Freelancer profile translated to English.

Description

Senior IT Auditor and Cyber Risk & GRC professional with over 13 years of experience in the 2nd and 3rd lines of defense within regulated environments: Central Securities Depository (CSD), banking, insurance, and industry.

Certified CISA, CISM, CRISC, CGEIT, CDPSE, and ISO 27005.

My areas of expertise include:

• IT & Cybersecurity Audit — 3rd Line of Defense: ITGC, application audits, cloud, identities (Active Directory, Microsoft Entra ID), OT/ICS

• Third-Party Risk Management (TPRM) — ICT supplier governance, vendor lifecycle (onboarding, due diligence, monitoring, exit), security clauses, sub-outsourcing

• Regulatory Compliance: DORA (Articles 28-30), NIS2, GDPR, SWIFT CSP/CSCF, EU AI Act, CSDR

• Governance, Risk, and Compliance (GRC) — ISO 27001, ISO 27005, NIST CSF, NIST SP 800-53, NIST SP 800-82, COBIT 2019

• Senior Reporting & Stakeholder Management — CISO, Group CSO, Audit Committee, etc.

My background includes a European Central Securities Depository (supervised by NBB/ESMA), ArcelorMittal (industrial IT/OT), AXA Group (2nd line insurance, Group Chief Security Officer), Accenture (international consulting), and Natixis (investment banking).

Bilingual French/English. Available for GRC missions, IT audits, DORA/NIS2 compliance, and TPRM support in large regulated enterprise environments.

Industry field of expertise

Languages

French
Native or bilingual
English
Native or bilingual
Arabic
Native or bilingual

Workplace preferences

Can work on-site

Cormeilles-en-Parisis (up to 20km)

Euroclear
IT & Cyber Audit Manager
BANKING AND INSURANCE
January 2025 - Today (1 year and 5 months)
Paris, France
▪ Led group-wide IT and cybersecurity audit missions at Euroclear, covering third-party risk controls, ICT outsourcing arrangements, and review of contractual security clauses, in compliance with DORA requirements (Articles 28 to 30).

▪ Contributed to the AI Governance Assessment, benchmarking AI strategy, delivery capabilities, protection measures, and AI investments against the EU AI Act and ISO/IEC 42001.

▪ Conducted SWIFT CSP/CSCF compliance audits and ICT third-party risk control audits, aligned with ISO/IEC 27001 and NIST SP 800-53 baselines.

▪ Performed AD and Entra ID security audits, covering the tiering model, privileged access management (PAM), conditional access policies, identity controls, etc.
Swift TPRM DORA Compliance Artificial Intelligence CISA
ArcelorMittal
IT & OT Audit Supervisor
RAW MATERIALS INDUSTRY
December 2021 - December 2024 (3 years)
Paris, France
▪ Designed the multi-year European IT and OT audit plan and delivered audits with a team of 5 auditors under my supervision.

▪ Led Azure cloud security audits covering IAM policies, network segmentation, logging and monitoring (SIEM), as well as configuration baselines aligned with CIS benchmarks and NIST controls.

▪ Covered third-party risk controls and assurance for critical ICT suppliers for IT and OT services in industrial environments, including supplier security clauses and incident response preparation.
NIST CSF OT Security TPRM CISA Azure Cloud
AXA Group
Security & Data Privacy Assurance Manager
BANKING AND INSURANCE
July 2018 - December 2021 (3 years and 5 months)
Paris, France
▪ Led third-party security assurance and TPRM campaigns across AXA's operational entities worldwide, covering the vendor lifecycle: onboarding, due diligence, continuous monitoring, and exit.

▪ Managed the 2nd line of defense security control and assurance activities, reporting directly to the Group CSO and the executive and Audit Committees on operational resilience, GDPR compliance, and information security risks.

▪ Supervised 5 external providers delivering end-to-end security assurance missions, aligned with ISO/IEC 27001/2 and AXA Group security standards.
TPRM GDPR Security Assessment DLP CISM

Check out Farouk's experience

Be the first to recommend Farouk

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master 2 - Extended Enterprise Information Systems: Audit and Consulting
Université Paris Dauphine PSL
2013
Audit des systèmes d’information
Master 2 - Organizational Audit and Risk Management
Université René Descartes
2012
Audit généraliste

Certified Data Privacy Solutions Engineer™ (CDPSE™)
ISACA
2020
https://www.credly.com/badges/fb8aa3db-d0df-486b-96bd-f6b1b0e219b7/linked_in_profile
Data Privacy Data Governance Business Impact GDPR
Certified in the Governance of Enterprise IT® (CGEIT)
ISACA
2020
https://www.credly.com/badges/abf07ed1-6e6f-41ed-bc62-89aace9e824a/linked_in_profile
Enterprise Architecture IT Risk IT Governance

Farouk's certifications are only visible to Malt Community members

Cybersecurity Expert

Farouk Touati

Senior IT Audit & Cyber Risk Consultant

About Farouk

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories