Ange Kouakou

IS Governance & Project Management. Supporting clients in structuring their IS security governance. Facilitating workshops and steering committees with management, ISOs, and business teams. Clarifying roles, responsibilities, and decision-making processes for security. Defining and monitoring security action plans. Providing concise reports on the state of IS security to decision-makers.

ISO 27001 Compliance Support. Support for ISO 27001 preparation: structuring the ISMS, developing and updating the Statement of Applicability (SoA), defining IS security policies and procedures, developing the action plan. Formalizing security policies, operational procedures, and risk treatment plans. Monitoring the implementation of compliance actions and reporting to governance.

Large territorial collectivity with an extensive and heterogeneous information system. Intervention within the ISO function to support operational security, IS security requirements management, and coordination with technical and business teams.

• Tasks performed

Operational Security & Vulnerability Management

Security audits and vulnerability detection via Qualys. Monitoring identified vulnerabilities on the IS, in liaison with technical teams and service providers. Coordination of remediation actions and monitoring of treatment deadlines. Incident and SOC alert handling (EPP/EDR TEHTRIS). Monitoring and resolution of incidents in GLPI according to ITIL best practices.

• Weekly security watch (CERT-FR, ANSSI, YARA, ABUSE.CH)

IS Security Steering, Governance, and Reporting

Steering and facilitating cyber governance (COSEC, COPIL). Production and updating of security monitoring indicators. Concise reporting of progress status to governance. Verification of service provider security requirements via Security Assurance Plans (PAS). Steering the accreditation of sensitive information systems (MonServiceSécurisé). Integrating security into projects (ISP). Deployment of the ISP approach on over 200 digital projects, in compliance with RGS. Conducting risk analyses (EBIOS RM for new projects, FEROS for existing projects). Reviewing architecture documents (DAT, flow matrices). Developing and monitoring an ISP maturity dashboard and accreditation deadlines. Drafting security opinions and preparing accreditation files. Facilitating security committees and raising awareness among business teams.

Collection, Analysis & Automation

• Implementation of an automated monitoring system.

• Daily monitoring of vulnerabilities affecting SaaS software dependencies.

• Exploitation of Indicators of Compromise (IOC).

• Use of YARA rules for threat detection.

• Aggregation of sources via RSS feeds.

• Monitoring of cyber threats and trends (Cyber Threat Intelligence).

• Identification of potential compromise signals.