Freelancer profile translated to English.

Description

With a strong background in cybersecurity, IT risk management, and regulatory compliance, I wish to leverage my expertise in companies.

With over 15 years of experience in demanding banking and financial environments (BNP Paribas), I have managed regulatory compliance programs (DORA, NIST, ISO 27001), supported IT and business teams in integrating security into projects (ISP, Secure Design, DevSecOps, Application Security), and ensured the follow-up of internal and external audits in conjunction with supervisory authorities.

At BNP Paribas, I was a key player in IT compliance, conducting risk assessments, implementing continuous control processes, and overseeing action plans following audits. I also led impact analyses of European regulations (DORA) and designed adaptation strategies for international subsidiaries (Madrid, Bucharest).

Currently, as a Cybersecurity Expert at the Ministry of Health, I define the IT security strategy, oversee the implementation of security controls in IT projects, and train teams on best security and risk management practices.

Languages

English
Fluent
French
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 30km)

Haute Autorité de Santé
Cybersecurity/GRC/Risk Management Expert
HEALTH AND WELLNESS
October 2024 - Today (1 year and 8 months)
Saint-Denis, France
Designed security strategy aligned with the IT/business for 2024/2025
- Identify the features to be developed for 2024/2025,
- Analyze the security needs of each feature,
- Plan the secure design (Threat modeling and Security assessment) workshops with the business and the IT,
- Perform the secure design: Threat modeling (STRIDE) and Security assessment,
- Identify the non-compliance and initiate the risk form with remediation plan
- Security requirements identification to implement during the development,

Control the security requirement implementation with the IT team and Business during the SDLC
- Workshop with the IT team to identify which security measures should be implemented during the sprints
- Define the security gates and the rules
- Plan periodically meeting with the IT team to control the implementation of security requirements during the development
- Risk management performed on the non-compliance

Writing procedural documents on :
- Habilitation procedure
- Incident management
- Integration Security in the project procedure
- Risk management procedure

Perform ISP (integration of security in the project) :
- Perform an assessment of security for the new project
- Perform third party assessment for outsourced development
- Identify the non-compliance and initiate a risk form
- Follow the risk form and the implementation of remediation plan

Report the posture of security to the management (reporting of metric and KPI)

Train the business on the following topics :
- Risk management
- Secure design
- Security best practices
- Agility Vs Security
- Data classification process

Participate of Disaster Recovery test and make a Retex to improve the process
Compliance Risk Management Risk Mapping Secure Design Security Assessment Project Security Analysis NIST CSF GDPR Data Classification Analysis Permanent Control Risk Analysis and Management Risk Prioritization Integration of Security in Projects Agile Method ISO 27001 Lead Implementer NIS V2 Third Party Audit Third Party Management EBIOS RM
BNP Paribas Personal Finance
Security/DORA Auditor Expert
BANKING AND INSURANCE
February 2023 - October 2024 (1 year and 8 months)
Paris, France
- DORA Audit
• Analyze framework Dora for ICT Risk management, Digital resilience test and ICT related incident.
• Assessment to identify gap analysis between DORA regulation and the cyber requirements implemented.
• Design Application Security process to address all mandatory security requirements for Digital resilience Test during the development (Agile).
• Drafting training course on Application Security and DORA topic for developers and TechLead to acculturate them.
• Support local IT Risk team to understand what it expected for the DORA pillar « Digital resilience test » and « ICT related incident »
• Design a Security Test strategy to help team to be compliance with the Security requirement
• Train IT team/Product Owner in different location (Bucharest, Madrid, Munich and Milan)
 Application Security and DORA
 Security Champion role
 Security test strategy
 Vulnerability management
 ISP : Integration security in the project
 Agile Vs Security

• Control the compliance with the DORA/GDPR/NIST/ISO 27001 framework
 Control periodically the procedural and identify the non-compliance
 Perform security review on the application and system.
 Perform scan on the application and system to identify the vulnerabilities
 Report the result with the non-compliance
 Create risk-form based on the non-compliance
 Help the IT team to define and implement the remediation plan
 Follow the remediation plan achievement and the risk form
Cybersecurity Risk Management DevSecOps Trainer Threat Modeling Vulnerability Management Security Audit DORA DORA Compliance Risk Analysis and Management DORA Audit Support for IT Teams on DORA Agile Method ISO 27001 Lead Implementer NIST CSF EBIOS RM ISO27005 Third Party Risk Management
BNP Paribas Personal Finance
Cybersecurity ISP/Third Party Expert
BANKING AND INSURANCE
February 2022 - February 2023 (1 year)
Levallois-Perret, France
- Implement security in the project: ISP
• Integration security in the project Procedure drafting
• Coaching Tribe leader and Security champion on Risk management procedure and good practices
• Perform with business the secure design (implement Threat modeling methodology) to identify the possible cases of fraud or non-compliance on use cases
• Perform Security Assessment for all new projects and ensure compliance with DORA/NIST/PCI-DSS
• Workshop with the IT team to identify which security measures should be implemented during the sprints
• Define the security gates and the rules
• Plan periodically meetings with the IT team to control the implementation of security requirements during the development

- Third party audit when the product is outsourced
- Analyze the third party questionnaire
Secure Design Security Assessment Project Security Analysis Risk Analysis and Management Risk Prioritization Data Classification Project Context Analysis Cyber Risk Reporting KPI/Metric Collection Procedure Writing EBIOS RM ISO 27005 NIST CSF Third Party Management Third Party Audit Third Party Risk Management

Check out Houfani's experience

Be the first to recommend Houfani

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master of Science in Cyber Security
University of Technology of Troyes (UTT)
2020
Master in Forensics and Cyber security
Master in New Technology and E-business
School of Management - Business School (ESG)
2005
Master in New Technology and E-business

Check out Houfani's education

ISO27001 Lead Implementer
PECB
2021
ISO27001
ISO27001 Lead Auditor
PECB
2021
ISO 27001 Lead Auditor

Houfani's certifications are only visible to Malt Community members

Cybersecurity Expert

Houfani Sélim

Cybersecurity/ISP/Secure Design/Compliance Expert

About Houfani

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set (62)

Categories