About Lamiae
English
Native or bilingual
French
Native or bilingual
Arabic
Native or bilingual
German
Basic
Experience
- BnpparibasCybersecurity ConsultantBANKING AND INSURANCEOctober 2025 - Today (10 months)Montreuil, France• Analysis of risk assessments carried out by the 1st line of defense (1LOD) on cloud outsourcing projects.• Review of the Group's cloud outsourcing projects, including APIGEE Hybrid, Power Platform, and AI solutions.• Conducting IT and security risk analyses, according to the ISO 27005 methodology, prior to business and technical projects.• Study of requests for derogation from Group standards.• Management of security derogations and formalization of risk acceptances in coordination with IT and Risk teams.• Evaluation and validation of security solutions in hybrid environments, including Cloud platforms (Azure, GCP, AWS, IBM Cloud).• Monitoring compliance with the Group's security policy and support for cross-functional cybersecurity initiatives.• Active contribution to security committees and collaboration with business teams, IT architecture, DPO, compliance, 1LOD, and Cloud CISO.• Monitoring the application of data encryption requirements and the use of KeyVault (Azure Key Vault or Thales HSM).• I contributed to the study of several projects: DSP2 and DSP3 business projects, Cloud Migration, SaaS solutions, APIGEE Hybrid, AKAMAI API Security.
- AXA Wealth ServicesCISO ConsultantBANKING AND INSURANCEApril 2021 - June 2025 (4 years and 2 months)Nanterre, France• Conducting IT and security risk analyses according to ISO 27005 standards, in line with the Group's IT Risk policy• Development and improvement of risk management procedures: assessment models, risk sheets, security policies (ISO 27001/27002);• Drafting and management of derogations and risk acceptances, in conjunction with security, IT, and business stakeholders;• Conducting periodic security reviews of suppliers (audit, due diligence), with follow-up of associated action plans;• Organization and management of penetration tests in coordination with a service center, external providers, and internal teams;• Monitoring vulnerability remediation: coordination of fixes, re-tests, and long-term action tracking;• Contribution to the detection of risky behaviors, potential incidents, or compliance deviations in projects;• Participation in the security analysis of technical architectures, validation of security requirements in project deliverables;• Support for project teams in integrating cybersecurity from the design phase, in accordance with internal standards and frameworks (ISO 27001, OWASP, PCI DSS);• Contribution to the implementation and verification of PAM controls (cyberark);• Active contribution to the implementation and management of cybersecurity service lines at the corporate and European zone level: DevSecOps, SOC, vulnerability management, SAF (Security Assurance Framework);• Participation in the evaluation and validation of security solutions (API Management, AWS and Azure Cloud), with a security architecture-oriented approach;• Securing key projects: cloud migration (AWS, Azure), SI APIfication project, security configuration of the Mashery API Management solution;• Monitoring security KPIs and developing dashboards for the CISO and local and group stakeholders.
- EQUENS WORLDLINEAPPLICATION SECURITY CONSULTANTDIGITAL AND ITFebruary 2016 - March 2019 (3 years and 1 month)Blois, France1. Application Security:• Development of secure Back End applications in the payment domain (Issuer and Acquirer side) and personal data security: JAVA, Spring, REST/GraphQL API, SWAGGER, API MANAGEMENT (APIGEE), Unix, MYSQL, GIT, HG, Jenkins, JBOSS, Docker;• Implementation of APIGEE and integration of APIs and web services in the Monetary domain (within the scope of DSP2);• Study and development of cryptography algorithms based on NIST recommendations;• Monitoring of penetration tests (Pentest) and report generation;• Configuration and integration of HSM devices (DEP/BULL);• Configuration of several tools like JMAC, ActiveMQ;• Analysis and security audit of code: Manual code review and using SONARQUBE;• Mastery of payment standards (PCI DSS/ISO 27001), NIST recommendations, and GDPR.2. Integration and Operational Security:• Staging and Production Delivery;• Implementation of the Patch Management process;• Monitoring and analysis of security incidents;• Configuration of the ISMP alerting platform;• Defining a platform roadmap;• Configuration, optimization, and delivery of REDHAT environments;• Deployment of platforms with an internal solution;• Platform monitoring using Splunk and HORUS;• Implementation of an API MANAGEMENT platform (APIGEE);• Securing applications with SSO (Single Sign-On);• Platform migration;• Design of applications and software architecture studies;• SQL and NoSQL database administration (Cassandra, MongoDB);• Study, development, and integration of an OAuth 2.0 solution in a JAVA/J2EE application.3. Level 2/3 Technical Support:• Ensuring resolution of Application and Security incidents;• Knowledge transfer (Internship supervisor);• Post-migration assistance;• Conducting presentations in French and English at technical events.
Recommendations
Be the first to recommend Lamiae
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Software Administration and SecurityINSA Centre Val de Loire2016
- Computer Network SecurityEcole Nationale des sciences appliquées KENITRA2014
Certifications
- Scrum Foundation Professional CertificateCertiProf
- Fortify SCA & SSC 18.x. Certified ExpertMicro Focus (formerly HP / Hewlett Packard Enterprise)