Freelancer profile translated to English.

Description

Outsourced CISO and GRC cybersecurity consultant, I support executives, CIOs, and public or private organizations in structuring, managing, and governing their cybersecurity.

My approachis resolutely focused on decision-making, risks, and prioritization. I help my clients move from a reactive, often technical, and endured cybersecurity to a managed, understandable, and defensible cybersecurity at the executive level.

I intervene in particular on:

• Outsourced or transitional CISO missions

• Cybersecurity and compliance diagnostics (NIS2, ISO 27001, GDPR, PCI-DSS)

• ISMS governance, cyber risk analysis and management

• Preparation for audits and regulatory requirements

• Board-level reporting and deliverables

Accustomed to complex and regulated environments,I work closely with IT, security, and business teams, ensuring alignment of cyber challenges with business objectives.

My goal: to help decision-makers understand, arbitrate, and take ownership of their cybersecurity choices, with a pragmatic, structured, and jargon-free approach.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Lille (up to 50km), Paris (up to 50km), Lyon (up to 50km)

LEON GROSSE
Quick NIS2 Diagnostic
CIVIL ENGINEERING
December 2025 - January 2026 (1 month)
Paris, France
• • Design of a NIS2 control grid and calculation of the maturity score by measure family.
• • Facilitation of thematic workshops (governance, identity, system hardening, logging, detection/response, BCP/DRP).
• • Development of a prioritized action plan (quick wins & strict minimum) with budget estimation.
• • Production of premium deliverables: "board-ready" report and visuals (radar chart, bar chart) for the Executive Committee. Results: Complete restitution in 10 working days, adoption of the action plan by management.
NIS2 Compliance Cybersecurity Management Risk Analysis Cybersecurity Strategy Regulatory Compliance
SFR
NIS2 Aligned Technical Audit
TELECOMMUNICATIONS
July 2025 - December 2025 (5 months)
Bron, France
• • Design of a NIS2 control grid and prioritized action plan (quick wins & long term).
• • Coordination of technical teams for Linux hardening (RHEL8/9) and security integration (firewalld, SELinux, MFA).
• • Implementation of key controls: patching, vulnerabilities (Nessus), logging (QRadar), secure CI/CD (GitLab).
NIS2 Compliance Cybersecurity Audit Cybersecurity Governance Steering Committee Regulatory Compliance
Volkswagen
ISMS Audit Coordinator
AUTOMOBILE
June 2024 - May 2025 (11 months)
Paris, France
• • Preparation and management of internal and external audits (ISO 27001, NIST, ISAE 3402, PCI-DSS, GDPR).
• • Management of security dashboards and detailed reporting.
• • Identification and protection of assets throughout their lifecycle. Results: Multi-standard compliance achieved, reduction of critical gaps.
GRC Cybersecurity Cybersecurity Governance Cybersecurity Strategy Risk Analysis and Management PCI DSS