You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Gaëtan FernandesGF

Gaëtan Fernandes

Expert Cybersecurity, GDPR and GRC - Outsourced DPO

€750/day
Nantes, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Gaëtan

🔒 Senior Consultant in Cybersecurity, GRC & GDPR | Outsourced DPO | ISO 27001 Lead Implementer Certified


🚀 Supporting digital transformation by combining security, compliance, and pragmatism

An expert in cybersecurity, GRC, and GDPR, I help my clients secure their information systems, ensure regulatory compliance, and structure their governance for cybersecurity and privacy.

After several years at Wavestone, a leader in cybersecurity consulting, I now work independently to build a more secure, ethical, and resilient digital future.

🎯 Why hire me?

✅ Pragmatic & Results-Oriented Approach– Solutions tailored to operational challenges
✅ Dual Expertise in Cybersecurity & GDPR– Global vision of technical, legal, and organizational issues
✅ Experience in Complex Project Management– Strategic and operational leadership
✅ Excellence in Deliverables– Rigor, clarity, and efficiency in my interventions

🔍 My Areas of Expertise

I cover all topics related to IS governance, regulatory compliance, and data protection:

✔ Cybersecurity & Governance
IS Security Strategy & organizational model definition
Cyber and IS Security project management
Risk analysis (EBIOS RM, ISO 27k)
Crisis management, resilience
IAM
Cybersecurity audit
NIS2, LPM, ISO 27001/27005 compliance

✔ Personal Data Protection
DPO support
Compliance audits, DPIAs
Compliance assessment (GDPR, AI Act)
AI security and confidentiality
Training, awareness

📩 Want to secure your activities and strengthen your compliance?
Let's discuss your challenges today!
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Nantes (up to 50km), Paris (up to 10km), Rennes (up to 30km), Lyon (up to 15km), Vannes (up to 50km)

Experience

  • SNCF Voyageurs
    Cybersecurity Consultant - IS Mapping
    TRANSPORTATION
    January 2025 - Today (1 year and 6 months)
    Nantes, France
    Led the update of the IS risk map, integrating the specifics of about twenty business lines and facilitating collaborative workshops with stakeholders. Adapted the mapping methodology based on ISO 27001 and the Group's methodology. Implemented an approach focused on risks associated with business processes, supported by automated calculations of risk impacts and probabilities of occurrence. Particular focus was placed on formalizing the remediation plan, its prioritization, and its follow-up, to ensure effective and sustainable risk management in a complex and highly interconnected environment. The mapping and its remediation plan incorporate the challenges associated with new regulations (Cyber Resilience Act, AI Act, NIS2...).
    Led the update of the IS risk map, integrating the specifics of about twenty business lines and facilitating collaborative workshops with stakeholders. Adapted the mapping methodology based on ISO 27001 and the Group's methodology. Implemented an approach focused on risks associated with business processes, supported by automated calculations of risk impacts and probabilities of occurrence. Particular focus was placed on formalizing the remediation plan, its prioritization, and its follow-up, to ensure effective and sustainable risk management in a complex and highly interconnected environment. The mapping and its remediation plan incorporate the challenges associated with new regulations (Cyber Resilience Act, AI Act, NIS2...).
    Project Management Risk Mapping ISO 27001 EBIOS RM Risk Analysis and Management
  • Kiplin
    IS Security and Outsourced DPO Expert
    HEALTH AND WELLNESS
    September 2024 - Today (1 year and 10 months)
    Nantes, France
    Within a Nantes-based startup handling sensitive personal data, provided support as an IS Security expert (definition and implementation of a BCP/DRP, deployment of a phishing reporting solution, deployment of an IS Security and GDPR training/awareness solution, pre-sales support...) and as an outsourced DPO (register updates, project support, awareness campaigns, DPIA execution...).
    DPO GDPR Compliance Implementation BCP/DRP CISO ISO 27001
  • Ecole Normale Supérieure
    Project Manager – Cyber Audit and IS Action Plan Proposal
    EDUCATION AND E-LEARNING
    October 2023 - May 2024 (7 months)
    Paris, France
    Project Manager – Cyber maturity audit, IS action plan, and scoping of the IS documentation strategy.

    Conducted a cyber maturity audit of the central IT department and 6 co-supervised entities, based on the France Relance cyber analysis methodology. Formalized an IS action plan based on the maturity audit and penetration tests conducted by the firm. Assessed the existing IS documentation and identified documentation needs by level (strategies, policies, operational sheets) and by scope.
    CISO Support Cybersecurity Audit Remediation Plan Compliance Implementation Governance

Recommendations

Be the first to recommend Gaëtan

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Msc. in management
    emlyon business school
    2021
    Stratégie, transformation des entreprises, conseil
  • M2 Law and Business Ethics
    Université CY Cergy Paris
    2018
    Conformité, gestion des risques, RGPD

Certifications

  • SecNum Academy
    ANSSI
    2020
  • The GDPR Workshop
    CNIL
    2020

Skill set

Categories