You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Arthur ChédevilleAC

Arthur Chédeville

Cybersecurity Consultant (GRC) - DORA Expert

€750/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Arthur

I am Arthur, a GRC cybersecurity consultant and external CISO, specializing in governance, risk management, and operational resilience, with strong expertise in regulatory requirements (DORA, NIS2, ISO 27001).

I work with CISOs, CIOs, and executive committees to structure, manage, and secure cybersecurity frameworks, combining strategic vision with operational implementation.

Information Security Governance (ISG) – External CISO / Advisory
  • Definition and management of cybersecurity strategies and ISG roadmaps
  • CISO support (vCISO): structuring the framework, maturity management, committee facilitation
  • Drafting security policies (PSSI), procedures, and governance frameworks
  • Coordination of cybersecurity transformation programs (organization, processes, tools)
  • Definition and monitoring of ISG roadmaps aligned with business objectives
  • Executive reporting and support for governance bodies

Compliance & Regulatory Programs (DORA, NIS2, ISO 27001…)
  • Management of compliance programs (BUILD & RUN)
  • Drafting policies and procedures (ICT risks, incidents, continuity, third parties)
  • Implementation of the Register of Information (RoI) and structuring DORA frameworks
  • Preparation for audits and regulatory checks
  • Review of consistency and demonstrability of frameworks (evidence, traceability, internal control)

Business Continuity & Operational Resilience
  • Conducting Business Impact Analyses (BIA)
  • Drafting BCP/DRP and structuring crisis management frameworks
  • Design and facilitation of crisis management exercises (including executive committees)
  • Definition of resilience testing programs

ICT Third-Party Risk Management (TPRM)
  • Mapping and assessment of critical service providers
  • Analysis of outsourcing risks
  • Contractual review and strengthening (DORA clauses, reversibility, continuity)
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • Anonymisé (Assurance)
    DORA Consultant
    March 2026 - May 2026 (2 months)
    Assessment of the existing framework and implementation of the DORA roadmap:
    • Production of the scoping report: definition of the scope, identification of critical and important functions, prioritization of workstreams, and structuring of the compliance trajectory.
    • Securing the framework foundations: inventory of ICT assets, third-party register, mapping of dependencies between business processes, systems, and critical service providers.
    • Integration of ICT risks into the existing risk map: definition of the analysis methodology, formalization of risk scenarios, and development of a prioritized treatment plan.
    • Structuring the ICT incident management framework: definition of a classification grid (including major incidents), clarification of escalation paths and responsibilities, drafting of the incident management procedure.
    • Review and strengthening of the documentation framework: critical analysis of existing documentation, drafting of the digital operational resilience strategy, updating the IS policy, and formalizing policies for ICT risk management, third parties, and business continuity (BCP/DRP).
    • Upgrading the ICT third-party risk management framework: detailed analysis of existing contracts, identification of DORA gaps, implementation of contractual remediation, and definition of exit plans (reversibility, continuity).
    • Strengthening continuity and resilience frameworks: review of existing BCP/DRPs, alignment with critical functions, and definition of the resilience testing program.
    • Implementing DORA program management: definition of governance arrangements, development of a monitoring dashboard, and raising awareness of digital resilience issues among the Board of Directors.
    • Consolidating the framework: structuring evidence and preparing the DORA demonstration file for checks or audits.
    DORA BCP/DRP ICT Risks
  • Anonymisé (société de gestion)
    DORA Consultant
    February 2026 - April 2026 (2 months)
    Review of the consistency of the DORA framework and production of the ICT risk management framework review report:
    • Analysis of the existing framework against DORA regulation requirements, including assessment of the completeness, consistency, and operationality of policies, procedures, and controls in place.
    • Conducting a cross-functional diagnosis covering the main DORA pillars (ICT risk management, incident management, business continuity, third-party management, governance), identifying gaps, redundancies, and areas of weakness.
    • Assessing the alignment between documentation frameworks and operational practices, particularly regarding risk management, asset classification, and critical service provider management.
    • Analysis of the framework's traceability and demonstrability (ability to produce evidence in case of inspection), including the level of formalization, quality of reporting, and integration into internal control systems.
    • Drafting the ICT risk management framework review report, structured according to DORA expectations, including an executive summary, detailed analysis of findings, maturity assessment, and a prioritized action plan.
    • Formulating operational recommendations to strengthen the framework's robustness, consistency, and effectiveness, taking into account the principle of proportionality and organizational constraints.
    • Supporting stakeholders in presenting results and understanding the issues, with a perspective on remediation priorities.
    DORA ICT Risks
  • PERIAL ASSET MANAGEMENT
    DORA Consultant - End-to-End Implementation
    CONSULTING AND AUDITS
    June 2025 - December 2025 (6 months)
    Paris, France
    Implementation of the DORA compliance program covering all regulatory requirements:

    *Conducting critical function mappingand Business Impact Analyses (BIA): identification of critical business processes, assessment of operational and regulatory impacts, definition of RTOs, RPOs, and maximum admissible interruption times, mapping of ICT and supplier dependencies.
    • **Redesigning the ICT risk management framework**: risk analysis methodology, integration of third-party risks, formalization of threat scenarios, articulation with security governance and internal control systems.
    • **Structuring the ICT major incident management framework**: detection, qualification, escalation, notification, and reporting processes, in line with DORA requirements and obligations for notification to authorities.
    *Implementing the cyber crisis management framework:crisis management policy, incident/crisis articulation, crisis cell organization, roles and responsibilities, crisis toolkit (directories, quick reference guides, communication materials).

    *Upgrading business continuity and IT recovery frameworks,with alignment of continuity and recovery plans with business objectives and digital resilience requirements.
    • **Deploying the ICT third-party risk management framework**: criticality assessment, pre-contractual due diligence, monitoring of critical service providers, and integration of DORA clauses into contracts (audit rights, continuity, reversibility, incident notification).
    • **Designing and maintaining the Register of Information (RoI)**: inventory of critical functions, ICT assets, service providers, and dependency chains.
    *Defining the resilience testing strategy and facilitating a COMEX cyber crisis exercise,with reporting and improvement plan.
    DORA BCP/DRP Crisis Exercise Register of Information ICT Risks

Recommendations

Be the first to recommend Arthur

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Bachelor's degree in "Business Economics and Management"
    Université Paris 1 Panthéon-Sorbonne
    2014
    Licence « économie et gestion d'entreprise »
  • Scientific Baccalaureate
    Lycée Saint-Pierre
    2010
    Baccalauréat scientifique

Certifications

  • ISO27001 Lead Implementer
    PECB
    2020
    ISO 27002 ISMS ISO 27001 GRC

Skill set

Categories