You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Ana GrimanAG

Ana Griman

Cybersecurity GRC (CISSP, PMP) | CISO

€680/day
1 project
Genève, CH
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Ana

I am Ana, a GRC Cybersecurity Consultant, certified CISSP, CISM, CISA, ISO 27001 Lead Implementer and Auditor, EBIOS Risk Manager, and PMP (project management).

I have carried out GRC-oriented missions such as supporting CISOs, ensuring compliance with PCI DSS, ISO 27001, DORA, and GDPR. I have also performed numerous risk analyses according to ISO 27005 and EBIOS RM.

🛡️ Information Security Governance (ISG) - CISO Support
- Assistance in defining and managing the Cybersecurity roadmap
- Drafting of Security Policies (PSSI), security procedures, and processes
- Assistance with DORA, PCI DSS, and ISO 27001 compliance
- Risk analysis and definition of action plans
- Training CISOs on the EBIOS RM methodology
- Cybersecurity / GRC Project Management
- Creation of ISG awareness materials
- Preparation for cybersecurity audits
- Cybersecurity / IT security audits
- IT security / GRC management and steering
- GRC Consulting missions

📜 PCI DSS, ISO 27001, GDPR, DORA Compliance
- Support for implementation (BUILD) and maintenance of compliance (RUN)
- Preparation for PCI DSS and ISO 27001 certification audits
- Controls for maintaining compliance with ISO 27001, PCI DSS, and GDPR

🌐 IT Risk Management and Analysis
- Performing risk analyses according to EBIOS RM / ISO 27005
- Integrating security into projects (ISP)
- Keeping the cybersecurity risk map up to date
- Monitoring the cybersecurity risk treatment plan

🌍 Third-Party Risk Management (TPRM)
- Definition of the supplier audit program
- Management of risks related to ICT providers (DORA)
- Supplier audits according to PAS (Security Assurance Plan)
- Monitoring of the implementation of audit recommendations by the supplier

📩 Contact me today to discuss your project!
  • French

    Native or bilingual

  • English

    Fluent

Remote only
Primarily works remotely

Experience

  • Cyber-Flow
    GRC Cybersecurity Consultant
    BANKING AND INSURANCE
    October 2024 - Today (1 year and 10 months)
    Paris, France
    Drafting Cybersecurity Documentation:
    🎯 Creation of Cybersecurity Policies (PSSI) and BCP/DRP
    🎯 Performing risk analyses (EBIOS Risk Manager / ISO 27005)
    🎯 Completion of Security Questionnaires / PAS (Security Assurance Plan)
    🎯 Definition of a roadmap adapted to the Business / Cybersecurity context
    🎯 Support on GRC (Governance, Risks, Compliance) Cybersecurity aspects

    Startup Support - GRC Cybersecurity Referent:
    🎯 Support on Cybersecurity challenges (quick wins approach)
    🎯 Structuring the Security documentation base
    🎯 Completion of Security Questionnaires (strengthening bid responses)
    🎯 Steering the Security roadmap
    🎯 Preparation for ISO 27001 certification

    ISO 27001 / ISMS Compliance:
    🎯 Definition of the ISO 27001 certification scope and ISMS framework
    🎯 Performing ISO 27001 audits and gap analyses against the standard
    🎯 Definition and monitoring of ISO 27001 compliance action plans
    🎯 Steering the BUILD phase up to certification
    🎯 Internal training/awareness of teams on ISO 27001 requirements
    🎯 Performing security controls for certification maintenance (RUN)

    Risk Management - Cybersecurity Risk Mapping:
    🎯 Development and maintenance of the IT and Cybersecurity risk map
    🎯 Assessment of risks related to Information System Security (ISS)
    🎯 Definition and monitoring of security remediation plans
    🎯 Advising business units on Cybersecurity risk management
    🎯 Acting as an interface between Cybersecurity Consultants and the CISO
    Cybersecurity IT Security Security Policy Security ISO 27001
  • MAIF
    Pilot of the Third-Party Cybersecurity / GDPR Audit Program
    BANKING AND INSURANCE
    January 2025 - Today (1 year and 7 months)
    Paris, France
    DORA Compliance - Third-Party Risk Management (TPRM):
    🎯 Development and steering of the third-party risk management strategy
    🎯 Steering of the Cybersecurity / GDPR supplier audit program
    🎯 Coordination of Cybersecurity / GDPR audits
    🎯 Supplier risk analysis
    🎯 Monitoring of corrective action plans
    🎯 Contribution to DORA regulatory compliance
    🎯 Raising awareness of business units on service cybersecurity
    🎯 Management and monitoring of third-party Cybersecurity scores (Cybernotation tool)
    🎯 Implementation of committee procedures related to third-party cybersecurity risks
    🎯 Reporting to the CISO and Risk Manager on third-party cybersecurity risks
    🎯 Transversal coordination between internal teams (CISO, IS, DPO, Procurement, Business Units) on Security topics
    🎯 Optimization of Cybersecurity risk management processes
    🎯 Steering and transversal communication on GRC-related topics
    DORA Cybersecurity Security Risk Analysis CISO
  • Chequers Capital
    GRC Cybersecurity Consultant
    BANKING AND INSURANCE
    November 2024 - February 2025 (3 months)
    Paris, France
    DORA Audit Documentation Compliance Update:
    🎯 Identification of DORA gaps
    🎯 Update of the PSSI according to cybersecurity best practices and DORA compliance
    🎯 Definition of a third-party control plan (TPRM)
    🎯 Update of the BCP and creation of scenarios for the DRP
    🎯 Drafting of incident management and crisis management procedures
    🎯 Risk analysis using EBIOS RM, with CISO training
    🎯 Support for the CISO on cybersecurity GRC aspects
    Risk Analysis Cybersecurity GRC Security DORA

Reviews

5.0

Out of 1 rating

L

Liam

Prestation Cybersécurité - Recrut.io

Reviewed on 1/2/2026

Serious and efficient work. Ana was very attentive and responsive to our needs.

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Specialized Master in Digital Cybersecurity
    INSA Lyon
    Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Pentest / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité / Protection des données (RGPD) / Cloud et Sécurité / Consultant GRC / Sécurité des infrastructures / Audit Sécurité
  • Master in Information Systems Risk Management
    University of Poitiers
    Cybersécurité / Sécurité informatique / RSSI / ISO 27001 / GRC / Management et cartographie des risques ISO 27005 et EBIOS RM / Gouvernance - Risques - Conformité GRC / Gestion de projets / Amélioration continue / Risk Management / Audit / Sécurité / Sensibilisation / Informatique / Cybersecurity Consultant / Assistance RSSI / PSSI / PCA et PRA / Questionnaire Sécurité

Certifications

Skill set

Categories