Freelancer profile translated to English.

Description

Cybersecurity, GRC, and regulatory compliance consultant,Senior Lead Auditor & Lead Implementer ISO/IEC 27001and **PECB Certified Trainer**, I support organizations on targeted, high-value-added missions.
**Internal Audit ISO/IEC 27001 & ISMS – Flash Missions**: Performance of targeted internal audits (1 to 3 days), external audits, and surveillance audits, with structured deliverables including audit plan, findings, report, and prioritized action plan (LSTI experience, ANSSI referentials).

*DORA / NIS2 Compliance**: Pragmatic support (3 to 8 days depending on scope) to assess regulatory gaps, prioritize critical requirements, and define an operational roadmap for compliance and governance. **NIS2 Lead Implementer (PECB).

*AI Governance & ISO/IEC 42001**: Short interventions for **AI risk framing and analysis (2 to 5 days)including structuring an AI Management System (AIMS), defining AI policies, mapping uses, RACI, and recommendations for alignment with ISO 27001, NIS2, DORA, and the AI Act (non-certifying approach).

**Data Protection & ISO/IEC 27701**: Implementation and extension of Privacy Information Management System (PIMS), ISMS-GDPR articulation (certified ISO/IEC 27701 Foundation – PECB).
**GRC Governance & Steering**: Creation and optimization of ISMS, risk analyses (EBIOS RM), definition of KPIs/KRIs and compliance dashboards (JIRA, Confluence, EGERIE).
**Training & Awareness**: PECB certified training (ISO/IEC 27001 Lead Auditor & Lead Implementer) and practical workshops on internal audit, regulatory compliance, and operational resilience.

What sets me apart**: Over 16 years of experience, dual expertise as a field auditor / certifying trainer, and the ability to intervene quickly on **flash projectswith immediately actionable deliverables.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Arabic
Native or bilingual
Spanish
Basic

Workplace preferences

Can work on-site

Paris (up to 50km), Nice (up to 10km), Nantes (up to 10km), Aix-en-Provence (up to 10km), Strasbourg (up to 10km)

Capago
On Malt
Internal Audit ISO/IEC 27001:2022 of the ISMS
TRAVEL AND TOURISM
December 2025 - January 2026
Paris, France
Performance of an internal audit ISO/IEC 27001:2022 within a tight deadline, with a primary focus on reviewing non-conformities from the external audit, evaluating implemented corrective actions, and verifying their operational effectiveness.

The mission covered key clauses of the standard (4 to 9) as well as a targeted sample of Annex A controls, selected based on risk level and previous findings (governance, access management, incidents, changes, logging, monitoring, operational security).

Work included:

- Interviews with Management and key stakeholders,
- Review of ISMS documentation,
- Analysis of operational practices,
- Assessment of control maturity and demonstrability,
- Formalization of findings (observations and opportunities for improvement),
- Clear and actionable reporting to secure the closure of non-conformities and enhance the overall maturity of the ISMS.

Mission conducted with high reactivity, fluid communication, and a pragmatic, value- and results-oriented approach.
Internal Audit Audit ISO 27001 GRC & ISMS Management Risk Analysis
BNP PARIBAS SECURITIES SERVICES
DEVOPS Security Champion
BANKING AND INSURANCE
June 2022 - November 2022 (5 months)
Paris, France
Secure integration of applications into the DevOps pipeline, respecting SDLC and internal policies.
Monitoring and analysis of vulnerabilities from SAST/SCA tools (Fortify, SonarQube, Nexus IQ) and coordination of remediation.
Contribution to the assessment and mapping of application risks.
Cybersecurity referent for development teams, promotion of security standards and best practices.
DevSecOps SAST Cybersecurity
DOCAPOSTE
Head of Security Certification/ISMS Manager
TECH
March 2023 - Today (3 years and 3 months)
Paris, France
ISMS and ISO 27001, eIDAS, DORA, and NIS2 compliance management.
Evaluation and compliance review of suppliers and partners.
Contribution to certifications (eIDAS, CSPN) and security consulting.
Monitoring of corrective action plans and security maturity.
Management and execution of audits, security assessments, and risk analyses.
DORA Compliance NIS2 ISO 27001 ISMS Implementation & Management GRC

Check out Alaeddine's experience

Be the first to recommend Alaeddine

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Professional Master's in Network and IS Security
Higher Institute of Computer Science of Tunis
2009
Formation axée sur la cybersécurité avancée, incluant sécurité des réseaux, protection des systèmes d’information, cryptographie, audit et gouvernance.
Engineering Degree
ENIS (Sfax, Tunisia)
2006
Diplôme d’ingénieur couvrant systèmes informatiques, systèmes embarqués et électronique digitale

Check out Alaeddine's education

PECB Certified Trainer
PECB
ISO 27001 Lead Implementer ISO 27001 Lead Auditor
ISO/IEC 27001: Senior Lead Auditor
PECB
https://www.credly.com/earner/earned/badge/abc75d3b-9bd6-4d4f-8d42-e5de5612b6c9
Risk Analysis Compliance Audit ISO Certification ISO 27002 SOA Internal Audit ISO 27000 ISO 27001 ISMS Audit Security Audit

Alaeddine's certifications are only visible to Malt Community members

Cybersecurity Expert

Alaeddine B.

Audit▪︎ISO27001▪︎DORA▪︎NIS2▪︎GRC▪︎AI▪︎eIDAS▪︎RSSI

About Alaeddine

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories