About Anwar
I help organizations quickly identify security gaps, strengthen their control framework, and achieve compliance with ISO 27001 and NIST CSF. With a strong mix of audit rigor and technical expertise. I deliver practical, risk-driven recommendations that teams can implement efficiently.
French
Native or bilingual
English
Fluent
German
Basic
Can work on-site
Neuchâtel (up to 50km)
Experience
- Expert SuisseIT Instructor & Data AnalysisJune 2025 - Today (1 year)Teach IT risk assessment methodologies and controls for financial data to ensure integrity, confidentiality and availability.
- Cantonal Audit Office of NeuchâtelSenior IT AuditorJanuary 2024 - Today (2 years and 5 months)• • Cybersecurity maturity assessment (NIST CSF): action plan definition and remediation tracking with IT teams.• • Security architecture and control review against ISO 27001 / ISO 27002 (requirements, gaps, remediation).• • Detection/logging review: Splunk / ELK configuration (rules, dashboards, reports, retention, integrity, time sync).• • Vulnerability management review: Nessus program (configuration, scan cadence, reporting) and post-fix verification.• • Penetration test oversight for Internet-exposed internal applications; OWASP-aligned remediation follow-up.• • Active Directory security reviews (PingCastle, Purple Knight, ADRecon): password policies, identity lifecycle, privileges, service accounts, Kerberos risks, hardening, PKI/trusts and tiering.• • Network security review: Fortinet NGFW, firewall rules, IPS/IDS policies, segmentation and hardening recommendations.• • Secure SDLC review: development practices and configuration of Snyk and SonarQube; findings prioritized and fixed pre-production.• • SAP security configuration review (authorizations, auditability, security parameters).
- KPMG ParisIT Risk ConsultantApril 2022 - January 2024 (1 year and 9 months)• • Security control assessments: scoping, workshops, reporting, and action plan follow-up with IT and business stakeholders.• • Gap analyses and recommendations aligned with standards (including NIST where applicable); remediation roadmap and prioritization.• • Cloud security reviews (Azure, GCP, AWS): governance (policies/procedures, HLD/LLD, RACI, KPIs) and best practice alignment.• • Cloud architecture controls: segmentation/filtering, WAF, public/private zones, NSG rules, hardening and compliance requirements.• • Cloud IAM: RBAC, MFA/conditional access, secret rotation, just-in-time access, PAM/PIM and periodic access reviews.• • Logging/monitoring/detection: sensitive log collection, retention, secure storage, SIEM forwarding, SOC use cases alignment.• • Vulnerability/patch management in cloud: coverage, target definition via ITAM/CMDB, scan frequency, remediation governance and tracking.• • Resilience review: DR/BCP (RTO/RPO), redundancy, backup strategy and restore testing requirements.• • CRM security review: risk analysis, access control, audit logging, security requirements and action plan.• • IT Asset Management / CMDB review: data quality (ownership, criticality, traceability) and impact on vuln/access/patching.• • Designed and delivered NIST-based cybersecurity training for KPMG consultants.
Recommendations
Be the first to recommend Anwar
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Specialized Master's in Information Systems ManagementCentraleSupélec –2022Specialized Master's in Information Systems Management
- Engineering DegreeECAM LaSalle2021Engineering Degree