Clément Maruéjouls

Management of the improvement of the third-party risk management process, throughout its lifecycle, from Service Risk Assessment to offboarding.

Cross-functional project management (Purchasing, Risks Committee, CISO Office, Legal Teams).

Management and coordination of resources for various governance process improvement projects:

- Third-party management and audits (Workflow, Assessments, Notifications, Reporting).

- Personal data management (Initial Privacy Assessments, Cookies and Consent, GDPR).

Definition of the third-party risk management workflow, pre-assessment, contracting, monitoring, offboarding.

Conducting pre-contractual assessments (SRA, Due Diligence).

Definition of control points for the various required security aspects (PCI DSS, GDPR, SOC, internal Security Policy).

Risk management according to company criteria.

Deployment and maintenance of OneTrust solutions (Third-Party Risk Management, IT Risk Management, Data Privacy).

Data Management, migration from SharePoint platform to OneTrust.

Delivery of deliverables on new processes for each BU.

Change Management, user training.

Implementation of automated reporting.

Deployment of Business Intelligence solutions for Data Visualization, with PowerBI, ElasticSearch.

Environment: Risk Management, ISO 27001, EBIOS, GDPR, PCI DSS, OneTrust, Confluence, Jira, MS Office, ElasticSearch

Development of a cybersecurity business unit and CISO support:

Support for the CISO in their client maturity audit missions, consulting missions.

During the company acquisition, support for the CISO in creating a national Group ISSP.

Development of commercial offers on cybersecurity governance with Sales teams.

Pre-sales and response to tenders for cybersecurity projects.

Conducting short audits on the health and update of the IS network and security.

Awareness of ISO 27001/ISO 27002 practices.

Technical and cybersecurity watch.

Environment: ISO 27001, ISO 27002, EBIOS 2010, ANSSI Frameworks.

Network and security solution integration projects, technical and organizational:

802.1X wired and wireless implementation.

New site network implementation, wired and wireless.

- Network architecture design.

Network and infrastructure security:

- Design and implementation of backup solutions.

- Design and implementation of antivirus solutions.

- Installation and configuration of firewalls, switches, site-to-site IPSEC VPN, remote SSL VPN.

- Continuous IS improvement.

Environment: Stormshield, HP, Aruba, Cisco Routers and Switches, Trend Micro, Sophos Endpoint Antivirus

Management of IS security, implementation of ISSP, Risk Analyses, Audits