Freelancer profile translated to English.

Description

Senior Cloud Security Architect – AWS, Azure & GCP Expert, with 18 years of experience including 10 years in cloud environments (AWS, Azure, GCP), I specialize in designing secure multi-cloud architectures and managing digital transformation.

Trainer in TOGAF Enterprise Architecture, Agile Safe, ITIL4, and IT Governance, I support companies in their digital transformation by creating scalable, resilient solutions compliant with international standards (ISO 27001, SOC2, NIS2, GDPR).

My expertise extends to the implementation of Landing Zones, networking, encryption, log management, Identity and Access Management (IAM), as well as infrastructure automation and data protection (data perimeter). I help my clients improve their security posture while optimizing their cloud costs, by integrating advanced encryption technologies and Zero Trust security strategies.

Key Skills:

Design of scalable Landing Zones and multi-cloud architectures
Identity and Access Management (IAM) and Zero Trust (AWS IAM, Microsoft Entra ID and PIM, Google IAM)
Encryption and Data Protection (HSM and cloudHSM, AWS KMS and xKS, Azure Key Vault, Google Cloud KMS)
Automation of Landing Zone and Security Implementation (Azure CAF Terraform, AWS WAR, Fabric FAST GCP)
Multi-cloud Security Posture Management (CSPM Defender, PRISMA, AWS, Azure, GCP)
Compliance and IT Governance (ISO 27001, SOC2, NIS2, GDPR)
Cloud Transformation Management and migration strategy
Training teams in Cloud Architecture and Digital Transformation towards a high-performing CCoE.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Courbevoie (up to 30km)

Société Générale
Cyber Security Lead Architect
February 2024 - Today (2 years and 4 months)
Île-de-France, France
Lead Cybersecurity Architect within the Group's Cloud Security program at Société Générale.
Roles and achievements:
Implementation of a global digital certificate management strategy, centralization via HashiCorp Vault, and integration with multi-cloud environments (Azure and AWS).
Design and deployment of Zero Trust policies, securing access with MFA, Conditional Access, and hardening privileges via RBAC to reduce cyber threat risks.
Development and application of compliance standards (ISO 27001, GDPR), conducting security audits, identifying gaps, and implementing corrective action plans.
Automation of multi-cloud IAM security processes, integration and management of identities with Azure AD, AWS IAM, and SAML identity federation for efficient access management.
Deployment of a secure infrastructure for sensitive data management, encryption of critical data with HSM.
Support for project teams in securing cloud workloads and critical migrations.
Technical Environment:
Azure: Azure Policy, Conditional Access, Privileged Identity Management (PIM), Key Vault, Azure AD, Azure Sentinel, RBAC, Azure Firewall, Azure Monitor.
AWS: IAM, GuardDuty, AWS Config, Security Hub, AWS KMS, CloudWatch, AWS Inspector, WAFv2, Security Groups, Direct Connect.
Security: HashiCorp Vault, HSM, KMS, MFA, RBAC, Terraform, Splunk, SAML Federation.
Standards and Compliance: ISO 27001, GDPR, Zero Trust Architecture.
Everwise
CTO, Cloud & Security Advisor at Everwise
January 2020 - Today (6 years and 5 months)
Courbevoie, France
As CTO and Senior Cloud Security Advisor at Everwise, an IT consulting firm specializing in cloud transformation and cybersecurity, I am responsible for defining and implementing security strategies for our clients, as well as upskilling technical teams.

Roles and achievements:
Securing client cloud infrastructures
Design and deployment of secure architectures on AWS, Azure, and multi-cloud environments.
Implementation of security best practices: data encryption (KMS, HSM, Vault), Zero Trust, IAM, SSO, MFA.
Assisting clients with ISO 27001, GDPR, HDS/GDS compliance, and other regulatory standards.
Automation and securing of deployments with DevSecOps, CI/CD, and Infrastructure as Code (Terraform, Ansible, etc.).
Development of cloud transformation and cybersecurity roadmaps for our clients.
Architecture and security of SaaS applications, cloud-native and hybrid infrastructures.
Cybersecurity audit and risk management, definition of Zero Trust strategies and privileged access management (PAM, PIM).
Certified trainer for TOGAF, PRINCE2, ITIL4, SAFe Agile, and best practices in IT governance and project management.
Coaching IT and business teams on Agile methodologies and secure digital transformation.
Training on risk management and cloud infrastructure compliance.
EDF
Cloud Security Lead Architect
March 2017 - December 2023 (6 years and 9 months)
Île-de-France, France
As Lead Architect within the group's cloud transformation program.
Roles and achievements:
Establishment of a group-wide CCoE and facilitation of Cloud Architecture and Security committees.
Development and validation of technical architectures and solutions for Cloud transformation (AWS, Azure, and GCP).
Drafting of the Cloud ISMS (Information Security Management System).
Implementation of the multi-cloud IAM strategy.
Implementation of HSM encryption for sensitive data.
Management of multi-cloud compliance policies on Azure and AWS.
Implementation of AWS, Azure, GCP Cloud Landing Zones.
Implementation of Direct Connect interconnection infrastructure.
Migration of 110,000 users to Office 365.
Technical Environment:
AWS Landing Zone: VPC Segmentation, Transit Gateway, Direct Connect, security groups, NACLs, Transit VPC, DNS, Route53, Proxy, FW/IPS. Management of AWS KMS and HSM encryption, IAM identity and role management, SAML identity federation; AWS Config, AWS Inspector, AWS Trust Advisor, GuardDuty, WAFv2, Security Hub, AWS SSM.
Azure Landing Zone: Azure CAF Terraform, Azure billing and Active Directory tenant, Identity and Access Management (RBAC), Azure Policy, Azure AD Conditional Access, Privileged Identity Management (PIM), Azure Sentinel, Network topology and connectivity VNET, Azure Firewall.
GCP Landing Zone: FastFabric Terraform, billing account, Cloud Identity group, folder, service accounts, External Application LB, Firewall policy, GKE, Cloud Function, KMS, SecretManager, VPC Service Controls.