Freelancer profile translated to English.

Description

Security, Risk Management, Audit & Internal Control Consultant

Expert in Enterprise Risk Management - implementation of a comprehensive management framework, definition of appropriate governance, development of a risk culture, identification, measurement, management, monitoring, and reporting of key risks - credit, market, liquidity, interest rate, operational, compliance, DORA, reputation. With aspirations of IT Risk Manager. My expertise extends to both the technical aspects of IT security and security consulting within IT projects.

My strengths are: sense of responsibility, teamwork, adaptability, communication, autonomy, and responsiveness.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Francique ripuaire
Fluent

Workplace preferences

Can work on-site

Paris (up to 20km), Lille (up to 10km)

CFF BANK
Transition Manager - Head of Risks, Permanent Control and Compliance
BANKING AND INSURANCE
January 2025 - June 2025 (5 months)
Paris, France
Risk Management
• Identification, assessment, and mapping of operational and non-compliance risks in conjunction with business lines.
• Development and updating of the risk management plan, including IT, fraud, AML-CFT, GDPR, reputational, and ethical risks.
• Definition of appropriate mitigation plans and coordination of their implementation with process owners.
• Raising awareness and training of teams (network, back-office, support functions) on risk culture.
• Contribution to solvency reporting and monitoring of prudential requirements (Basel III/IV).
Internal Control / Permanent Control
• Implementation of the level 1 and 2 permanent control system on business processes according to banking standards.
• Development and monitoring of the control plan: supervision of sensitive operations, anti-fraud measures, compliance tests.
• Preparation and facilitation of Risk, Internal Control, Compliance, and Audit committees.
• Monitoring of corrective actions from internal and external audits (statutory auditors, Inspectorate, Group Control).
• Facilitation and coordination of the network of RCCI referents in branches and central functions.
Compliance
• Deployment and management of regulatory compliance systems: AML-CFT: risk assessment, PEP, vigilance measures, detection of unusual transactions, TRACFIN reporting. International sanctions and embargoes: review of watchlists, screening, filtering.
• GDPR: incident management, collaboration with the DPO, updating data processing procedures.
• Fight against corruption and fraud: implementation of the Sapin II compliance framework.
• Active regulatory watch (TRACFIN, ECB, national and European legislation), impact analysis, and procedure adaptation. etc
Internal Control Project Management Internal Audit risk management
GROUPE VYV
Risk Management – Internal Control – GROUPE VYV-MGEN
BANKING AND INSURANCE
March 2024 - Today (2 years and 3 months)
Paris, France
IT Internal Control:
• Development and harmonization of the overall vision of internal control within the VYV Group.
• Mapping of ITGC risks, presentation, and validation with the management committee.
• Implementation of second-level controls for financial and cybersecurity application systems within the ITGC and IFC scopes.
• Support for operational teams in implementing first-level controls and feeding reporting tools.
• Testing of accounting flows between different accounting information systems.
• Implementation of a follow-up table for L1 control reports.
• Responding to audits on the scope (internal, statutory auditors, AFNOR, partner/client audits, ACPR).
• Monitoring and implementation of audit recommendations to strengthen control systems.
• Development and monitoring of internal control key performance indicators, with consolidation of results.
• Contribution to the continuous improvement of IT service management processes.
• Management and execution of second-level controls and tests on financial and cybersecurity application systems.
• Implementation of incident reporting and linking them to risks for process owners and the group.
PMO for the DORA IT Department Program:
Impact Analysis – DORA Program:
• Active monitoring of regulatory news related to DORA.
• Interpretation of regulatory requirements and identification of their impact on the IT department's context.
• Synchronization and articulation of interpretations of requirements with the DORA secretariat within DSI MRI.
• Providing DORA regulatory expertise to the IT department's project teams.
• Participating in the implementation of a harmonized group taxonomy.
• Facilitating the program by coordinating different teams and ensuring the consistency of roadmap actions.
• Participating in the implementation of a risk taxonomy.
DORA
AXA SA
Business Analyst
BANKING AND INSURANCE
October 2022 - Today (3 years and 8 months)
Nanterre, France
-Assess and Analyze the BCP/DRP:
-Analysis of the expression of needs (BIA synthesis),
-Definition and implementation of corrective action plans.
-Assess and Test the crisis organization:
-Review of the organization,
-Recommendations for improving the system,
-Development of test scenarios.
-Test and maintain the BCP/DRP:
-Assistance in drafting technical and organizational procedures,
-Drafting of operational maintenance procedures,
-Improvement of the Internal Control system:
-Select and implement appropriate tools,
-Define an internal control organization,
-Improve internal control processes,
-Perform and document the permanent control system,
-Control outsourced essential services (PSEE),
-Raise employee awareness on internal control,
-Establish recommendations for adequate compliance,
-Size and organize the "compliance" function,
-Understand current regulations
-Definition of the fallback strategy,
-Testing and validation of backup solutions.

-Define the hosting strategy:
-Analyze the existing situation and target needs,
-Define and arbitrate the different scenarios under study,
-Assist teams in drafting a request for proposal and selecting a host.
-Audit/qualify Data Centers:
Conduct an inventory,
-Establish a normative and technical comparison based on the different solutions available on the market and best practices,
-Define and implement a corrective action plan.
-Support IT relocation projects:
-Manage and coordinate project implementation,
-Define work packages and the schedule for transfer operations,
-Produce monitoring reports and associated dashboards,
-Propose a target solution, adapted to needs,