Freelancer profile translated to English.

Description

Cybersecurity consultant with in-depth expertise in Information Security Management Systems, risk analysis, and regulatory compliance. Significant experience in ISMS implementation, audits, and integrating security into projects. Proven ability to improve IT infrastructure security and ensure compliance with ISO 27001 and other industry regulations.

Languages

French
Native or bilingual
English
Fluent
Arabic
Native or bilingual
Kabyle
Native or bilingual
Spanish
Conversational

Workplace preferences

Can work on-site

Paris (up to 50km)

Tribun Health,
Information Security Manager
MEDICAL
July 2023 - Today (2 years and 11 months)
Paris, France
Full implementation of an Information Security Management System (ISMS certified ISO 27001:2022 in 2025):
Developed the organization's information security strategy, ensuring alignment with business and security objectives.
Conducted information security risk assessments and implemented a risk treatment plan.
Ensured compliance with all applicable legal, regulatory, and contractual requirements.
Managed security incidents (ManageEngine, Wazuh, WatchGuard).
Managed configurations and vulnerabilities (ManageEngine, Active Directory, Entra ID, Azure policies).
Established a BCP/DRP to support business continuity.
Facilitated regular employee training programs on security best practices.
Integrated security into the development, deployment, and maintenance lifecycle, ensuring compliance with Food & Drug Administration requirements.
Integrated security into vendor and human resource management.
Chaired the information security committee and provided updates on ISMS status.
Trained and mentored information security interns.
Implemented a SIEM (Wazuh).
System Administration:
Managed and implemented the data migration project to SharePoint.
Managed Azure infrastructure, including virtual machines, storage, and networking, to ensure optimal performance and security.
Managed and maintained Active Directory and company IT assets (hardware inventory and software license management).
Managed VMware vSphere, including virtual machines, storage, and networking.
Administered Microsoft 365 solutions (Exchange, Teams, SharePoint, Dynamics...)
Threat Modeling STRIDE FDA NIST Microsoft 365 Administration
Serma Safety & Security,
GRC Consultant
CONSULTING AND AUDITS
March 2020 - June 2023 (3 years and 3 months)
Paris, France
Project Manager – Risk Analysis Service Center (EBIOS RM Methodology) – (Equans)
Led over 50 risk analyses for a major industrial client: scoping, coordinating deliverables, presenting results.
Facilitated steering committee meetings with client stakeholders, monitored actions, and reported progress.
Managed resources and planning: defined workloads, allocated consultants, and supervised production.
Reviewed, validated, and continuously improved deliverables (risk analyses, treatment plans, mappings).
Consultant in Risk and Compliance Service Center - (Allianz):
Performed over 25 EBIOS RM risk analyses on strategic projects involving critical business processes.
Conducted in-depth assessments of BCP and DRP for strategic suppliers involved in critical processes.
Analyzed the operational capability of service providers to maintain key activities in case of crisis or disruption.
Assessed the security maturity of service providers.
Cybersecurity Auditor mandated by clients (Société Générale):
Conducted on-site audits, covering both organizational aspects (ISMS governance, business continuity, incident management) and physical aspects (access control, facility security, off-site backups).
Risk Consultant (Sebia):
Supported FDA approval for medical devices (AAMI TIR 57, EBIOS RM, STRIDE, Secure Architecture).
Security and Risk Architect (Alstom):
Supported the security-by-design approach for the automated metro project (IEC62443).
ISMS Referent (Bpifrance):
Supported project teams from the scoping phase.
Evaluated cloud architectures (Azure, AWS).
Promoted DevSecOps best practices.
Performed ISO 27005 risk analyses on application projects.
EBIOS RM Security Audit ISO 27001 ISO 22301 BCP/DRP
ALD Automotive,
Assistant CISO
BANKING AND INSURANCE
September 2017 - September 2019 (2 years)
Paris, France
Risk Management:
Security risk analysis (Web Application, AS400, Salesforce, GED…).
Conducted Business Impact Analysis (BIA).
Security Audit Follow-up (Pentest):
Analyzed audit reports and presented findings to the IT department.
Monitored remediation plans.
Participation in PSSI Drafting:
Wrote security policies and procedures.
Project Management:
Managed user rights and authorizations.
Led workshops to gather business needs.
Created new security profiles, roles, and groups.
Updated the rights matrix.
Application Compliance with GDPR:
Identified and classified personal data in applications.
Reviewed processing purposes (DPO, Business Owners).
Employee Cybersecurity Awareness:
Led IT security awareness workshops (monthly for new employees at ALD Automotive).
Assisted employees with phishing alerts.
DLP Alert Handling:
L2 Correspondent for the information leakage prevention system.
Investigated and followed up on action plans in case of leaks.
Workstation Management (Tanium):
Monitored patch management.
Tracked CVE remediation.
Monitored and managed Shadow IT.
EBIOS RM DLP Tanium Symantec Endpoint Protection Python