About Ana
French
Native or bilingual
English
Fluent
Experience
- Cyber-FlowGRC Cybersecurity ConsultantBANKING AND INSURANCEOctober 2024 - Today (1 year and 10 months)Paris, FranceDrafting Cybersecurity Documentation:🎯 Creation of Cybersecurity Policies (PSSI) and BCP/DRP🎯 Performing risk analyses (EBIOS Risk Manager / ISO 27005)🎯 Completion of Security Questionnaires / PAS (Security Assurance Plan)🎯 Definition of a roadmap adapted to the Business / Cybersecurity context🎯 Support on GRC (Governance, Risks, Compliance) Cybersecurity aspectsStartup Support - GRC Cybersecurity Referent:🎯 Support on Cybersecurity challenges (quick wins approach)🎯 Structuring the Security documentation base🎯 Completion of Security Questionnaires (strengthening bid responses)🎯 Steering the Security roadmap🎯 Preparation for ISO 27001 certificationISO 27001 / ISMS Compliance:🎯 Definition of the ISO 27001 certification scope and ISMS framework🎯 Performing ISO 27001 audits and gap analyses against the standard🎯 Definition and monitoring of ISO 27001 compliance action plans🎯 Steering the BUILD phase up to certification🎯 Internal training/awareness of teams on ISO 27001 requirements🎯 Performing security controls for certification maintenance (RUN)Risk Management - Cybersecurity Risk Mapping:🎯 Development and maintenance of the IT and Cybersecurity risk map🎯 Assessment of risks related to Information System Security (ISS)🎯 Definition and monitoring of security remediation plans🎯 Advising business units on Cybersecurity risk management🎯 Acting as an interface between Cybersecurity Consultants and the CISO
- MAIFPilot of the Third-Party Cybersecurity / GDPR Audit ProgramBANKING AND INSURANCEJanuary 2025 - Today (1 year and 7 months)Paris, FranceDORA Compliance - Third-Party Risk Management (TPRM):🎯 Development and steering of the third-party risk management strategy🎯 Steering of the Cybersecurity / GDPR supplier audit program🎯 Coordination of Cybersecurity / GDPR audits🎯 Supplier risk analysis🎯 Monitoring of corrective action plans🎯 Contribution to DORA regulatory compliance🎯 Raising awareness of business units on service cybersecurity🎯 Management and monitoring of third-party Cybersecurity scores (Cybernotation tool)🎯 Implementation of committee procedures related to third-party cybersecurity risks🎯 Reporting to the CISO and Risk Manager on third-party cybersecurity risks🎯 Transversal coordination between internal teams (CISO, IS, DPO, Procurement, Business Units) on Security topics🎯 Optimization of Cybersecurity risk management processes🎯 Steering and transversal communication on GRC-related topics
- Chequers CapitalGRC Cybersecurity ConsultantBANKING AND INSURANCENovember 2024 - February 2025 (3 months)Paris, FranceDORA Audit Documentation Compliance Update:🎯 Identification of DORA gaps🎯 Update of the PSSI according to cybersecurity best practices and DORA compliance🎯 Definition of a third-party control plan (TPRM)🎯 Update of the BCP and creation of scenarios for the DRP🎯 Drafting of incident management and crisis management procedures🎯 Risk analysis using EBIOS RM, with CISO training🎯 Support for the CISO on cybersecurity GRC aspects
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Specialized Master in Digital CybersecurityINSA LyonCybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Pentest / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité / Protection des données (RGPD) / Cloud et Sécurité / Consultant GRC / Sécurité des infrastructures / Audit Sécurité
- Master in Information Systems Risk ManagementUniversity of PoitiersCybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité