Freelancer profile translated to English.

Description

18 years in SSI and business continuity, including 15 years of consulting and support in the banking, telecom, national defense, and public service sectors.

My last position as an employee was Group CISO of a large ESN (10,000 employees).

In 3.5 years, I led our French activities to a sufficient maturity level to obtain the ISO27001 certification required by many clients.

The main projects involved implementing risk management, audit, and control processes, managing the ISMS, and on a more operational level, incident management (including SIEM/SOC), vulnerability management, awareness training, integrating security into projects, and strong authentication.

A first career part of about ten years of expertise in systems, networks, and IT architecture gives me full legitimacy in discussions with CIOs or Operations Management.

I maintain this dual SSI and IT expertise.

I can support you on an ISO27001 certification project, your risk analysis, or your SSI maturity assessment, as a part-time CISO.

Industry field of expertise

Languages

French
Native or bilingual
Spanish
Basic
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 30km), Montpellier (up to 20km), Toulouse (up to 20km), Toulon (up to 20km)

ALSSI Consulting
Freelance Missions (ALSSI Consulting)
CONSULTING AND AUDITS
November 2020 - Today (5 years and 7 months)
Montpellier, France
Missions recently carried out:
Part-time CISO
ISO 27001 Audit (mock, internal, pre-certification)
Cyber maturity audit
Compliance audit
Risk analysis (EBIOS RM)
ISO 27001 certification support
ISO 27001 version change support (2013 ==> 2022)
EBIOS RM ISO 27001 ISO 27002 ISO 27005 ISO 19011 CISO Risk Analysis Risk Management Risk Mapping ISO Certification ISO27001 Audit ISO27001 Certification Support ISSP Security Policy Privacy Policy
Editeurs de logiciels en mode SaaS
Part-time CISO
SOFTWARE PUBLISHING
November 2020 - September 2023 (2 years and 10 months)
Risk assessment
Writing of the ISP adapted to the company's challenges
Development of a roadmap that the organization can adopt (time/resource constraints)
Support for IT and developer teams in improving SSI maturity
Support for sales teams in "selling" the security of offers
Audit iso27001 EBIOS RM Risk Analysis Risk Management
Groupe SII
Group CISO and OCSSI
DIGITAL AND IT
April 2017 - October 2020 (3 years and 6 months)
Paris, France
In a context of ISO27001 certification for our French activities:
Aligns security objectives with business goals and defines the security roadmap
Supports business units in integrating security into internal and client IT projects
Analyzes risks and implements associated treatment plans (EBIOS 2010/RM)
Defines/writes the security framework (e.g., Policies, directives)
Defines the audit program and manages organizational and technical audits
Defines control, awareness, and SSI communication plans
Develops indicators and monitors security dashboards
Leads Management Reviews and SSI committees with the CODIR and COMEX
Manages the continuous improvement of the ISMS
Manages security approvals for IT systems (II901, II920 standards)
Manages major incident response
Conducts legal, regulatory, and technological watch
Participates in the company's compliance with GDPR (e.g., protection measures)
Manages and leads the SSI Correspondents in our 10 establishments

Key achievements:
Extension of ISO27001 certification to new sites
Study and deployment: Risk analysis/consolidation framework, SIEM/SOC, strong authentication (internal PKI), SSI incident management, vulnerability management, simplified project risk analysis methodology, integration of security into development.
Evolution of the ISMS towards national ISO27001 certification
Audit Risk Analysis ISO 27001 EBIOS Approval ISMS Team Management