Freelancer profile translated to English.

Description

With 8 years of professional IT experience, including 4 years in Financial Institutions, my technical skills and strong knowledge of the production environment are daily assets in managing security or infrastructure projects.

My primary goal is not to provide technical solutions to technical teams, but to help them define the best solution for the company in terms of Processes, Management, and Technical aspects.

Through my experiences, I understand that security is not just a technical issue, but also a human one. I have therefore decided to align my security activities with security standards and methodologies, with a GRC approach.

Security is increasingly a key element in supporting business growth today.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

Sopra Steria
Security Expert
BANKING AND INSURANCE
April 2025 - Today (1 year and 2 months)
Paris, France
**Team Lead**: Coordination of cybersecurity experts, management of deliverables for the client, and support for the skill development of junior consultants.

**Risk Analysis**: Performance of IT & Cyber risk analyses (Ebios RM), vulnerability mapping, and treatment plans.

**Architecture Review**: Azure, AWS, Kubernetes, Docker technical stack.

**Governance**: Facilitation of steering committees, KPI monitoring, and regular reporting.

Analysis of technical architecture documents
Security recommendations
Review of pentest results, SOC reports, due diligence
Evaluation of security assurance plans
Key standards and regulations: NIS2, DORA, DFS (NYDFS 500).
Technical environment: Microsoft Azure, Cloud native (Kubernetes, Docker) API, Infra As Code, Secrets management, AI project implementing LLM models, RAG
Cloud Architect Cybersecurity ISO 27001 EGERIE EBIOS RM
BNP Paribas
Security Expert
BANKING AND INSURANCE
April 2023 - April 2025 (2 years)
Paris, France
• • Cyber Risk Analysis: Performance of in-depth risk analyses including assessment, analysis, and proposal of risk treatment and mitigation plans.
• • Risk Communication: Preparation of reports and presentations for the CISO, MOA, MOE, and business units.
• • Risk Monitoring: Continuous monitoring of information security risks and updating the risk register.
• • Process Industrialization: Implementation of an Excel tool (based on ISO27005) to empower business teams to perform risk analyses.
• • Vulnerability Management: Coordination of the identification, analysis, and prioritization of vulnerabilities within the IS and internet-exposed applications. Implementation of remediation plans in collaboration with technical teams.
• • Third-Party Security: Implementation and management of the Third-Party Risk Management (TPRM) program, including assessment of risks related to suppliers and partners, and monitoring of supplier compliance with DORA.
• • GRC Documentation: Creation and maintenance of documentation related to security policies (network, cloud, procedures).
• • Technical Architecture Security: Security review of Proxy exceptions, flows, Pentest Review, IAM, Network security…)
• • Technical environment: IBM Cloud, Microsoft Azure, Microsoft 365, Cloud native (Kubernetes, Docker) API, Infra As Code, Micro-segmentation, HashiCorp vault secrets management, Bitsight vulnerability assessments, Qualys VM, AI stack deployment
IBM Cloud Cybersecurity ServiceNow AWS Cloud international environment
Devoteam
IT Risk & Cyber Analyst (Aerospace & Energy Sector)
AVIATION AND AEROSPACE
April 2022 - April 2023 (1 year)
Toulouse, France
Client Mission AIRBUS: IT Risk & Cyber Analyst (Aerospace Sector)
• Risk Analysis: Performance of in-depth risk analyses including assessment, analysis, and proposal of risk treatment and mitigation plans.
• Technical Environment: Cloud AWS and On-prem App/Infra.
• Analysis Method: EBIOS RM.
Client Mission EDF: Application Security Expert (Energy Sector)
• Risk Analysis: Performance of in-depth risk analyses including assessment, analysis, and proposal of risk treatment and mitigation plans.
• Application Security: Security analysis of technical architecture documents (Application and infrastructure); Verification of compliance with the ISPS; Security recommendations and remediation solutions; Security review of exceptions.
• Security Consulting/Expertise: Architecture study, Project support; Technical recommendations, Security requirements identification; Risk analysis and security study of cloud architectures.
• Third-Party Security: Support for drafting Technical Specifications (CCTP) and assistance with bid analysis (TPRM).
• Validation of Security Guides:
Creation, analysis, and validation of security guides for various technologies used (OS, Middlewares, and application tools).
• Technical Environment: Cloud AWS and On-prem App/Infra