Freelancer profile translated to English.

Description

Cybersecurity consultant | GRC & ISMS ISO 27001:2022 | Internal audits & supplier management

Specialist in Governance, Risk and Compliance (GRC), I manage the implementation and migration of information security management systems (ISMS) compliant with ISO/IEC 27001:2013 → 2022.

I support you in all stages of your compliance project: scope definition, risk analysis (ISO 27005), statement of applicability (SoA), drafting and updating security policies, conducting internal audits, managing and evaluating suppliers via security assurance reviews, audit preparation and team awareness.

Bilingual French/English, I combine technical expertise, practical approach and strategic vision to sustainably strengthen the security posture of organizations and promote a sustainable security culture.

Industry field of expertise

Languages

English
Native or bilingual
French
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

Blauwtrust Groep
Information Technology Security Officer
January 2024 - August 2025 (1 year and 7 months)
Rotterdam, Netherlands
• Managing the ISO 27001 audit for the group and its subsidiaries, from initiation to implementation.
• Development, revision and publication of information security policies and procedures.
• Managing non-conformities to ensure ISO 27001:2022 certification.
. Designing and organizing information security awareness programs, including attack simulations.
• Coordinating IT security activities with internal and external stakeholders.
• Supporting group entities in their regulatory compliance efforts.
• Conducting compliance audits (ISO, DORA, RGPD, ISAE, SOC2).
• Organizing cybersecurity crisis management exercises.
• Designing training and awareness programs for clients and technical teams.
• Conducting phishing simulations to test employee responsiveness.
• Implementing data protection measures (classification, encryption, DLP).
• Supporting RGPD compliance and conducting DPIAs.
• Analyzing supplier contracts to define security requirements.
• Regularly monitoring cybersecurity within subsidiaries.
• Contributing to the development of policies and procedures for the DORA project.
• Managing the review of user access rights on cloud platforms.
• Harmonizing security practices across different subsidiaries.
• Implementing action plans to correct gaps and improve security.
• Revising conditional access policies to strengthen access controls.
ISO 27001 RGPD Microsoft 365 Defender ISO 27005 SOC 2
SAMA PARTNERS Business Solution Gmbh
Local Information Security Officer
December 2021 - December 2023 (2 years)
Mannheim, Germany
• Contributing to the preparation for ISO 27001 certification in collaboration with the lead auditor.
• Developing security awareness initiatives and project plans to support the company's certification.
• Drafting information security indicators and ISMS policies compliant with ISO 27001.
• Raising awareness among the company's various departments about security requirements and supporting their implementation.
• Monitoring audit recommendations and ensuring their proper implementation.
SAMA PARTNERS Business Solution Gmbh
Information Security Specialist
May 2020 - November 2021 (1 year and 6 months)
Drafting explanatory documents on the distinction between the surface web, the deep web and the dark web.
• Monitoring client information and databases on the dark web using advanced tools.
• Developing a script in Python3 to automate scans and provide detailed reports on potential vulnerabilities.
• Conducting research on Cyber Threat Intelligence (CTI) in the MENA regions.
• Strengthening security by using vulnerability scanners and protection tools such as antivirus and EDR.