Anass Kabbaj

- Accompanying the 14 subsidiaries of the SG Group in sub-Saharan Africa (AFS region) in their upgrade and compliance with cybersecurity governance in line with the group's risk appetite: cybersecurity maturity assessment based on the NIST framework, identification and management of cyber programs (application/infrastructure/network security, security culture dissemination, data security, resilience, IAM, Cloud security, third-party management, etc.), security risk management, security & privacy by design, regulatory compliance related to personal data and local regulations, etc.;

- Managing cyber action plans within subsidiaries and monitoring recommendations from the European Central Bank and the SG Group;

- Leading the IS governance of the 14 subsidiaries and managing IS dashboards;

- Strengthening the cyber risk management process within subsidiaries (second-level permanent control);

- Managing PMO teams responsible for cybersecurity projects;

- Managing ISP teams (project expertise/security architect) in their support of security in business projects (security & privacy by design);

- Accompanying and managing interim subsidiary CISOs;

- Managing interim SOC teams.

- Accompanying Group subsidiaries in France and internationally (7 subsidiaries worldwide) in their upgrade and compliance with cybersecurity governance in line with the group's risk appetite;

- Implementing and managing the Group's IS mapping using a risk management approach;

- Assessing cybersecurity maturity based on the NIST framework;

- Managing and monitoring recommendations from the General Inspectorate;

- Ensuring IS security governance and compliance with the Group Risk Department (second-level permanent control);

- Designing, deploying, and managing Group IS dashboards and leading the IS Security Strategy and Steering Committees;

- Assisting subsidiaries in France and internationally in their upgrade and compliance with Crédit Agricole Group's ISSP (GDPR, security rules related to the LPM and the NIS directive).

 - Central Director in charge of Group Security - Safety (Group Chief Security Officer) reporting to the CEO Member of the Management Board from July 2016 to October 2019.

Managing the Group CISO and cybersecurity teams:

- Implementing and ensuring compliance with the Group's Information Security Policy;

- Periodically assessing the effectiveness of risk management processes (N2 control);

- Organizing cyber crisis management exercises;

- Establishing an internal SOC;

- Leading the ISMS program and PCI / DSS standard for the Group's payment activities;

- Ensuring the availability of critical data and IT resources;

- Leading the Group Security Committee with monitoring and reporting to the General Management;

- Raising user awareness of security issues.

Managing safety - security teams:

- Guaranteeing the safety - security system for people and assets;

- Managing the Control and Surveillance Post and operating safety - security systems;

- Managing access control, video surveillance, anti-intrusion, and fire safety systems;

- Ensuring compliance with current regulations.