Freelancer profile translated to English.

Description

Passionate about Cybersecurity, I support business units with a constant focus on risk management and the "realistic" implementation of best practices and regulations within organizations.

Strong involvement in information security for digital/industrial transformation projects, for all types of organizations: from startups to global corporations, OIV or OSE.

I help my clients improve their Cyber posture and that of their third parties to reduce their vulnerabilities through methodological, technical, or management support and team/project leadership while respecting costs and objectives.

Particularly interested in improving the security level of IS and in Economic Intelligence.

Proven experience in the Pharma & Health Industry; Insurance; Telecoms; Aerospace sectors:

> CYBERSECURITY / IT SYSTEM COMPLIANCE

Governance Risk Compliance (GRC):

- Enabling security strategy (according to "Zero Trust" model): PSSI, charters, rules, processes..

- Regulatory security (Personal and health data protection, ACPR, CFR, SOX, Traceability..)

- Compliance review

- IT Vulnerability Remediation

ISMS Audit & Continuous Improvement (ISO2700x, ASIP Santé, PGSSI-S..)

Technical and functional support to CISOs

Monitoring: Risks; Tools..

Cybersecurity topics managed: Access and Authorizations; Operating systems; Administration; Development; Penetration tests; Workstation; Wired/wireless network; Telephony; Internet access; Public Cloud; Malware; Logs; Backup; Physical security; Business continuity; Mobile equipment; Sensitive information; Messaging; Awareness and training; ISP; Subcontracting; Certificate; Crypto secret.; API; Tokens..

Intervention mode possible: full-time / part-time / shared

Indicative daily rate to be adjusted according to your expectations, responsibilities, duration, etc.

Languages

French
Native or bilingual
Spanish
Fluent
English
Fluent

Workplace preferences

Can work on-site

Bordeaux (up to 50km), Biarritz (up to 75km), Agen (up to 50km), La Rochelle (up to 100km), Bordeaux (up to 100km)

Kering
Identity & Continuity Manager (Interim)
LUXURY GOODS
July 2023 - February 2024 (7 months)
Paris, France
Manager of security, identity, and continuity solutions - Protect & Recover (NIST framework)

Objectives: Ensure interim coverage during recruitment and reduce team turnover.

Program Management: IAM; AD; IGA; PAM; DLP; BIA/DRP; WAF; Obsolescence; Vulnerabilities...
Leading the Protect & Recover team, facilitating MOE workshops for security policies and functions.
Replacement of solutions and services (AD Security, BIA/DRP services tests): Requirements definition;
Technical and functional evaluations; Procurement support (RFP, RFQ), privacy, and legal.
Definition of the Protect & Recover security roadmap 2024-2026: Server/Workstation; User; Identity; Cloud;
Application; Mobile; BIA; Resilience; Crisis management.

Client environment: Workday; SAP IDM; Okta; AD (+65k accounts); Entra ID; Tenable.ad; PKI AD CS; Wallix;
Teleport; Cybereason; AWS; GCP; Azure; Zscaler; Panorays; Splunk; Jira; ServiceNow...
Identity and Access Management (IAM) PAM Active Directory IGA DLP BIA DRP WAF obsolescence Vulnerability Management meeting facilitation Team Cohesion
KEOLIS BORDEAUX METROPOLE MOBILITE
Deputy CISO
TRANSPORTATION
October 2020 - July 2023 (2 years and 9 months)
Bordeaux, France
Objectives: Compliance with LPM; Improve IT security maturity; Address tripartite governance (private-public)

GOVERNANCE / RISKS / COMPLIANCE
Compliance: LPM (legal) and II 901 (interministerial instruction)
• Definition and Management of "Security Assurance Plan" (PAS) roadmaps
• Budget: Production of a technical memorandum & CAPEX / OPEX Monitoring (+ €4M)
• Daily CISO coaching in a strong political context and sustained pressure
• Rollout & Project Management: Mapping / Micro-segmented infrastructure study / Hardening (access, AD, network segmentation, filtering gateway, secure exchanges) / Backup / SIA / Privileged access (Bastion) / Incident detection / SIEM / Proxy / PSSI, charters, rules / IS Security KPIs / PCI / Crisis management / Audit, Pentest / Approval...
• Supplier relations (qualification, third-party questionnaire, PAS, maintenance contract refactoring) and commitment monitoring
• NIS V2 impact analysis
Integration / Remediation:
• Monitoring, selection assistance, and implementation of security solutions (On-prem or SaaS), governance or technical (Compliance; Vulnerability; Probe...), managed services (SOC/EDR; PDIS...) and outsourced services (Audits; Studies; PRIS...)

Client environment: Confidential
ISO 27001 ISO 27002 LPM Interministerial Instruction 901 Governance Compliance Security Audit
MAIF
Assistant CISO - Freelance Cybersecurity GRC Expert
BANKING AND INSURANCE
May 2019 - December 2020 (1 year and 7 months)
Niort, France
Objectives: Design the IS Security Policy based on the "Zero Trust" model; Manage risks; Raise user awareness

Strategy / Governance
• Operational support for the Group's PSSI development: Charter; Rules (2); Glossary; Processes
• Collaboration with experts on IT security and risk aspects
• Advice and drafting of specifications for industrializing IS security activities

Awareness: Monitoring and organizing communication actions on cyber risks

Risk and Compliance: Mapping of IS Security Risks "ACPR": Inventory of risk management measures

Audit & Control - Security health of the Third-Party Ecosystem: PoC for monitoring and rating the Cyber risks of essential suppliers

Security Assurance Plan (PAS) - Supplier Relations: Compliance review of standard and advanced PAS

ISP: Identification of IS security rules applicable to project scopes

My environment:
(1) tools: Office; SharePoint; ServiceNow; SecurityScorecard; RSA Archer; Dataviz
(2) +21 technical & functional topics: Access and Authorizations; Operating systems; Administration; Development; Workstation; Wired/wireless network; Telephony; Internet access; Public Cloud; Malware; Logs; Backup; Mobile equipment; Sensitive information; Messaging; HR awareness and training; ISP; Subcontracting; Certificate and cryptographic secret; API; Tokens... representing +450 IS security rules
(3) regulatory: Solva 2; ACPR; GDPR; NIS

Client environment:
Mega; Assyst; Jira; Fortinet; Cisco; F5; Kaspersky; McAfee; EMM; MDM; Qualys; EJBCA; Yogosha; Bastion; MFA (PingID); Yubikey; CASB; DLP; SSO (Pingfederate); CybelAngel; Bluecoat; Hadoop; Alteryx; Spotfire; Azure; AWS; Git; Bug Bounty; SOC; Telecom operators...
Cybersecurity Audit risk

Check out Franck's experience

Be the first to recommend Franck

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

MBA MaCYB - Cybersecurity Management and IS Governance
Ecole de Guerre Economique (EGE)
2022
General Engineer (Master's degree)
CESI, Blanquefort
2004
Management Projet & Ressources Humaines / Organisation d’entreprise

eSCM-CL (eSourcing Capability Model for Client Organizations)
eSourcing partners, Boulogne-Billancourt
2015
Purchasing Sourcing Outsourcing of digital activities
ISO 27001
PECB
Audit ISO 19011 ISO 27001

Cybersecurity Expert

Franck Lambaudie

Cyber Risk/Compliance/SSI Project Manager

About Franck

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories