Hichem T.

Key Responsibilities

• • Design of secure architectures aligned with the group's strategic vision.

• • Steering and monitoring of recommendations for the Fast Isolation & Massive Recovery strategy on On-Premise and Multi-Cloud environments (AWS, Azure, GCP).

• • Use of MITRE ATT&CK, NIST, and CSF frameworks to define attack scenarios and technical isolation/restoration services.

• • Support for crisis management processes and decision-making assistance in case of major incidents (malware).

Deputy Group CISO and Lead Strategic Architect for Identity, Cloud & AI Security at EQUANS, I lead group cybersecurity governance, IT & Cloud risk management, and Identity strategy (IAM/PAM/Zero Trust). I advise the Executive Committee on cyber posture, enterprise architecture, and the impacts of digital transformation, cloud, and AI, ensuring regulatory alignment (NIS2, AI Act, GDPR, DORA).

I design secure and industrialized AI architectures focused on resilience, explainability, and governance. I have developed cyber risk scoring models based on correlating data from cyber defense tools (IAM, PAM, EDR, SIEM, CSPM), integrated into graph-centric architectures (Knowledge Graph) connecting identities, privileges, assets, vulnerabilities, and sensitive data. I integrate traceability, auditability, and compliance requirements from the design phase (NIST AI RMF, ISO/IEC 42001).

I lead strategic group-wide identity transformation programs, including defining the target Identity Governance model (Entra ID), implementing a Zero Trust vision, and modernizing privileged access (CyberArk ISPSS, SIA). I also oversee Azure/AWS Cloud governance, Infrastructure as Code standardization (Terraform Enterprise), and the implementation of Secret Management frameworks (Vault, Conjur, KMS).

My positioning combines enterprise architecture, advanced cybersecurity, AI governance, and the ability to transform complex business challenges into secure, scalable, and compliant solutions, with a strategic and operational vision.

• • IT & Cyber risk assessment and treatment for business projects and transformation programs.

• • Definition of security requirements and support for project teams.

• • Strategic consulting for business units and the Executive Committee.

• • Implementation of security audits, test scenarios, and penetration tests.

• • Regular reporting and follow-up of security action plans.

Cloud Architecture & Security