About Ana
French
Native or bilingual
English
Fluent
Experience
- MAIFCybersecurity GRC / TPRM Consultant (DORA)BANKING AND INSURANCEJanuary 2025 - Today (1 year and 7 months)Paris, FranceStructuring and coordinating a Cybersecurity and GDPR risk management program related to third parties within the framework of DORA regulation.🔹Third-Party Risk Management (TPRM)- Definition of the strategy for assessing and managing Cybersecurity and GDPR risks related to third parties- Qualification and prioritization of third parties based on their ISMS - GDPR criticality- Analysis of Cybersecurity - GDPR risks related to third parties (EBIOS RM)- Integration of third-party risk management into governance and oversight processes- Contribution to DORA compliance🔹Coordination of the Cybersecurity - GDPR Audit Program- Coordination of an annual portfolio of 80 supplier audits- Planning of ISMS - GDPR audit campaigns and priority arbitration- Management of relationships with audit firms and internal stakeholders (CISO, ISMS, DPO, ...)- Monitoring of Cybersecurity remediation plans🔹Deployment of Cyber Rating- Deployment and integration of a Cyber Rating system to monitor third-party risks (DORA)- Definition of rules for onboarding, maintaining, and removing third parties (based on Cybersecurity scoring)- Utilization of Cybersecurity results to inform oversight and prioritization decisions🔹Governance, Cross-functional Coordination, and Continuous Improvement- Facilitation of governance bodies and coordination of stakeholders (CISO, ISMS, DPO, Procurement, Business Units, Risk Manager, ...) on security topics- Formalization of Cybersecurity processes, workflows, and RACI matrices- Definition of KPIs, ISMS dashboards, and TPRM program reporting- Alignment of Cybersecurity processes with other company risk management frameworksKeywords: TPRM, risks, DORA, compliance, CISO, CSO, ISMS, security, cybersecurity, ICT, IT, resilience, audit, GRC, cybersecurity, IT, ACPR, control.
- Cyber-FlowCybersecurity GRC ConsultantBANKING AND INSURANCEOctober 2024 - Today (1 year and 10 months)Paris, France🔹Cybersecurity GRC / CISO / CSO Referent- CISO assistance and GRC topic support- Cybersecurity challenge support- Structuring of ISMS governance and the Security documentation foundation- Completion of Security Questionnaires (strengthening responses to RFPs)- Security roadmap management- Preparation for ISO 27001 certification🔹Cybersecurity Documentation Structuring- Development of Cybersecurity policies (PSSI) and BCP/DRP- Risk analysis (EBIOS Risk Manager / ISO 27005)- Completion of Security Questionnaire / PAS (Security Assurance Plan)- Definition of a roadmap adapted to the Business / Cybersecurity context- Structuring of ISMS documentation and associated processes- Support on GRC Cybersecurity aspects (Governance, Risks, Compliance)🔹Cybersecurity Risk Management- Risk analyses according to EBIOS Risk Manager and ISO 27005- Development and maintenance of the IT and Cybersecurity risk map- Assessment of Information System Security (ISMS) risks- Definition and monitoring of security remediation plans- Integration of security into projects (ISP)- Interface role between Cybersecurity Consultants and the CISO🔹ISO 27001 / ISMS Compliance- Definition of the ISO 27001 certification scope and ISMS framework- ISO 27001 audits and gap analyses against the standard- Definition and monitoring of ISO 27001 compliance action plans- Management of the BUILD phase up to certification achievement- Internal training / awareness for teams on ISO 27001 requirements- Execution of security controls for the operational maintenance of the ISMSKeywords: Cybersecurity, security, CISO, CSO, GRC, ISO 27001, ISMS, DORA, risks, risk management, ISO 27005, EBIOS RM, ISMS, IT security, cybersecurity, IT, BCP, DRP, PSSI.
- Chequers CapitalCybersecurity GRC ConsultantBANKING AND INSURANCENovember 2024 - February 2025 (3 months)Paris, FranceAssisting a fund management company in structuring its Cybersecurity approach and managing its risks, following a DORA audit.🔹ISMS Governance & CISO Assistance- Support for General Management and the CISO in defining Cybersecurity priorities- Development of a Cybersecurity roadmap adapted to the organization's challenges- Update of the PSSI according to cybersecurity best practices and DORA compliance- Structuring of the Cybersecurity risk management process🔹Risk Management- Risk analysis according to the EBIOS Risk Manager method- Identification and prioritization of Cybersecurity risk scenarios- Definition of treatment measures and associated recommendations- Support for stakeholders in decision-making- Definition of a third-party control plan (TPRM)🔹Resilience & Business Continuity (DORA)- Update of the Business Continuity Plan (BCP)- Update of the Disaster Recovery Plan (DRP)- Creation of incident management and crisis management procedures- Strengthening of operational resilience measures🔹Knowledge Transfer- Training and support for the CISO on the EBIOS Risk Manager method and GRC aspects- Awareness of Cybersecurity best practices and ISMS governanceKeywords: ISMS, CISO / CSO, Cybersecurity, PSSI, risks, DORA, EBIOS RM, TPRM, BCP, DRP, cybersecurity, resilience, GRC, consultant, consulting, awareness, training, security, IT, risk management, risk analysis.
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Advanced Master's in Digital CybersecurityINSA LyonCybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Pentest / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité / Protection des données (RGPD) / Cloud et Sécurité / Consultant GRC / Sécurité des infrastructures / Audit Sécurité
- Master's in Information Systems Risk ManagementUniversity of PoitiersCybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité