About Arthur
- Definition and management of cybersecurity strategies and ISG roadmaps
- CISO support (vCISO): structuring the framework, maturity management, committee facilitation
- Drafting security policies (PSSI), procedures, and governance frameworks
- Coordination of cybersecurity transformation programs (organization, processes, tools)
- Definition and monitoring of ISG roadmaps aligned with business objectives
- Executive reporting and support for governance bodies
- Management of compliance programs (BUILD & RUN)
- Drafting policies and procedures (ICT risks, incidents, continuity, third parties)
- Implementation of the Register of Information (RoI) and structuring DORA frameworks
- Preparation for audits and regulatory checks
- Review of consistency and demonstrability of frameworks (evidence, traceability, internal control)
- Conducting Business Impact Analyses (BIA)
- Drafting BCP/DRP and structuring crisis management frameworks
- Design and facilitation of crisis management exercises (including executive committees)
- Definition of resilience testing programs
- Mapping and assessment of critical service providers
- Analysis of outsourcing risks
- Contractual review and strengthening (DORA clauses, reversibility, continuity)
French
Native or bilingual
English
Fluent
Experience
- Anonymisé (Assurance)DORA ConsultantMarch 2026 - May 2026 (2 months)Assessment of the existing framework and implementation of the DORA roadmap:
- Production of the scoping report: definition of the scope, identification of critical and important functions, prioritization of workstreams, and structuring of the compliance trajectory.
- Securing the framework foundations: inventory of ICT assets, third-party register, mapping of dependencies between business processes, systems, and critical service providers.
- Integration of ICT risks into the existing risk map: definition of the analysis methodology, formalization of risk scenarios, and development of a prioritized treatment plan.
- Structuring the ICT incident management framework: definition of a classification grid (including major incidents), clarification of escalation paths and responsibilities, drafting of the incident management procedure.
- Review and strengthening of the documentation framework: critical analysis of existing documentation, drafting of the digital operational resilience strategy, updating the IS policy, and formalizing policies for ICT risk management, third parties, and business continuity (BCP/DRP).
- Upgrading the ICT third-party risk management framework: detailed analysis of existing contracts, identification of DORA gaps, implementation of contractual remediation, and definition of exit plans (reversibility, continuity).
- Strengthening continuity and resilience frameworks: review of existing BCP/DRPs, alignment with critical functions, and definition of the resilience testing program.
- Implementing DORA program management: definition of governance arrangements, development of a monitoring dashboard, and raising awareness of digital resilience issues among the Board of Directors.
- Consolidating the framework: structuring evidence and preparing the DORA demonstration file for checks or audits.
- Anonymisé (société de gestion)DORA ConsultantFebruary 2026 - April 2026 (2 months)Review of the consistency of the DORA framework and production of the ICT risk management framework review report:
- Analysis of the existing framework against DORA regulation requirements, including assessment of the completeness, consistency, and operationality of policies, procedures, and controls in place.
- Conducting a cross-functional diagnosis covering the main DORA pillars (ICT risk management, incident management, business continuity, third-party management, governance), identifying gaps, redundancies, and areas of weakness.
- Assessing the alignment between documentation frameworks and operational practices, particularly regarding risk management, asset classification, and critical service provider management.
- Analysis of the framework's traceability and demonstrability (ability to produce evidence in case of inspection), including the level of formalization, quality of reporting, and integration into internal control systems.
- Drafting the ICT risk management framework review report, structured according to DORA expectations, including an executive summary, detailed analysis of findings, maturity assessment, and a prioritized action plan.
- Formulating operational recommendations to strengthen the framework's robustness, consistency, and effectiveness, taking into account the principle of proportionality and organizational constraints.
- Supporting stakeholders in presenting results and understanding the issues, with a perspective on remediation priorities.
- PERIAL ASSET MANAGEMENTDORA Consultant - End-to-End ImplementationCONSULTING AND AUDITSJune 2025 - December 2025 (6 months)Paris, FranceImplementation of the DORA compliance program covering all regulatory requirements:*Conducting critical function mappingand Business Impact Analyses (BIA): identification of critical business processes, assessment of operational and regulatory impacts, definition of RTOs, RPOs, and maximum admissible interruption times, mapping of ICT and supplier dependencies.
- **Redesigning the ICT risk management framework**: risk analysis methodology, integration of third-party risks, formalization of threat scenarios, articulation with security governance and internal control systems.
- **Structuring the ICT major incident management framework**: detection, qualification, escalation, notification, and reporting processes, in line with DORA requirements and obligations for notification to authorities.
*Upgrading business continuity and IT recovery frameworks,with alignment of continuity and recovery plans with business objectives and digital resilience requirements.- **Deploying the ICT third-party risk management framework**: criticality assessment, pre-contractual due diligence, monitoring of critical service providers, and integration of DORA clauses into contracts (audit rights, continuity, reversibility, incident notification).
- **Designing and maintaining the Register of Information (RoI)**: inventory of critical functions, ICT assets, service providers, and dependency chains.
Recommendations
Be the first to recommend Arthur
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Bachelor's degree in "Business Economics and Management"Université Paris 1 Panthéon-Sorbonne2014Licence « économie et gestion d'entreprise »
- Scientific BaccalaureateLycée Saint-Pierre2010Baccalauréat scientifique
Certifications
- ISO27001 Lead ImplementerPECB2020