Skip to main content
NEXUS.ai
The practitioner behind NEXUS.ai

Hachem Elwachem

Fifteen years of operator experience inside Fortune 200 environments. Now embedded with scale-ups who need the same rigour without the enterprise cost structure.

I built compliance programmes for Fortune 200 companies for 15 years. Then I started working with founders. Same regulations. None of the support.

Across Philip Morris International, EY, PwC, and Siemens AG, I led global assurance, security, and regulatory workstreams spanning 70+ markets — SOX 404, ISO 27001, GDPR, SaMD readiness, SOC establishment, DevSecOps integration, SAP ERP assurance across 35 systems. I sat in front of Big 4 auditors on behalf of the companies being audited. I stood up the first-line-of-defence function governing 176 digital systems and 13 million consumers. I was the technical lead on the regulatory submission that put IQOS through FDA approval.

Then I became COO of a healthtech scale-up. Forty-plus people, four countries, pre-revenue to seven-figure ARR in eighteen months. Same regulatory obligations as the Fortune 200. None of the infrastructure, none of the team, none of the budget.

That contrast is why NEXUS.ai exists. The expertise gap between regulated enterprises and the companies being built today isn't a knowledge gap — the regulations are public. It's a delivery gap. Startups don't need more frameworks; they need someone who has already run the programme inside a regulator-facing organisation and can translate that into their scale.

Track record

  • 150+ companies audited across 10+ regulated sectors
  • 176 digital systems governed at PMI — 70+ markets, 13M+ users
  • 30% testing cost reduction via CMDB and virtual asset tagging
  • 60% vulnerability management efficiency gain
  • FDA submission & approval for IQOS — GRC technical lead
  • SOX 404 global ownership: Order-to-Cash, Procure-to-Pay, Inventory

Credentials

Education

  • 2022 · Harvard X — Leading in a Remote Environment
  • 2021 · INSEAD — Developing Emerging Leaders
  • 2010 · SKEMA — MSc Information Systems Management (Grande École)
  • 2008 · IHEC Carthage — MSc Business Administration (Marketing)

Certifications

  • CISA — Certified Information Systems Auditor, ISACA
  • ITIL V4 — Service Management Foundation
  • SAP E2E 100 — Incident & Problem Management

Technical domains

EU AI Act NIS2 ISO 27001 ISO 42001 ISO 13485 GDPR SOC 2 SOX 404 SaMD COBIT COSO DevSecOps KSA ECC TPRM
Career

Fifteen years inside the engine rooms.

  1. 2025 — Present
    Founder · NEXUS.ai
    Fractional CRCO / CISO / DPO for scale-ups across MENA and Europe. AI governance (EU AI Act, ISO 42001), SaMD regulatory readiness, NIS2 compliance programmes.
  2. 2023 — 2025
    Chief Operating Officer · Nabed Ltd (Riyadh · Paris · Tunis)
    HealthTech scale-up. Four countries, 40+ FTEs. Scaled from pre-revenue to seven-figure ARR in 18 months. Built the entire technical and operational framework from scratch. GDPR and KSA ECC compliance. 25% productivity gain via CRM/IT automation.
  3. 2022 — 2023
    Global Head of Assurance · Philip Morris International (London)
    First Line of Defence across 176 digital systems, 70+ markets, 13M+ consumers. Built the Global Security Operations Centre. SOX/ITGC governance on 60+ controls. 30% testing cost reduction. 60% vulnerability management efficiency gain.
  4. 2020 — 2022
    Global Head of Operational Readiness · PMI (London)
    DevSecOps transformation across six global platforms, 140 systems, 10M+ users. 20% faster time-to-market. 50% fewer release incidents. ITIL V4 service catalogues aligned to business outcomes.
  5. 2018 — 2020
    Global Risk & Controls Manager · PMI (Lausanne)
    Technical Lead on FDA submission and approval of IQOS. Owned SOX for Order-to-Cash, Procure-to-Pay, and Inventory globally. Digital risk architecture for B2B-to-B2C transition — e-commerce, POS, subscriptions, CRM in Agile/DevOps environments.
  6. 2016 — 2018
    Lead IT Auditor & Global Trainer · Siemens AG (Munich)
    Global Trainer for IT Governance and GRC methodologies across the Siemens group. Global SAP Basis assurance for 35 ERP systems with 5 regional teams. Improved third-party assurance on a multi-billion-dollar IT services contract.
  7. 2013 — 2016
    Manager · IT Risk Advisory · PwC (Paris)
    Revenue Assurance and Telecoms Technology lead for PwC France. Managed a 39-account portfolio: ITGCs, SOX 404, ISAE 3402, SSAE 16, SOCX. Recruited and led 30+ consultants.
  8. 2010 — 2013
    Senior IT Auditor · EY (Paris)
    Functional design owner for a major SAP ERP rollout at a global insurance market leader. Business process auditing and risk mapping for Fortune 500 clients.

Want the same operator in your corner?

30-minute scoping call. No pitch — a structured diagnostic of what applies to you and what to do about it.

Request scoping