You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Ana GrimanAG

Ana Griman

Supermalter

GRC Cybersecurity - CISO

€660/day
6 projects
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Ana

GRC Cybersecurity Consultant, I support organizations in managing their risks and securing their activities.

I work with CISOs, CTOs, CIOs, and Cybersecurity teams on governance, risk management (ISO 27005 / EBIOS RM), compliance (DORA, ISO 27001, PCI DSS), and Cybersecurity program coordination.

I am certified CISSP, CISM, CISA, DORA Lead Manager, ISO 27001 Lead Implementer and Auditor, EBIOS Risk Manager, and PMP (project management).

🔹Information Security Governance & Strategy (ISMS)
- Definition of Cybersecurity roadmap
- CISO / CSO Assistance
- ISMS Governance
- Security Policy (PSSI), security procedures
- Business Continuity and Disaster Recovery Plan (BCP / DRP)

🔹IT Risk Management and Analysis
- Risk analyses according to EBIOS RM / ISO 27005
- Mapping of security-related risks
- Cybersecurity risk treatment plan
- Integration of security in projects (ISP)

🔹Compliance & Regulation
- DORA
- ISO 27001 / ISMS
- NIS2
- PCI DSS
- GDPR
=> Support for the BUILD and RUN phases for ISO 27001 and DORA
=> Preparation for ISO 27001 and PCI DSS certification audits

🔹Third-Party Risk Management
- Third Party Risk Management (TPRM - DORA)
- Third-party assessment / audit
- Security Questionnaires (Security Assurance Plan - PAS)
- Cyber rating

🔹Cybersecurity Program Coordination & Management
- Cross-functional coordination of ISMS topics
- Structuring and management of Cybersecurity and compliance programs and projects (DORA, ISMS)
- KPIs and reporting to the CISO

📩 Contact me today to discuss your needs!

Keywords: DORA, ISO 27001, ISMS, PCI DSS, NIS 2, risks, ISO 27005, EBIOS RM, CISSP, PSSI, BCP / DRP, CISO, GDPR, GRC Cybersecurity, ISMS, Security, Cybersecurity / IT Security Audits, Cybersecurity program and projects, cybersecurity, GRC Consultant, compliance.
  • French

    Native or bilingual

  • English

    Fluent

Remote only
Primarily works remotely

Experience

  • MAIF
    Cybersecurity GRC / TPRM Consultant (DORA)
    BANKING AND INSURANCE
    January 2025 - Today (1 year and 7 months)
    Paris, France
    Structuring and coordinating a Cybersecurity and GDPR risk management program related to third parties within the framework of DORA regulation.

    🔹Third-Party Risk Management (TPRM)
    - Definition of the strategy for assessing and managing Cybersecurity and GDPR risks related to third parties
    - Qualification and prioritization of third parties based on their ISMS - GDPR criticality
    - Analysis of Cybersecurity - GDPR risks related to third parties (EBIOS RM)
    - Integration of third-party risk management into governance and oversight processes
    - Contribution to DORA compliance

    🔹Coordination of the Cybersecurity - GDPR Audit Program
    - Coordination of an annual portfolio of 80 supplier audits
    - Planning of ISMS - GDPR audit campaigns and priority arbitration
    - Management of relationships with audit firms and internal stakeholders (CISO, ISMS, DPO, ...)
    - Monitoring of Cybersecurity remediation plans

    🔹Deployment of Cyber Rating
    - Deployment and integration of a Cyber Rating system to monitor third-party risks (DORA)
    - Definition of rules for onboarding, maintaining, and removing third parties (based on Cybersecurity scoring)
    - Utilization of Cybersecurity results to inform oversight and prioritization decisions

    🔹Governance, Cross-functional Coordination, and Continuous Improvement
    - Facilitation of governance bodies and coordination of stakeholders (CISO, ISMS, DPO, Procurement, Business Units, Risk Manager, ...) on security topics
    - Formalization of Cybersecurity processes, workflows, and RACI matrices
    - Definition of KPIs, ISMS dashboards, and TPRM program reporting
    - Alignment of Cybersecurity processes with other company risk management frameworks

    Keywords: TPRM, risks, DORA, compliance, CISO, CSO, ISMS, security, cybersecurity, ICT, IT, resilience, audit, GRC, cybersecurity, IT, ACPR, control.
    DORA Cybersecurity Security Risk Analysis CISO
  • Cyber-Flow
    Cybersecurity GRC Consultant
    BANKING AND INSURANCE
    October 2024 - Today (1 year and 10 months)
    Paris, France
    🔹Cybersecurity GRC / CISO / CSO Referent
    - CISO assistance and GRC topic support
    - Cybersecurity challenge support
    - Structuring of ISMS governance and the Security documentation foundation
    - Completion of Security Questionnaires (strengthening responses to RFPs)
    - Security roadmap management
    - Preparation for ISO 27001 certification

    🔹Cybersecurity Documentation Structuring
    - Development of Cybersecurity policies (PSSI) and BCP/DRP
    - Risk analysis (EBIOS Risk Manager / ISO 27005)
    - Completion of Security Questionnaire / PAS (Security Assurance Plan)
    - Definition of a roadmap adapted to the Business / Cybersecurity context
    - Structuring of ISMS documentation and associated processes
    - Support on GRC Cybersecurity aspects (Governance, Risks, Compliance)

    🔹Cybersecurity Risk Management
    - Risk analyses according to EBIOS Risk Manager and ISO 27005
    - Development and maintenance of the IT and Cybersecurity risk map
    - Assessment of Information System Security (ISMS) risks
    - Definition and monitoring of security remediation plans
    - Integration of security into projects (ISP)
    - Interface role between Cybersecurity Consultants and the CISO

    🔹ISO 27001 / ISMS Compliance
    - Definition of the ISO 27001 certification scope and ISMS framework
    - ISO 27001 audits and gap analyses against the standard
    - Definition and monitoring of ISO 27001 compliance action plans
    - Management of the BUILD phase up to certification achievement
    - Internal training / awareness for teams on ISO 27001 requirements
    - Execution of security controls for the operational maintenance of the ISMS

    Keywords: Cybersecurity, security, CISO, CSO, GRC, ISO 27001, ISMS, DORA, risks, risk management, ISO 27005, EBIOS RM, ISMS, IT security, cybersecurity, IT, BCP, DRP, PSSI.
    Cybersecurity IT Security Security Policy Security ISO 27001
  • Chequers Capital
    Cybersecurity GRC Consultant
    BANKING AND INSURANCE
    November 2024 - February 2025 (3 months)
    Paris, France
    Assisting a fund management company in structuring its Cybersecurity approach and managing its risks, following a DORA audit.

    🔹ISMS Governance & CISO Assistance
    - Support for General Management and the CISO in defining Cybersecurity priorities
    - Development of a Cybersecurity roadmap adapted to the organization's challenges
    - Update of the PSSI according to cybersecurity best practices and DORA compliance
    - Structuring of the Cybersecurity risk management process

    🔹Risk Management
    - Risk analysis according to the EBIOS Risk Manager method
    - Identification and prioritization of Cybersecurity risk scenarios
    - Definition of treatment measures and associated recommendations
    - Support for stakeholders in decision-making
    - Definition of a third-party control plan (TPRM)

    🔹Resilience & Business Continuity (DORA)
    - Update of the Business Continuity Plan (BCP)
    - Update of the Disaster Recovery Plan (DRP)
    - Creation of incident management and crisis management procedures
    - Strengthening of operational resilience measures

    🔹Knowledge Transfer
    - Training and support for the CISO on the EBIOS Risk Manager method and GRC aspects
    - Awareness of Cybersecurity best practices and ISMS governance

    Keywords: ISMS, CISO / CSO, Cybersecurity, PSSI, risks, DORA, EBIOS RM, TPRM, BCP, DRP, cybersecurity, resilience, GRC, consultant, consulting, awareness, training, security, IT, risk management, risk analysis.
    Risk Analysis Cybersecurity GRC Security DORA

Reviews

5.0

Out of 4 ratings

J

Jerome

Heroiks Media

Reviewed on 9/18/2025

I would like to thank Ana for her availability, attentiveness, rigor, and business expertise. We were able to draft our PSSI in record time. I recommend her 100%.
A

Axel

Studio Async

Reviewed on 5/7/2025

Ana is rigorous, available, and highly competent. She was able to support our SME in all aspects of ISMS governance, balancing the rigidity of protocols with feasibility for a small structure. I recommend her!

Recommendations

CD
Emmanuel BismuthEB
Camille Durande and 1 other person have recommended Ana

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Advanced Master's in Digital Cybersecurity
    INSA Lyon
    Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Pentest / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité / Protection des données (RGPD) / Cloud et Sécurité / Consultant GRC / Sécurité des infrastructures / Audit Sécurité
  • Master's in Information Systems Risk Management
    University of Poitiers
    Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité

Certifications

Skill set

Categories