Freelancer profile translated to English.
Back to original languageAbout Dylan
🚀 Cybersecurity Consultant – GRC – DORA – GDPR – IT Statutory Auditor – ISO 27001
Expert in IT governance, risk, and compliance (GRC), I support banks, insurance companies, mutuals, scale-ups, and large corporations in their compliance efforts and IT environment audits. Specializing in DORA, GDPR, NIS2, ISO 27001, Ebios RM, ITGC/GITC, ITAC, IAM, I combine experience in external IT statutory auditing (KPMG) and regulatory implementation (Diot-Siaci).
💼 Key Experiences :
Diot-Siaci (2 years) : DORA Lead Implementer. Managed group roadmap and sub-projects: DORA information register, IT risk mapping, ICT assets, cyber/operational incidents, logging & SIEM (Splunk, The Eye Security), authorizations & IAM, BCP/DRP, ICT third-party management, changes, network & cryptographic security. Coordinated business units/cyber/infra, Executive Committee reporting.
IT Consulting : Axeria IARD (DORA compliance), Cercle des Langues (PSI, IT security, GDPR, transfers outside the EU), One Prepaid (ISO 27001 – gap analysis, remediation), Domyno (DORA & ISO 27001 compliance platform).
KPMG (3 years) – IT Risk Consulting / IT Statutory Auditor : IT audits & internal controls for CAC 40 companies (EDF, GE, La Poste, Danone, Talend). Expertise in ITGC/ITAC (access, changes, processing, IPE, SOD), GDPR audits, ISO 27001 support.
Entrepreneurship: FoodTech founder, SaaS platform development → expertise in innovation, digitalization, cloud/SaaS cybersecurity.
🎯 Key Skills :
Regulation & Compliance : DORA, DORA information register, GDPR, NIS2, EBA Guidelines
Standards & Methods : ISO 27001, ISO 27005, Ebios RM, ITIL, PSSI
Governance & Risks : GRC, IT Risk Management, BCP/DRP, operational resilience, incidents, SOC, SIEM, logging
Audit & Controls : IT/Statutory audits, ITGC/GITC, ITAC, internal control, SOD
Technical Security : authorizations/IAM, cryptography, network security, cloud/SaaS, privacy by design
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- Consultant FreelanceIT & Compliance Consulting (DORA, ISO 27001, GDPR)BANKING AND INSURANCEJanuary 2023 - September 2025 (2 years and 8 months)Paris, FranceSupporting companies (insurance, mutuals, scale-ups, EdTech, FinTech) in their cybersecurity, IT governance (GRC), and regulatory compliance projects: DORA, GDPR, ISO 27001, ISO 27005, Ebios RM.Axeria IARD: DORA compliance support. Development of the DORA information register, formalization of the due diligence process, drafting and implementation of policies and procedures (governance, IT security, ICT provider management, operational resilience, BCP/DRP).Cercle des Langues (EdTech): drafting of the information security policy (PSSI), IT security review, GDPR support: processing registers, retention periods, transfers outside the EU, privacy by design, accountability.One Prepaid (FinTech): ISO 27001 compliance: gap analysis, structuring and formalizing security policies, remediation plans, ISMS support.Domyno (SaaS): creation of a DORA & ISO 27001 compliance platform: regulatory framework, requirements structuring, functional components formalization, IT risk management, cloud & SaaS compliance.
- DiotGRC Expert / DORA Lead ImplementerBANKING AND INSURANCEJanuary 2023 - Today (3 years and 5 months)Paris, FranceLead implementer of the DORA (Digital Operational Resilience Act) compliance program within a large insurance group. Design and implementation of the regulatory roadmap in coordination with business, cybersecurity, infrastructure, architecture, and procurement teams, with reporting to the Executive Committee.
- IT risk mapping and implementation of GRC governance in compliance with DORA, ISO 27005, and Ebios RM.
- ICT asset management: identification, classification, and monitoring of critical assets.
- Cyber incident and IT incident management, implementation of logging and monitoring (SOC, SIEM, Splunk, The Eye Security).
- IAM / Authorization Management: definition of access rules, segregation of duties, periodic review of rights.
- Crisis management plan, BCP, DRP, PRI: definition of continuity scenarios and strengthening operational resilience.
- Third-party / ICT provider management: due diligence, contractual monitoring, supplier risk assessment.
- Change management: formalization of procedures and monitoring of operational compliance.
- Cryptographic and network security: definition of standards, compliance with regulatory and normative best practices.
- KPMGSenior Consultant IT Risk Consulting / IT Statutory AuditorCONSULTING AND AUDITSSeptember 2018 - September 2021 (3 years)Île-de-France, FranceSupporting major CAC 40 companies (EDF, GE, La Poste, Danone, Talend, etc.) in their compliance, cybersecurity, and IT governance projects.
- Conducting IT audits and IT statutory audits: risk analysis, IT process evaluation, testing of ITGC/GITC controls (access management, change management, operational processing, IPE, segregation of duties – SOD).
- Expertise in application controls (ITAC) and internal controls to secure financial and regulated environments.
- Supporting clients in their ISO 27001 compliance: gap analysis, remediation plans, formalization of security policies, follow-up of corrective actions.
- Contribution to GDPR projects: compliance audits, drafting and review of processing registers, recommendations on transfers outside the EU and privacy by design.
- Application of IT risk management methodologies (ISO 27005, Ebios RM) and participation in the implementation of continuity plans (BCP/DRP).
- Work in coordination with client IT, business, and security teams to strengthen IT governance (GRC) and align security with regulatory and normative requirements.
Recommendations
Be the first to recommend Dylan
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- MSc Management & Information SystemsCranfield University2018Master of Science spécialisé en management des systèmes d’information, gouvernance IT et cybersécurité. Formation internationale orientée stratégie numérique, gouvernance des risques IT (GRC), conformité réglementaire (DORA, RGPD, NIS2). Approfondissement des normes et méthodes : ISO 27001, ISO 27005, Ebios RM, ITIL. Études de cas et projets concrets en audit IT, contrôle interne, sécurité des systèmes d’information, gestion des habilitations (IAM), continuité d’activité (PCA/PRA). Développement de compétences transverses en management de projets IT, risk management, cloud security, privacy by design dans un contexte multiculturel.
- Master's in Engineering, Information SystemsISEP - Engineering School for Digital Technology2018Diplôme d’ingénieur spécialisé en systèmes d’information, cybersécurité et gouvernance IT (GRC). Formation complète en audit IT, sécurité des systèmes d’information, gestion des risques numériques et conformité réglementaire. Approfondissement des normes et méthodes : ISO 27001, ISO 27005, Ebios RM, ITIL, PSSI. Compétences en cybersécurité, cloud security, cryptographie, réseaux, IAM, continuité d’activité (PCA/PRA). Projets techniques et stratégiques : déploiement de politiques de sécurité, gouvernance IT, conformité RGPD.
Certifications
- ISO 27001 Lead ImplementerBestCertifs2024