Freelancer profile translated to English.

Description

Senior cybersecurity and transition management consultant, FDA supports organizations in structuring, transforming, and securing their critical environments. With over 20 years of experience, including recognized expertise in cyber governance, operational security, security integration in projects, cloud security, and SOC management, he works in contexts with high stakes in compliance, resilience, and transformation. His positioning allows him to act as a program manager, operational manager, and trusted advisor to cybersecurity, IT, and business management. He stands out for his ability to quickly take over sensitive areas, secure the execution of complex programs, and converge internal and external stakeholders around concrete objectives. His interventions notably cover the implementation and management of SOCs and cybersecurity managed services, securing cloud and application architectures, risk analysis, regulatory compliance, and cyber roadmap management. He has worked in demanding environments such as banking, insurance, transport, energy, and services, with significant exposure to ISO 2700x, NIST, DORA, NIS2, LPM, and ANSSI requirements. His added value lies in a dual approach: a strategic vision that is clear for decision-makers and an operational execution capability that can be immediately mobilized in the field. He has expertise in information system security, including: Cybersecurity Expertise

• Cloud Security

• Governance Risk Compliance & Directives BCE, OSE, OIV, LPM, DORA, NIS 1, NIS2, NIST

• ISMS/ISMS Governance Expertise

• Interim/Transition CISO

• ISMS/Cyber Risk Analysis Expertise

• Security Integration in Projects (SPS)

• Regular Security Review

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

Comutitres
Cybersecurity Project Manager - Head of Cybersecurity Operational Services (SOC)
LOGISTICS AND SUPPLY CHAIN
January 2024 - March 2026 (2 years and 2 months)
Paris, France
Objectives:
Responsible for the department encompassing the cybersecurity operational activities delivered, among others, by a MSSP (Managed Security Service Provider), including the 24/7 SOC (Security Operations Center), necessary for the internal and external IT security maintenance of the company:
• Staff: 1 FTE (Directly managed Junior Consultant)
• Annual budget 2025: + €1000k
Responsibilities
 Planning, organization, and supervision of daily operations managed by SOC technologies (EDR, Firewall, Proxy, WAF, Bastion, Vulnerability Scans, MFA, SOAR) on on-premise, cloud (AWS/OVH), SAAS, and endpoint information systems
 Management and coordination of Managed Services activities for operational security solutions (Firewalls, EDR/XDR, Web Security, Vulnerability Scanner, MFA, etc.).
 Management and coordination of the company's SOC monitoring and response activities.
 Management and coordination of studies and opportunities for acquiring new cybersecurity solutions for the SOC.
 Management and coordination of deployments of new SOC cybersecurity solutions in production environments (AWS EKS primarily).
 Management and coordination of the monitoring, management, and deployment of vulnerability scanners
 Management and coordination of the provider teams in charge of the SM-SOC.
 Management and coordination of the resolution of incident tickets opened with the SOC.
 Management and coordination of steering committees (weekly meetings and monthly steering committees) for SOC services.
 Management and coordination of regular reporting to the company's Chief Cybersecurity Officer and the IDFM shareholder.
 Management and coordination of the budgetary aspects of the SM-SOC contract (budget, orders, and service invoicing).
 Definition, implementation, and management of cybersecurity incident detection and response
Cybersecurity Cloud Security Security Operations Center ISO 27001 NIST CSF
BNP-Paribas
Group Cyber Security Program - Cloud Security Stream Leader
BANKING AND INSURANCE
January 2023 - January 2024 (1 year)
Paris, France
Objectives: Lead the Cyber Security program in implementing compliance with objectives, directives, and regulations concerning the Security of Cloud environments.
Responsibilities
 Take responsibility for evaluating and aligning Security measures dictated by BNP Paribas Group with directives and regulations from external bodies (LPM, ANSSI, ECB, EU, DORA, CAC, etc.).
 Lead the Cloud Security Stream, which includes the Group's Cloud hosting, the migration of Security processes within the framework of the transition to the Group Cloud, as well as outsourced Cloud hosting.
 Lead the proper execution of Cloud Security activities and projects, information system compliance, and ensure the application of the group's security policy and its operational implementation.
 Monitor projects in the Drive domain: Security governance, security integration in projects, security assurance and compliance with BCE, CAC, OIV, NIS, DORA directives, etc.
 Monitor Cloud Design & Architecture projects: Infrastructure as Code (IaC), image registry, runtime, OS, micro-segmentation, containers & dockers) and adoption of model services (IaaS, PaaS, SaaS, KaaS)
 Cyber Defense & Operations: management of configuration errors and vulnerabilities, preventive measures, and incident response (CSIRT, SOC).
 Monitor Business Continuity & Planning (BCP) and DRP projects: redundancy, Critical Asset Recovery (CAR),
 Assurance on the Cloud Security product and reporting of key indicators
 Monitor third-party and partner security projects TPTRM (contracts, Supplier Security Assurance Plan);
 Guarantee compliance with schedules and budgets for compliance projects.
 Point of contact for the subject matter and liaison
 Organize the integration of new scopes/components and compliance (Essential Service Operator)
Cybersecurity NIS2 DORA Compliance DRP Risk Management
Covéa
Transition Manager for the Security Incident Detection and Response Pole
June 2022 - December 2022 (6 months)
Management of a team of 15 people dedicated to SOC (Security Operations Center) activities and operational security for the Covéa group. Lead the proper execution of activities, cyber defense projects, and information system compliance.
 Lead the first line of defense (LOD1) / cybersecurity operations
 Support in designing security use cases
 Contribution to the security project approach
 Lead the RUN and BUILD activities of the cyber defense pole
 Coordination of cybersecurity operations (internal and external) to ensure a high level of protection, availability, confidentiality, integrity, and traceability of IT and business services
 Participation in defining and implementing SOC techniques, tactics, and tools for event collection, correlation, suspicious event searching, alert management, fraud, and GDPR.
 Participation in defining the strategy for integrating infrastructures into the SOC and ensuring technical consistency with the group's Information System ecosystem.
 Participation in defining detection and remediation use cases and practical scenarios and their integration into detection and remediation tools.
 Management of events and alerts for all components (endpoints, network, firewall, Servers, Mainframe, Messaging, Cloud, Web and mobile applications) integrated into SOC tools (SIEM/xDR, DECEPTIVE RESPONSE…)
 Proposal of organizational scenarios and innovations to improve the level of security, detection, remediation, and cybersecurity operations performance.
 Organization of the integration of new scopes/components and compliance for Essential Service Operators (OSE).
 Participation in creating synergies and information exchange with other Cybersecurity teams and partners (ANSSI, THALES, CSIRT, etc.)