Freelancer profile translated to English.

Description

Senior GRC Consultant specialized in information security governance, risk management, and ISO 27001 compliance. Experience in conducting compliance audits and organizational audits (ISO 27001, HDS v2, CIS Benchmarks), performing internal audits, and assisting with certification. Expertise in implementing and improving ISMS, developing security documentation (PSSI, policies, procedures), and conducting risk analyses (EBIOS RM, ISO 27005). Also involved in organizational resilience measures including BCP/DRP and cyber crisis exercise preparation and management.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

BNP PARIBAS
GRC Consultant
BANKING AND INSURANCE
December 2022 - December 2025 (3 years)
Montreuil, France
Evaluation of compliance and support for the governance of cloud and on-premise application security according to ISO 27001:2022 and internal group policies,
 Design and update of cybersecurity policies, procedures, and dashboards to strengthen risk governance,
 Performance of ISO 27001:2022 and CIS Benchmark audits, development of the Statement of Applicability, and management of security action plans,
 Integration of security into projects and monitoring of technical solution implementation,
 Contribution to the design of application projects with security integrated from the start and continuous compliance monitoring of containerized environments (Docker, Kubernetes).
Management of Kubernetes infrastructure runtime policies as well as vulnerability policies,
 Stakeholder interviews,
 Business interviews,
 Verification of application compliance rules (ISO 27001, Nist 800, GDPR, Docker, Kubernetes),
 Contribution to the design and deployment of a container security architecture based on Sysdig Secure, including:
• deployment of agents on Kubernetes / VM environments
• securing traffic between agents, Cloud registry (read-only access), and SaaS console
• integration of vulnerability scanning (CVE) and runtime monitoring
• implementation of least privilege principles, encryption, and access control
ISO 27005 Audit ISO 27001 Lead Implementer ISO 27001 Lead Auditor HDS
Groupe Mousquetaire
GRC Consultant
RETAIL (SMALL BUSINESS)
October 2020 - November 2022 (2 years and 1 month)
Châtillon, France
 Governance audit and risk analysis using the EBIOS RM method on the critical application systems of the Groupement Mousquetaires,
 From identification to implementation of measures, including qualification and design,
 Identification of stakeholders and strategic scenarios,
 Identification of business values, risk sources, and operational scenarios to prioritize threats and define appropriate security measures,
 Development of a treatment plan and complementary security measures
 Definition and implementation of security measures to reduce critical risks and improve overall compliance
Online VIP Consulting
ISO Consultant
October 2017 - September 2020 (2 years and 11 months)
 Support for several entities (ATB, SAGEM, BS-Solution) towards ISO 27001 compliance and risk management according to ISO 27005/EBIOS 2010
 Design and deployment of a certifiable ISMS: governance, PSSI, SoA, dashboards, and corrective action plans.
 Strengthening security maturity through staff awareness and implementation