Aissame El Alaoui

 Cybersecurity Risk Analysis

• Risk management according to ISO/IEC 27005 (method used: EBIOS)

• Production of security deliverables (including risk analyses, security assurance plans, and security opinions)

• Presentation of security deliverables to CISOs and risk reassessment

• Analysis and processing of security exceptions (flow openings, authorizations...)

 Integration of Security in Projects

• Monitoring the application of the security approach of the France networks division

• Regulatory compliance (GDPR, DSP2, and other banking regulations...) within the framework of risk analysis (including risk analyses, security assurance plans, and security opinions)

• Presentation of security deliverables to CISOs and risk reassessment

• Security consulting actions for project teams and solution architects during various project phases

• Study of business needs and review of technical and application architectures to recommend security measures

• Assistance in projects for their risk reporting to brands

• Translation of group standards into security policy and production of guides and instructions



Training and awareness of employees

• Onboarding and training of new team members on functional and technical aspects

• Awareness of information system security for project owners and IT department project teams



Implementation of a service center

• Specification of client needs

• Participation in drafting the response to the call for tenders

• Welcoming, training, and supporting new analysts

• Quality control and validation of deliverables before delivery

• Implementation of a continuous improvement approach (process optimization, definition of procedures and tools).

 Project management and management of project security support activities

• Management of quality, costs, and deadlines for work to be carried out for the service center

• Management of the capacity plan for the analyst pool

• Assignment of tasks to analysts

• Quality control and validation of security deliverables before delivery and presentation to CISOs

• Participation in team reorganization, improvement of project support activities, industrialization of support activities, and redesign of security deliverable templates.

 Additional Functions

• Security referent for PASF projects

• Security referent for the definition of the risk remediation process

• Creation of eligibility grids for the use of the internal and/or external cloud platform

• Management of the security of outsourced service centers (CSE) and production of security assurance plans

 Implementation of ISMS (Canada, Morocco, and India)

• Conducting information security audits in accordance with ISO27001, ISO27002 standards

• Evaluation of compliance with security standards and recommendation of improvement measures

• Analysis and evaluation of information security risks in accordance with standards (ISO27005, NIST)

• Drafting of security procedures with awareness of the populations concerned

• Planning, design, and implementation of an ISMS

• Development and monitoring of action plans for compliance

• Assistance in defining and implementing information security policies

 Cybersecurity Risk Analysis

• Project management, schedule and budget management

• Definition of business needs

• Production of security deliverables

 Security management of security equipment

• Integration of security equipment

• L2 Support (Firewalls, Servers, Proxy)

• Windows Server and ESXI Administration

• Office 365 Deployment