Freelancer profile translated to English.

Description

Senior consultant with over 20 years of experience. I support CIOs and CISOs with their cybersecurity challenges in projects, using a hands-on, risk-oriented approach based on feedback. Proactive, I combine technical and functional expertise, consulting, arbitration, and secure integration in contexts with high stakes in compliance, digital transformation, and security management.

Industry field of expertise

Languages

English
Native or bilingual
French
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

Administration publique
ISO27001 Compliance Audit
November 2024 - Today (1 year and 7 months)
Compliance audit to detect gaps related to regulatory changes, highlight persistent non-conformities, provide recommendations, and define an action plan.
BPLS (BNP Leasing Solutions)
IT Risk Consultant – Consulting & Cross-functional Risk Management
April 2022 - April 2023 (1 year)
Levallois-Perret, France
Identification, management, and cross-functional monitoring of IT and business risks from multiple sources, and follow-up of mitigation plans, with an integrated approach combining technical and functional analysis, including:
Qualification of critical vulnerabilities from scans and penetration tests
Analysis of impacts related to projects and risks from historical incidents, Shadow IT, IAM, regulatory changes, permanent controls, etc.
Prioritization of risks based on scoring and assessment of coherence with the operational context
Management of technical and organizational remediation plans with project and business teams
Launch and management of the Shadow IT campaign in Europe: awareness, communication, and support for CISOs in various European entities.
Drafting and deployment of operational procedures and security guidelines within European subsidiaries.
Establishment of strategic reporting and dashboards for management committees.
Coordination of risk committees with European subsidiaries, monitoring critical risk levels, and validation of corrective plans.

Environments: GRC Service Now, ISO31000, Cloud, Third Parties, Risk Analysis, NIST, SIEM, Pentest, Operational Security
GRC Risk Analysis
SOCIETE GENERALE
Management – Support for Projects of Central Departments of the SG Group
BANKING AND INSURANCE
December 2020 - April 2022 (1 year and 4 months)
Integration of security into critical application projects, in coordination with architecture and business teams
Functional & Technical Security Expertise (rebound, populations & roles, access control, data flows, API Security...)
Assessment of cyber risks related to BIGDATA use cases
Analysis and reporting of technical risks (architecture, services, ...)
Compliance with the governance of existing security services
Managerial reporting support
Security committee
IT Architecture Cybersecurity Strategy Cybersecurity Governance