 – 2004

Built foundational leadership from hands-on UNIX/AIX operations into cross-functional project delivery.

  • Owned mission-critical UNIX/AIX production platforms and service reliability.
  • Progressed into project leadership, coordinating cross-functional teams and vendor delivery.
  • Built systems engineering and incident-response discipline that informs executive decision-making today.

Skills

Snapshot across security, infrastructure, and development leadership.

Security Skills
24
Governance, risk, compliance, resilience, and security operations.
CISOFractional CISOvCISOSecurity strategySecurity operating modelSecurity architectureRisk managementRisk assessmentBoard reportingExecutive communicationSecurity governanceGRCISMSISO 27001SOC 2GDPRNIST CSFThird-party riskCustomer security reviewsIncident responseTabletop exercisesOperational resilienceCloud securityCloud-native SaaS
Infrastructure Skills
20
Cloud, platform reliability, IT operations, and service delivery.
IT strategyTechnology strategyDigital transformationIT operationsIT service managementITSMITILService deliveryService deskIncident managementProblem managementChange managementCMDBSLACloud securityCloud-native SaaSAWSAzureMonitoringLogging
Development Skills
20
Engineering delivery, SDLC, and application development leadership.
Operational resilienceDigital transformationTechnology strategyMonitoringLoggingSoftware engineering leadershipApplication architectureSDLC governanceAgile delivery managementDevOps enablementCI/CD pipeline designCode quality and testing strategyAPI and integration architectureMicroservices and distributed systemsDeveloper productivity systemsRelease and environment managementSecure-by-design developmentTechnical debt reductionEngineering operating metricsProduct and engineering alignment

Operating model

How I start, how I build trust, and how I keep security from turning into theatre.

01
Assess
Risk register, control reality-check, and crisp threat model for the business.
02
Align
Translate risk into priorities, budget, and a roadmap the org can execute.
03
Execute
Tight feedback loops: guardrails, tooling, and partner teams that actually deliver.
04
Operate
Metrics, drills, and governance that keep the program healthy under pressure.
Education & languages
Education
  • Master's Degree, University of Pittsburgh
  • Bachelor of Arts, Western Connecticut State University
  • Leading & Managing Globally, Yale School of Management
Languages
  • English (fluent)
  • French (fluent)

Want a sharper signal?

Send a job description and I’ll tell you exactly where I’m a strong match, where I’m not, and what I’d do in the first 90 days.

Email meRun Fit CheckBook timeLinkedInResume
Powered by HireFlow