Freelancer profile translated to English.

Description

Senior Cybersecurity Consultant specialized in risk governance, regulatory compliance, and Cloud security. I support organizations (large groups, financial sector, insurance & IT services) in implementing robust cybersecurity strategies aligned with international standards.

I master the entire risk management cycle: identification, assessment, mapping, prioritization, and management of remediation plans, with an approach focused on performance, efficiency, and operational compliance.

Areas of expertise

• Cybersecurity Risk Assessment & Risk Management Frameworks

• EBIOS Risk Manager (certified) – analysis, attack scenarios, treatment plans

• DORA Compliance, ISO 27001 / ISO 27005, SOC 2

• Cloud Security

• PKI & Applied Cryptography (Encryption)

• Data Privacy & Privacy by Design

• Data protection, encryption, access control, resilience, and continuity

• Management of audit plans, preparation of control campaigns, executive reporting

Industry field of expertise

Languages

French
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

DSI d'AXA
Senior IT Compliance & Risk Management
BANKING AND INSURANCE
February 2022 - Today (4 years and 4 months)
Paris, France
Details of
• IT Risk Management:
◦ Management of the risk register and support for business teams in implementing remediation plans
◦ Development of schedules and budgets necessary for remediation
◦ Simplification of Cybersecurity and regulatory requirements for non-technical stakeholders.
◦ Monitoring of KPIs associated with risk treatment and closure.
• Coordination of annual internal control and security audit campaigns (ISO/IEC 27001):
◦ Coordination of annual testing exercises conducted by security and internal control.
◦ Review and update of processes to ensure their compliance with Group policies
◦ Monitoring the execution of processes with process owners throughout the year
◦ Collection and consolidation of proof of execution (evidences)
◦ Definition of a governance framework to manage compliance, share progress, and escalate risks to the steering committee.
• IT Compliance Referent within the framework of the DORA regulation implementation
◦ Translation of regulator requirements into action plans adapted to the organization
◦ Review and update of internal IT processes to meet the requirements of the European DORA regulation
◦ Support for IT teams in implementing compliance measures.
DORA Compliance Risk remediation Internal audit ISO 27001 ISO 27005
La Poste & Crédit Agricole
Senior Cybersecurity Consultant
June 2020 - January 2023 (2 years and 7 months)
keys Project management for the deprecation of TLS 1.1 protocol and prohibition of vulnerable cryptographic suites on all IT security equipment (WAF, proxies, servers, etc.), to strengthen the IT system's security posture
• Conduct of a POC with IBM to test the FHE (Fully Homomorphic Encryption) solution on an internal use case
• Monitoring/testing of a post-quantum Time Stamping solution as part of a POC with leading companies in the electronic signature market
• Risk analysis on the use of a dedicated Cloud HSM in the Cloud
Cloud Security Encryption Data protection
Société Générale
Risk Analyst
BANKING AND INSURANCE
December 2018 - June 2020 (1 year and 6 months)
Paris, France
CSRO (Compliance, Security Risk Officer) at La Société Générale
• Analysis of cybersecurity risks for application architectures
• Analysis of HLD and LLD
• Monitoring and support for teams in integrating security into projects
• Proposal of mitigations and monitoring of their application
• Analysis of Pentest reports
• Audit of projects and certification of internal Cloud products according to internal PSSI
• Assistance with PI Planning
• Participation in various Scrum events (Sprint Planning, review, retrospective, daily scrum...).
EBIOS RM ISO 27005