Freelancer profile translated to English.
Back to original languageAbout Arthur
I am Arthur, a GRC cybersecurity consultant and external CISO, specializing in governance, risk management, and operational resilience, with strong expertise in regulatory challenges (DORA, NIS2, ISO 27001).
I work with CISOs, CIOs, and Executive Committees to structure, manage, and secure cybersecurity frameworks, combining strategic vision with operational implementation.
Information Security Governance (ISG) – External CISO / Advisory
- Definition and management of cybersecurity strategies and ISG roadmaps
- CISO support (vCISO): structuring the framework, maturity management, committee facilitation
- Drafting security policies (PSSI), procedures, and governance frameworks
- Coordination of cybersecurity transformation programs (organization, processes, tools)
- Definition and monitoring of ISG roadmaps aligned with business objectives
- Executive reporting and support for governance bodies
Compliance & Regulatory Programs (DORA, NIS2, ISO 27001…)
- Management of compliance programs (BUILD & RUN)
- Drafting policies and procedures (ICT risks, incidents, continuity, third parties)
- Implementation of the Register of Information (RoI) and structuring of DORA frameworks
- Preparation for audits and regulatory checks
- Review of framework consistency and demonstrability (evidence, traceability, internal control)
Business Continuity & Operational Resilience
- Conducting Business Impact Analyses (BIA)
- Drafting BC/DR plans and structuring crisis management frameworks
- Design and facilitation of crisis management exercises (including Executive Committees)
- Definition of resilience testing programs
ICT Third-Party Risk Management (TPRM)
- Mapping and assessment of critical service providers
- Analysis of outsourcing risks
- Contract review and reinforcement (DORA clauses, reversibility, continuity)
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- Anonymisé (Assurance)DORA ConsultantMarch 2026 - May 2026 (2 months)Assessment of the existing framework and implementation of the DORA roadmap:
- Production of the scoping report: defining the scope, identifying critical and important functions, prioritizing workstreams, and structuring the compliance trajectory.
- Securing the framework foundations: inventory of ICT assets, third-party register, mapping dependencies between business processes, systems, and critical service providers.
- Integration of ICT risks into the existing risk map: defining the analysis methodology, formalizing risk scenarios, and developing a prioritized treatment plan.
- Structuring the ICT incident management framework: defining a classification grid (including major incidents), clarifying escalation paths and responsibilities, drafting the incident management procedure.
- Review and reinforcement of the documentation framework: critical analysis of existing documentation, drafting the digital operational resilience strategy, updating the ISSP, and formalizing policies for ICT risk management, third parties, and business continuity (BCP/DRP).
- Upgrading the ICT third-party risk management framework: detailed analysis of existing contracts, identification of DORA gaps, implementation of contractual remediations, and definition of exit plans (reversibility, continuity).
- Strengthening continuity and resilience frameworks: review of existing BCP/DRPs, alignment with critical functions, and definition of the resilience testing program.
- Implementing DORA program management: defining governance arrangements, developing a monitoring dashboard, and raising awareness among the Board of Directors about digital resilience challenges.
- Framework consolidation: structuring evidence and preparing the DORA demonstration file for checks or audits.
- Anonymisé (société de gestion)DORA ConsultantFebruary 2026 - April 2026 (2 months)Review of the DORA framework's consistency and production of the ICT risk management framework review report:
- Analysis of the existing framework against DORA regulation requirements, including assessment of the completeness, consistency, and operationality of policies, procedures, and controls in place.
- Conducting a transversal diagnosis covering the main DORA pillars (ICT risk management, incident management, business continuity, third-party management, governance), identifying gaps, redundancies, and areas of weakness.
- Evaluating the alignment between documentation frameworks and operational practices, particularly in risk management, asset classification, and critical service provider oversight.
- Analyzing traceability and demonstrability of the framework (ability to provide evidence in case of audit), including the level of formalization, quality of reporting, and integration into internal control systems.
- Drafting the ICT risk management framework review report, structured according to DORA expectations, including an executive summary, detailed analysis of findings, a maturity assessment, and a prioritized action plan.
- Formulating operational recommendations to strengthen the framework's robustness, consistency, and effectiveness, considering the proportionality principle and organizational constraints.
- Supporting stakeholders in presenting results and understanding the challenges, with a perspective on remediation priorities.
- PERIAL ASSET MANAGEMENTDORA Consultant - End-to-End ImplementationCONSULTING AND AUDITSJune 2025 - December 2025 (6 months)Paris, FranceImplementation of the DORA compliance program covering all regulatory requirements:*Mapping of critical functionsand conducting Business Impact Analyses (BIA): identifying critical business processes, assessing operational and regulatory impacts, defining RTOs, RPOs, and maximum tolerable interruption times, mapping ICT and supplier dependencies.
- **Overhaul of the ICT risk management framework**: risk analysis methodology, integration of third-party risks, formalization of threat scenarios, alignment with security governance and internal control frameworks.
- **Structuring the ICT major incident management framework**: detection, qualification, escalation, notification, and reporting processes, in line with DORA requirements and obligations for reporting to authorities.
- **Upgrading business continuity and IT recovery frameworks**, with alignment of continuity and recovery plans with business objectives and digital resilience requirements.
- **Deployment of the ICT third-party risk management framework**: criticality assessment, pre-contractual due diligence, monitoring of critical service providers, and integration of DORA clauses into contracts (audit rights, continuity, reversibility, incident notification).
- **Design and maintenance of the Register of Information (RoI)**: inventory of critical functions, ICT assets, service providers, and dependency chains.
- **Definition of the resilience testing strategy and facilitation of an Executive Committee cyber crisis exercise**, with debriefing and improvement plan.
Recommendations
Be the first to recommend Arthur
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Bachelor's degree in 'Business Economics and Management'Université Paris 1 Panthéon-Sorbonne2014Licence « économie et gestion d'entreprise »
- Scientific BaccalaureateLycée Saint-Pierre2010Baccalauréat scientifique
Certifications
- ISO27001 Lead ImplementerPECB2020