Freelancer profile translated to English.
Back to original languageAbout Aroua
Are you deploying AI solutions or preparing for critical compliance audits?
I support CISOs, DSIOs, product managers, and engineering teams in the technical security, governance, and compliance of their AI systems and critical infrastructures.
AI Security & AI Systems Governance:
• Security audit of AI and generative AI systems
• Threat modeling LLM / RAG / AI Agents
• Risk analysis: prompt injection, jailbreak, data leakage, agent hijacking
• Implementation of AI security guardrails and policies
• Securing ML and MLOps pipelines
• Audit of AI providers: OpenAI, Azure OpenAI, Bedrock, Mistral, etc.
• Shadow AI and Vendor Risk Management
• AI Governance and internal usage frameworks
• Support for the AI Act and high-risk AI (Annex III)
Compliance & Certifications:
• ISO 27001 BUILD & RUN support
• ISO 42001 certification preparation
• Cybersecurity and AI governance maturity audit
• Cyber Resilience Act (CRA) compliance
• PCI DSS / SOC 2 support
• GDPR & PSD2 compliance
• Audit documentation construction
• Remediation plan management
• Security / product / legal stakeholder coordination
DevSecOps & Release Security:
• Security validation of critical releases
• CI/CD quality gate implementation
• Securing Azure DevOps, GitLab, Jenkins pipelines
• SAST / DAST / SCA integration
• SonarQube, Snyk, Fortify, Checkmarx, OWASP ZAP
• Vulnerability criticality arbitration & management
• OWASP Top 10 & OWASP LLM Top 10 compliance
• Securing financial applications and eBanking
Cybersecurity Audit and Consulting:
• Diagnosis, security and governance roadmap
• Strategic framing and action plans
• Cross-functional technical team management
• Cyber and regulatory risk management
• Skills transfer and autonomy building
Need an expert in AI Cybersecurity and/or DevSecOps and/or Compliance? Let's talk
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- FreelanceAI Security, DevSecOps & Compliance ExpertBANKING AND INSURANCEAugust 2020 - Today (5 years and 10 months)Paris, FranceWorking with the security standards of LVMH, Thales, AXA, EDF, L'Oréal, Allianz, BNP Paribas, Galeries Lafayette, and other French and European groups.AI Security and AI Act Compliance- Threat modeling LLM, RAG, and agents: prompt injection, data leakage, jailbreak, agent hijacking- AI Act compliance (governance, documentation, reporting)- Technical guardrails and ML pipeline security- Third-party AI chain audit (Bedrock, OpenAI, Mistral, Azure OpenAI)- Shadow AI and vendor risk governanceDevSecOps and Application Security- Blocking CI/CD quality gates (Azure DevOps, GitLab CI/CD, Jenkins)- SAST (SonarQube, Snyk, Fortify, Checkmarx), DAST (OWASP ZAP), SCA- Critical release security validation, blocking non-compliant production deployments- Threat modeling, secure code review, application risk analysisISO 27001, PCI DSS, ISO 42001, SOC 2 Certifications- Maturity assessment, BUILD management up to certification, compliance maintenance (RUN)- Documentation ready for external auditCyber Resilience Act (CRA) Compliance- CRA mapping, roadmap for 09/2026 and 12/2027 deadlines- Vulnerability management, reporting to ENISA and CSIRT- Application of the AI Act to high-risk AI systems (Annex III)
- BNP ParibasApplication Security / AppSec ConsultantBANKING AND INSURANCEDecember 2016 - July 2020 (3 years and 7 months)Paris, FranceLong-term assignment with BNP Paribas, initially with CGI and then as an independent freelancer. Security validation of critical banking applications (eBanking, transactional flows).- Security validation of critical banking applications: authentication, session management, data protection, transactional flow encryption- Blocking releases with uncorrected vulnerabilities and monitoring remediation before any production deployment- Prioritization of application vulnerability criticality (OWASP Top 10) and communication of fixes to development teams- Collaboration with technical teams on security implementation choices, validation of fixes in a CI/CD context- Integration of security controls into the CI/CD workflow and dissemination of secure development practices
- SuntorySecurity Consultant - Application Architecture & Anti-RansomwareAGRICULTUREMay 2016 - November 2016 (6 months)Paris, FranceFreelance assignment for Suntory on evaluating and securing the application ecosystem and defining an anti-ransomware protection strategy.- Evaluation of application ecosystem security and implementation of associated remediation plans- Definition of application security architectures that meet business needs and protection requirements- Integration of security controls into application components- Development of an anti-ransomware protection strategy and strengthening of application system resilience
Reviews
Yoann
Sécurisation de données - Yoann Bonamy
Reviewed on 5/19/2026
Aroua is serious, involved, and she managed the project from start to finish. She assisted me with data security matters. I am fully satisfied with the service. I highly recommend her.
Emmanuel
CEO - Kedma
Reviewed on 5/13/2026
Very satisfied with the collaboration with Aroua. She helped me a lot with the security of my client data. In the age of AI, this is an increasingly important issue, and I was delighted to work with a Cybersecurity expert specializing in AI. I highly recommend her.
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- PhD in Computer ScienceTélécom SudParis2009
- Master's Degree in Computer Science - Information Systems SecurityUniversité Pierre et Marie Curie2006
Certifications
- MIT - Applied AIMassachusetts Institute of Technology2026
- ISO 27001 Lead AuditorISO2012