You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Guillaume LehembreGL

Guillaume Lehembre

Cybersecurity Expert / CISO / CISO

€1,000/day
Paris, FR
15+ years
Risk Management
Leadership
Security Governance
Cybersecurity Strategy

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Guillaume

I am aCybersecurity enthusiastwith over **20 years of professional experience**.

I started my career as a security consultant for 8 years, carrying out numerousoffensive securityor consulting assignments before joining the financial sector for over 12 years, where I held several positions related to **defensive security**. I therefore have a dual security background with practical experience of various attack methods and now solid experience in implementing various defense mechanisms within critical and regulated financial environments.

During these experiences, I was able to complement my initial technical expertise with team management, budget management, strategic project leadership, and the construction of enterprise cybersecurity strategies aligned with business risk analyses.

I therefore havestrong operational and organizational security skillsto meet your needs.

What characterizes and distinguishes me:
-Apragmatic and educational approachto security, business and risk-oriented, drawing on concrete offensive security experiences to implement appropriate security measures.
-Anability to simplifysecurity topics according to my audience: from the board of directors to business stakeholders and security administrators.
-Strong technical skillsenabling me to manage operational teams and **challenge technical choices**.
-Rigorin drafting deliverables

Feel free to contact me.
Banking and Financial Services
Consulting and Audits
Insurance
Telecommunications

  • French

    Native or bilingual

  • German

    Fluent

Can work on-site
Paris (up to 10km), Dijon (up to 50km), Lyon (up to 10km)

Experience

  • LCH SA (London Stock Exchange Group)
    Chief Information Security Officer
    BANKING AND INSURANCE
    April 2022 - February 2024 (1 year and 10 months)
    Paris, France
    ▪ Present security issues during board meetings of LCH SA, to the CEO of LCH SA and the CISO of LSEG.
    ▪ Participate in the IT steering committee and internal governance bodies to align security strategy with the company's IT challenges.
    ▪ Manage LCH SA's security budget and lead a team of 8 specialists to strengthen the entity's security posture.
    ▪ Chair the LCH SA security committee, driving the protection strategy and initiatives.
    ▪ Serve as the main point of contact with regulators on security matters (ECB, BDF, ACPR, AMF, SEC) and lead regulatory compliance projects.
    ▪ Conduct key projects: LPM compliance and certification, migration to an outsourced SOC, deployment of PAM solutions (Wallix / BeyondTrust), Cloud security (AWS, Azure).
    ▪ Evaluate IT project security to ensure compliance with standards and reduce operational risks.
    ▪ Contribute to the LSEG security program, ensuring LCH SA's specificities are taken into account.
    ▪ Improve operational resilience and security incident management.
    ▪ Implement DORA regulatory compliance.
    ▪ Develop security training programs to raise awareness and strengthen security culture within teams.
    NIS LPM DORA Cybersecurity Strategy Security Incident Management
  • BNP PARIBAS
    BP²I Chief Information Security Officer (BP²I) - Group Manager
    BANKING AND INSURANCE
    April 2020 - March 2022 (1 year and 11 months)
    93100 Montreuil, France
    ▪ Lead a team of 150 people across 3 main business areas:
    - IT Security Governance, Continuity Management, Cyber Resilience, Data Analysis & Insights.
    - IT Security Access Management (SAAM / eTAC / LDAP IDM) & Mainframe Security (TSS / RACF).
    - IT Security Infrastructure - Secret Management (CyberArk / HashiCorp), Vulnerability Management (Qualys / Prisma Cloud) & Hardening (TSCM / Tanium), Log (Splunk / Elastic) & Data Encryption (Vormetric).

    ▪ Manage security for a multi-country scope (France, Italy, Belgium), with shared production managing over 45,000 devices (servers, appliances, mainframes, networks).

    ▪ Deploy security services on IBM Cloud (IaaS / PaaS / KaaS) and manage security services provided by IBM.

    ▪ Contribute to the BNPP Cybersecurity program (sponsor security projects led by BP²I – 10,000 person-hours) and Multi-Cloud (IaaS / PaaS / KaaS).

    ▪ Contribute to security responses for audits (ANSSI, BCE, BOE, local regulators).
    Cybersecurity Governance NIST Leadership Cybersecurity Strategy LPM
  • BNP PARIBAS
    IT Security Access Management (BP²I) – Domain Manager
    BANKING AND INSURANCE
    October 2016 - March 2020 (3 years and 5 months)
    93100 Montreuil, France
    ▪ Lead a team of 50 people across 4 activities:
    - System IAM for BNP Paribas shared production: N2, N3 support, engineering & architecture.
    - Group LDAP: N3 support.
    - Vormetric (Thales): N3 support.
    - System authorization management, controls, access governance, and functional support.

    ▪ "Service Owner":
    - System IAM for BNP Paribas shared production named SAAM (System Authorization and Access Management) and the UNIX access control solution eTAC (eTRUST Access Control – CA PAM): 12,000 users, 14 million individual accounts managed, 250,000 passwords changed on average per day.
    - Group LDAP directory based on the LDAP IDM solution (Red Hat).
    - Vormetric (Thales): file system encryption solution.

    ▪ Manage security for a multi-country scope (France, Italy, Belgium), with shared production managing over 40,000 devices (servers, appliances, mainframes, networks).

    ▪ Contribute to the BNPP Cybersecurity program:
    - Redesign of the SAAM solution based on CA Identity Suite, CA Identity Manager, CA Identity Governance.
    - Implementation of a Group LDAP directory for UNIX systems (over 25,000 servers).
    - Thales Vormetric (file system encryption / access control).
    - CyberArk PSM, industrialization of the use of reusable accounts on OS, middleware, and database layers.
    - Least Privilege.
    - Access management: expansion of SAAM coverage, account justification & labeling, eradication of orphan accounts.
    - Database security (IAM).
    - Multi-Cloud: Access Management & HSM.
    Team Management Project Management Cybersecurity Strategy PAM IAM
Check out Guillaume's experience

Recommendations

Be the first to recommend Guillaume

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master's Degree
    TELECOM PARISTECH (ENST
    2004
    Mastère Spécialisé
  • Network Engineering Degree
    EFREI (French School of Electronics and Computer Science)
    2003
    Ingénieur spécialité Réseau
Check out Guillaume's education

Skill set

Cybersecurity
CISO
CISO
NIST
NIS
NIS2
DORA
LPM
Security Audit
PenTest
Security Architecture
Project Management
Program Management
Team Management
Security Incident Management
Governance, Risk & Compliance (GRC)
IAM
PAM
Vulnerability Management
Cloud Security
EDR
Security Compliance
Cryptography
CISSP

Categories