Freelancer profile translated to English.

Description

With a strong background as a Human Resources Manager, I followed my passion for technology (and more specifically Cybersecurity) and successfully completed two career changes.

Today, as a #Senior #Cybersecurity #Governance Consultant, I have developed in-depth #expertise in reducing and combating all forms of threats, whether physical or online.

Through my diverse professional experiences, I have acquired solid expertise in #AMOA (Assistance to the Project Owner) project management, which has allowed me to contribute to all project life cycles and help my clients improve the efficiency of their daily tasks.

I specialize in the design, implementation, and evaluation of Cybersecurity #programs, as well as in the management of risks related to information system #security. I also have skills in regulatory #compliance, #data protection, and crisis management (#resilience).

With a multidisciplinary background and rich and varied professional experience, I am capable of tackling the most complex cybersecurity challenges.

If you are looking for a Cybersecurity expert who combines technical skills and project #management, do not hesitate to contact me.

Languages

French
Native or bilingual
English
Fluent
Spanish
Fluent

Workplace preferences

Can work on-site

Paris (up to 15km), Levallois-Perret (up to 10km)

L'Oréal SA - L'Oréal France
Senior Consultant Security Integration in Projects (ISP) & Third-Parties Risk Management (TPRM) Lead
LUXURY GOODS
August 2022 - March 2023 (8 months)
Levallois-Perret, France
Since August 2022

- 50% Security Integration in Projects for the EASTERN EUROPE region (16 Countries)
• Analyze risks, security impacts, and data protection for projects
• Conduct security reviews and validations for Projects/Applications
• Implement and monitor mitigation & remediation plans
• Ensure risk management and monitor security tests

- 50% EMEA Third-Party Risk Management Lead for the EUROPE region
• Map Suppliers in the Europe region (KRALJIC Matrix)
• Improve and automate existing tools (Service Now, Power BI) to support cybersecurity in project and third-party management processes
• Operationalize and industrialize new processes (from Onboarding to Offboarding, third-party risk management, on-demand risk assessment) using CYBERVADIS software
• Make Security recommendations and follow up on associated action plans
• Control security during RUN and ensure the security level is maintained
ISO 27005 Risk Analysis EBIOS RM Governance ISSP Third-party Risk Management NIST Framework Remediation Plan Data privacy Reporting
ORANGE
Senior Governance-Risk-Compliance Consultant
TELECOMMUNICATIONS
October 2021 - July 2022 (10 months)
• Lead the Marshall Plan – an intense 18-week Cybersecurity Program, with a successful achievement rate of ~96%:
Risk mitigation and maintaining the operational security of the IS

• Risk Management (ISO 27005 – Lead EBIOS Risk Manager workshops with Orange Cyber Defense France)

• Prepare and lead the 02 Audits (internal, surveillance) for ISO 27001: 2017 standard for the ORANGE MONEY Fintech perimeter

• Contribute to the “Integrated Management System ISO 9001 & ISO 27001: 2017” Project for OM Fintech

• Evaluate supplier contracts, improve them, and include Cybersecurity clauses (Security Assurance Plan (PAS))

• Conduct security audits and ensure compliance with Security requirements according to the PSI

• Categorize the organization's assets

• Assist the CISO (Security Policy (PSI), Strategic Plans, Security Integration upstream of
Projects)

• Organize Cyber awareness campaigns & train +1600 Employees via the TERRANOVA tool
ISO 27001 ISO 27005 GDPR EBIOS RM ISO 22301 Audits Third-party Risk Management ; Security Integration in Projects Awareness Reporting
General Electric Healthcare
Senior Project Manager SMAX
BIOTECH
January 2021 - September 2021 (8 months)
Vélizy-Villacoublay, France
• Supervise and support change management
• Lead teams involved in data cleansing (GDPR): follow-up, compliance & verification
• Assess residual risk in case of deviation between the defined architecture and the implemented one
• Review security testing strategy, monitor and control the implementation of security during test execution
Project Management Prince2 ISO 9001 ISO 27005 GDPR Scrum Master PIA Awareness Training