Freelancer profile translated to English.
Back to original languageAbout Farouk
**Strengths**: Experience in Information System Security Governance (SSI) acquired in various sectors, both in France and internationally.
**Know-how/Attitude**: Transversal functional and technical expertise in security measures to address business challenges and cyber threats.
**Sectors**: Services, Industry, Energy, Banking / Insurance.
**Functional Skills**:
SSI Audit and Compliance
- Audits and compliance with major frameworks and regulations: ISO 27001, NIST, GDPR, DORA, HDS.
SSI Strategy and Management
- Support and assistance for CISO functions,
- Definition of SSI strategies and roadmaps,
- Management of cyber programs and projects: budget monitoring, operational management, committee organization, team coordination, etc.
Governance, Risk, and Compliance (GRC)
- Definition and implementation of SSI policies and documentation,
- Risk analysis and management,
- Integration of security into projects and development (Security By Design),
- Third-party and supplier security (TPRM),
- Information security awareness, etc.
Resilience and Operational Security
- Implementation of BCP / DRP and continuity measures,
- Cyber incident and crisis management,
- Securing IT infrastructures,
- Identification and remediation of technical vulnerabilities,
- Management of technical audits and penetration tests, etc.
Identity and Access Management (IAM)
- Identity lifecycle management,
- Management of privileged access and authorizations,
- Control of access to shared resources and spaces, etc.
Expertise in security frameworks and industry standards: ISO 2700X, NIST, GDPR, DORA, HDS, etc.
Expertise in technical security solutions and tools: Cloud, Systems, IAM/PAM, Vulnerability Scans / SIEM, Data Protection, etc.
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km)
Experience
- FreelanceSenior GRC / Cybersecurity ConsultantBANKING AND INSURANCEMarch 2024 - Today (2 years and 3 months)Paris, FranceCybersecurity Compliance Consultant (BANKING & INSURANCE SECTOR CLIENT) - 10 months:
- Assessment of compliance with DORA, HDS, and ISO 27001 frameworks
- Deployment of a DORA compliance program and maintenance of HDS / ISO 27001 certifications
- Alignment of the security governance framework with applicable regulatory requirements
- Formalization of operational models for ICT risk and third-party risk management
- Update and structuring of SSI documentation (policies, procedures, etc.)
- Support and preparation for audits: evidence gathering, interview preparation
DORA Compliance Consultant (BANKING & INSURANCE SECTOR CLIENT) - 3 months:- Deployment of a DORA compliance program, aligned with ISO 27001/27002 best practices
- Formalization of an operational model for ICT third-party risk management, structured according to the lines of defense (LOD 1/2/3)
- Update and structuring of ICT third-party risk management documentation (policies, procedures, etc.)
Security by Design & TPRM Consultant (SERVICES & INDUSTRY SECTOR CLIENT) - 1 year:- Conduct security reviews for new projects using a Security by Design approach, in collaboration with technical and project teams
- Definition and implementation of a TPRM methodology for managing supplier and partner risks
- Assessment of third-party cybersecurity maturity via questionnaires (internal / CyberVadis), audits, and review of certifications (ISO 27001, SOC 2 reports, etc.)
- Verification of third-party compliance with security requirements (internal policies, regulatory and contractual requirements)
- Support for third parties in implementing security recommendations and monitoring action plans
- KLESIAProject Director / Cybersecurity ManagerBANKING AND INSURANCESeptember 2022 - March 2024 (1 year and 5 months)Paris, FranceProject Director / Cybersecurity Manager (KLESIA) - ~3 years:Cybersecurity Program Management:
- Creation and structuring of the Cybersecurity department, management of a 3-year transformation program, and supervision of a team of 7 people
- Implementation of an SSI governance model with 3 lines of defense (LOD 1/2/3): roles and responsibilities, committee organization, dashboards, risk monitoring, and reporting instances
- Management of cybersecurity projects (BUILD) and RUN activities: budget management, planning, risk monitoring, and decision-making
- Supervision of project managers and coordination of business and technical stakeholders
Security Governance and Compliance:- Compliance with regulatory requirements and security frameworks (ISO 27001, DORA, ACPR, EIOPA, AGIRC-ARRCO) and support for teams in applying security requirements
- Formalization and deployment of SSI documentation (policies, procedures, control plan) and alignment of internal practices with security framework requirements
Project Management:- Management of IAM/IAG/PAM programs: deployment of identity lifecycle management solutions, strong authentication (SSO, MFA), and periodic reviews of authorizations
- Deployment of a technical vulnerability management program covering the entire IT system (workstations, servers, applications, websites) and monitoring of remediation plans
- Overhaul of the security incident management system, cyber crisis management, and business continuity, including the formalization of operational processes and procedures
- DELOITTESenior Cybersecurity ConsultantCONSULTING AND AUDITSDecember 2021 - September 2022 (9 months)Paris, FranceHead of International Security Program (AIRBUS) - 10 months:
- Development and deployment of a security governance organization and model on an international scale
- Structuring of operational security activities in all regions and countries
- Establishment of international security committee organization, monitoring of indicators, and consolidated reporting to Group governance
- Translation of Group policies and deployment of a compliance framework ensuring adherence to Group requirements and local regulations
- Conducting audits to verify compliance with frameworks and internal policies
Project Director / Cybersecurity Manager (KLESIA) - 10 months:see experience at KLESIA
Recommendations
Be the first to recommend Farouk
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Engineering Degree - Computer SecurityINSA Centre Val de Loire2019
- Research Internship - IT, visual imaging, and AIUniversity of Missouri-Columbia2018Projet : Reconstruction 3D de zones urbaines et détection d’objets à partir d’images satellitaires, en partenariat avec l’U.S. Air Force
Certifications
- ISO 27001 Lead ImplementerCERTI-TRUST
- ISO 27001 Lead AuditorCERTI-TRUST