Karim Eddrhourhi

Responsible for the quality strategy and test automation of the Client Care Platform (CCP) — a blockchain solution (Polygon) deployed for 7 Richemont Maisons across e-commerce and point-of-sale channels.

Strategy

▸ Defined and maintained the global test strategy (functional, API, UI, performance, security) across the entire Richemont scope, reducing the critical defect escape rate to < 3% per sprint.

▸ Implemented quality gates (unit tests, coverage rate, static analysis via Snyk/GitGuardian) in GitLab CI/CD pipelines, systematically blocking any non-compliant delivery before production.

▸ Developed test plans, designed 500+ test cases, and produced campaign reports at the end of each cycle — with a summary of quality indicators for decision-makers.

GRC & Application Security Consultant – NCC Group (2019–2022)

Consulting mission in cybersecurity and risk management for major European clients, as part of a GRC & AppSec practice.

Key interventions:

• Mapping of cyber risks for application, infrastructure, cloud, and third-party scopes — identification of exposure areas and prioritization of corrective actions.

• Review of existing security controls (IAM, logging, patching, backups, SOC) and formulation of improvement recommendations aligned with ISO 27001 and NIST CSF.

• Conducting TPRM (Third-Party Risk Management) assessments for critical suppliers — contractual analysis, security questionnaires, residual risk scoring.

• Participation in internal and external audits — evidence collection, control testing, drafting findings and remediation plans.

• Strategic support to the CISO: contribution to the security roadmap, reporting to management, advice on governance and overall risk posture.

Technical & Regulatory Environment: ISO 27001 · NIST CSF · GDPR · PCI DSS · Tenable Nessus · Burp Suite · OWASP ZAP · Acunetix · AWS · IBM AppScan · HP WebInspect

Managed the entire quality assurance process for Vodafone's strategic mobile application — from requirements testing to production deployment — with a strong focus on performance, reliability, and business rule compliance.

▸ Designed and industrialized a Java/Selenium automation framework (Page Object Model) coupled with Katalon Studio, halving regression cycles and reducing manual testing load by 30%.

▸ Integrated BDD scenarios (Cucumber) and API contract tests (Rest Assured) into the Jenkins CI/CD chain — automated coverage > 90% of critical user journeys.

▸ Produced test plans, traceability matrices, and effort estimates for 12 simultaneous functional deliveries covering functional, API, UI, and performance aspects.

▸ Led bi-weekly quality review meetings with the CIO and sponsors (defect rates, coverage, execution velocity), enabling informed go/no-go decisions.

▸ Managed a QA team of 10 people in onshore/offshore mode across 3 time zones, with no engagement slippage over 2.5 years.

🛠 Technologies: Selenium WebDriver (Java • Page Object Model) • Katalon Studio (Groovy • keyword-driven) • Cucumber (BDD) • Rest Assured • Jenkins • IntelliJ IDEA • Jira