Erwan Bagdatli

Governance, Risk & Compliance Cybersecurity Project Director, with over 16 years of experience in IS governance, IT projects, cybersecurity, and regulatory steering. I support organizations in securing IS, project compliance, and managing cyber risks.

🎯 Main Expertise:

Compliance: ISO 27001, TISAX, ISO/SAE 21434, NIS2, DORA, GDPR.

Governance: processes, milestones, deliverables, roles between GRC, IT, Cyber, and business units.

Audit & Control: planning, remediation, reporting, KPIs, and audit preparation.

Resilience: BCP, DRP, IS policy, remediation plans, and auditability.

Suppliers: assessment, certifications, risks, and Procurement/IT link.

🚀 Key Achievements:

Steering GRC cybersecurity compliance initiatives.

Transfer of control activities to RNTBCI: methods, flows, training.

Implementation of dashboards: KPIs, risks, action plans, compliance.

Support for entities and subsidiaries: harmonization, audit support, control optimization.

💡 Cross-functional Skills:

PMP, PRINCE2, Scrum, PMO, change management, audit & compliance.

Infrastructure, application, and business process cybersecurity.

🔗 SAP & Compliance:

Logistics MM, WM, SD, PP: securing supplier, inventory, and production flows.

Finance FI, CO, TR: access control, ISO 27001 and GDPR compliance.

HR HCM: personal data protection and critical access.

🔐 DORA – Encryption & Certificates:

Analysis of encryption requirements at rest, in transit, and in use.

Definition of cryptographic controls for critical applications.

Structuring key requirements, certificates, and algorithms.

Drafting procedures, controls, audit evidence, and compliance elements.

Contribution to the centralized certificate registry and lifecycle monitoring.

✅ Deliverables:

Policies, procedures, guides, dashboards, risk maps, audit reports.

Within ENGIE's Global Security Operations Center (GSOC), I managed cybersecurity projects and strengthened operational security covering IT, OT, and digital usage environments in an international context.

🎯 Cybersecurity Project Management

- End-to-end management: deadlines, costs, deliverable quality.

- Transition to RUN phase: integration into operations (technical & contractual criteria).

- Production deployment governance: coordination, action tracking, milestones.

- Steering committee facilitation and executive reporting.

📊 PMO & Governance

- Collection, prioritization, and tracking of technical change requests.

- Continuous improvement: identification of friction points, corrective actions.

- Implementation of dashboards and KPIs to measure performance and cyber maturity.

🔐 IT & OT Cybersecurity

- Monitoring of critical sites via Splunk: integration of firewalls, antivirus, VPN, USB solutions.

- Operational resilience: BCP/DRP, continuity testing, team awareness.

- Endpoint protection (EPP/EDR), vulnerability management, asset monitoring.

- Detection & analysis: alert monitoring, data quality and performance tracking.

🚀 Featured Projects

- Implementation of IT/OT monitoring for critical sites via Splunk.

- Management and steering of critical systems resilience (BCP/DRP).

- Optimization of performance indicators and production deployment governance.

✅ Key Skills: project management, PMO, IT/OT cybersecurity, security governance, Splunk, BCP/DRP, audit & compliance, international coordination.

Assignment within Marketing & Services (M&S) in collaboration with TGITS to steer strategic IT and cybersecurity transformation projects, enhance infrastructure resilience, and deploy solutions in international subsidiaries.

🎯 IT & Cybersecurity Project Steering

- Coordination of workstation, WAN, and Datacenter projects.

- Scoping, needs analysis, cost, deadline, and risk tracking.

- Integration of security requirements: Microsoft 365 Security, Active Directory, Zero Trust.

- Facilitation of Steering Committees/Working Groups, action tracking (RIDA), and KPI reporting.

🔐 Securing Critical Infrastructure

- Active Directory: securing administrator accounts, intrusion detection.

- Deployment of Microsoft Defender for Identity (monitoring abnormal behaviors).

- Windows Server 2019 upgrade and patch management.

- Support to subsidiaries for IT compliance and audit preparation.

🚀 IT Transformation & Collaboration

- Microsoft 365 Migration: domain controller updates, Defender for Identity agent deployment.

- ServiceNow CMDB: IT data integration, asset traceability.

- ITBM (APM/PPM): project portfolio and IT governance optimization.

👥 Training & Support

- Awareness of IT and cybersecurity best practices.

- User training on ServiceNow and Microsoft 365 tools.

✅ Key Skills: IT & cybersecurity project management, critical infrastructure, Active Directory, Microsoft 365, Zero Trust, Defender for Identity, ServiceNow (CMDB, ITBM), international steering, IT governance, audit & compliance.