Freelancer profile translated to English.

Description

I am Ana, a GRC Cybersecurity Consultant, certified CISSP, CISM, CISA, ISO 27001 Lead Implementer and Auditor, EBIOS Risk Manager, and PMP (project management).

I have carried out GRC-oriented missions such as CISO support, PCI DSS, ISO 27001, DORA, and GDPR compliance.

I have also conducted numerous risk analyses according to ISO 27005 and EBIOS RM.

🛡️ Information Security Governance (ISG) - CISO Assistance

- Assistance in defining and steering the Cybersecurity roadmap

- Drafting of Security Policy (PSSI), security procedures, and processes

- Assistance with DORA, PCI DSS, and ISO 27001 compliance

- Risk analysis and definition of the action plan

- Training CISOs on the EBIOS RM methodology

- Cybersecurity / GRC project management

- Creation of ISG awareness materials

- Preparation for cybersecurity audits

- Cybersecurity / IT security audits

- IT security / GRC management and steering

- GRC Consultant missions

📜 PCI DSS, ISO 27001, GDPR, DORA Compliance

- Support for establishing (BUILD) and maintaining compliance (RUN)

- Preparation for PCI DSS and ISO 27001 certification audits

- Controls for maintaining compliance with ISO 27001, PCI DSS, and GDPR

🌐 IT Risk Management and Analysis

- Perform risk analyses according to EBIOS RM / ISO 27005

- Integration of security into projects (ISP)

- Keep the cybersecurity risk map up to date

- Monitor the cybersecurity risk treatment plan

🌍 Third-Party Risk Management (TPRM)

- Definition of the supplier audit program

- Management of ICT service provider risks (DORA)

- Supplier audits according to PAS (Security Assurance Plan)

- Monitoring the implementation of audit recommendations by the supplier

📩 Contact me today to discuss your project!

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

Cyber-Flow
GRC Cybersecurity Consultant
BANKING AND INSURANCE
October 2024 - Today (1 year and 8 months)
Paris, France
Drafting Cybersecurity Documentation:
🎯 Creation of Cybersecurity Policies (PSSI) and BCP/DRP
🎯 Performing Risk Analyses (EBIOS Risk Manager / ISO 27005)
🎯 Completion of Security Questionnaires / PAS (Security Assurance Plan)
🎯 Definition of a roadmap adapted to the Business / Cybersecurity context
🎯 Support on GRC (Governance, Risks, Compliance) aspects of Cybersecurity

Startup Support - GRC Cybersecurity Lead:
🎯 Support on Cybersecurity issues (quick wins approach)
🎯 Structuring the Security documentation foundation
🎯 Completion of Security Questionnaires (strengthening responses to RFPs)
🎯 Steering the Security roadmap
🎯 Preparation for ISO 27001 certification

ISO 27001 / ISMS Compliance:
🎯 Definition of the ISO 27001 certification scope and ISMS framework
🎯 Performing ISO 27001 audits and gap analyses against the standard
🎯 Definition and monitoring of ISO 27001 compliance action plans
🎯 Steering the BUILD phase up to certification achievement
🎯 Internal training / awareness of teams on ISO 27001 requirements
🎯 Performing security controls for certification maintenance (RUN)

Risk Management - Cybersecurity Risk Mapping:
🎯 Development and maintenance of the IT and Cybersecurity risk map
🎯 Evaluation of risks related to Information System Security (ISS)
🎯 Definition and monitoring of security remediation plans
🎯 Consulting for business units on Cybersecurity risk management
🎯 Acting as an interface between Cybersecurity Consultants and the CISO
Cybersecurity IT Security Security Policy Security ISO 27001
MAIF
Cybersecurity / GDPR Third-Party Audit Program Manager
BANKING AND INSURANCE
January 2025 - Today (1 year and 5 months)
Paris, France
DORA Compliance - Third-Party Risk Management (TPRM):
🎯 Development and steering of the third-party risk management strategy
🎯 Steering of the Cybersecurity / GDPR supplier audit program
🎯 Coordination of Cybersecurity / GDPR audits
🎯 Analysis of supplier risks
🎯 Monitoring of corrective action plans
🎯 Contribution to DORA regulatory compliance
🎯 Awareness of business units on service Cybersecurity
🎯 Management and monitoring of third-party Cybersecurity scores (Cybernotation tool)
🎯 Implementation of committee governance related to third-party cybersecurity risks
🎯 Reporting to the CISO and Risk Manager on third-party cybersecurity risks
🎯 Transversal coordination between internal teams (CISO, ISG, DPO, Procurement, Business Units) on Security topics
🎯 Optimization of cybersecurity risk management processes
🎯 Steering and transversal communication on GRC-related topics
DORA Cybersecurity Security Risk Analysis CISO
Chequers Capital
GRC Cybersecurity Consultant
BANKING AND INSURANCE
November 2024 - February 2025 (3 months)
Paris, France
Updating Security Documentation following a DORA Audit:
🎯 Identification of DORA gaps
🎯 Updating the PSSI according to cybersecurity best practices and DORA compliance
🎯 Definition of a third-party control plan (TPRM)
🎯 Updating the BCP and creating scenarios for the DRP
🎯 Drafting of incident management and crisis management procedures
🎯 Performing risk analysis using EBIOS RM, with CISO training
🎯 Supporting the CISO on cybersecurity GRC aspects
Risk Analysis Cybersecurity GRC Security DORA

Check out Ana's experience

Jerome

Heroiks Media

Reviewed on 9/18/2025

I would like to thank Ana for her availability, her listening skills, her rigor, and her business expertise. We were able to draft our PSSI in record time. I recommend her 100%.

Axel

Studio Async

Reviewed on 5/7/2025

Ana is rigorous, available, and highly competent. She was able to support our SME in all aspects of ISG governance, balancing the rigidity of protocols with feasibility for a small structure. I recommend her!

Show all 4 reviews

Camille Durande and 1 other person have recommended Ana

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master's Degree in Digital Cybersecurity
INSA Lyon
Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Pentest / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité / Protection des données (RGPD) / Cloud et Sécurité / Consultant GRC / Sécurité des infrastructures / Audit Sécurité
Master's in Information Systems Risk Management
University of Poitiers
Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité

Check out Ana's education

CISSP
ISC²
2025
https://www.credly.com/badges/17470882-399e-49aa-b2c7-787736966945/public_url
Cybersecurity Audit Cybersecurity ISO 27001 Security Risk Management DORA GRC Consultant Security Policy ISG Governance BCP/DRP
CISM
ISACA
2024
https://www.credly.com/badges/8ce9c866-2853-43f6-a7a3-982fd39b0610/public_url
risk manager ISO 27001 Cybersecurity Security Risk Management GRC ISG Governance BCP/DRP GDPR IT Security

Ana's certifications are only visible to Malt Community members

IT Project Manager

Cybersecurity Expert

Ana Griman

GRC Cybersecurity - CISO

About Ana

Experience

Reviews

5.0

Quality

5.0

Deadline

5.0

Communication

5.0

Jerome

Axel

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories