About Makan
French
Native or bilingual
English
Fluent
Experience
- Crédit Agricole AssurancesIS Support and CISOBANKING AND INSURANCEFebruary 2020 - Today (6 years and 5 months)Paris, FranceCISO Assistance and various missions• Assisting the CISO in their duties:o IS Security Organization: monthly security committees, resource and skills management.o Managing security integration in V-cycle and agile projects (Security Risk Analysis, DevSecOps, framing and management of security audits).o Implementation and operational management of security:▪ Security Architecture and Standards.▪ Participation and role in Cyber Crisis Management.▪ Incident and vulnerability handling.▪ Security configuration guide for IS components.▪ Design and deployment of security solutions.▪ Security watch.o Management of continuous controls in conjunction with the IT Risk Manager: vulnerability, security incident, obsolescence management, monitoring of Internet online services, etc.• Other Missions:o Security Architect and Technical Expert in supporting technical and business projects.o Security lead for the Group's data platform (Big Data) at CAA:▪ Functional, organizational, and documentary audit of the platform.▪ Management of pentests on the entire platform (technical foundation, system, and application).▪ Definition of the data platform's security strategic plan (budget of 2.5 million euros).▪ Monitoring of the strategic plan's implementation.▪ Definition of a security framework for the data platform (Security and Resilience).▪ Definition of a reference framework for Data Access Management.▪ Performance of risk analyses on platform use cases (data exposure via APIs, AI, IFRS, AML/CFT, Archiving and Data Purge, etc.)...▪ Etc.o M365 Security Lead:▪ Performance of risk analysis for the technical foundation.▪ Performance of risk analyses on applications and uses (collaboration tools, messaging, Teams applications, etc.).▪ Implementation of a data classification framework.▪ Monitoring of residual risks.▪ Recommendation of security solutions.o Definition and Management of DevSecOps implementation:▪ Performance of a review of work carried out (organization, process, automation, etc.).▪ Construction of the trajectory towards the DSOMM (DevSecOps Maturity Model) target in line with the IS strategic plan: Software factory, Acculturation & Organization, Implementation, Information Gathering, Audits & Tests.▪ Definition of a new governance around DevSecOps activities, deployment of security champions in squads, definition of security gates.▪ Definition of indicators and monitoring thresholds.▪ Study of the implementation of a GRC tool (Security Framework).▪ Activity animation: newsletter, Mob hacking sessions, etc.o Management of the implementation of CAA Group's email domain security plan: deployment of SPF, DKIM, DMARC protocols.o Implementation of the CAA Group's inventory of applications and Internet online services, followed by the management of continuous monitoring policy implementation.o Support and training of new hires on the Crédit Agricole group's risk analysis method.Technical environment: M365, Checkmarx, MAPR Secure, Ambionics, Tenable, Merox, Docker, Kubernetes, Jinkins, XRAY, AquaSec, Trivy.
- PacificaSenior Consultant, Business Support, CISO and Deputy CISOBANKING AND INSURANCEApril 2014 - Today (12 years and 4 months)Paris, FranceIS Security Support and CISO• Management of SIIS (Strategic Information System) accreditation for Pacifica.• Direction and management of recommendations for the CARS program (Crédit Agricole Security Reinforcement), a program dedicated to the application of the LPM (Military Programming Law).• Support for the implementation of GDPR (General Data Protection Regulation):o Performance of DPIAs on identified processing activities.o Gap analysis on applications to identify security measures required for compliance.o Development of a 3-year compliance plan for business applications.• Framing and implementation of code audit processes:o Solutions benchmark.o Management of the implementation of the chosen solution.o Definition of the code audit process.• Risk analysis and support for business and technical projects:o Risks related to IT service outsourcing, data localization, personal data, and provider selection...o Support for business projects and MESARI risk analysis: online contracting (auto, home, legal protection, agricultural, etc.), smartphone applications, customer feedback collection campaigns, A/B Testing, online claim reporting, electronic reporting (eConstat), customer connection...o Support for technical projects: smartphone applications, workstations, printers, multi-factor authentication, voice over IP (WebRTC), data center relocation, backup strategy, etc.o Support for architects on the security aspects of the solution's technical architecture.o Integration of vulnerability remediation processes into projects (vulnerability scanning, penetration testing, code audit).o Awareness raising, sharing, and enrichment of the security reference framework for its adoption by development teams.• Support for the legal department, DPO, and CISO to facilitate the integration of security and GDPR clauses into outsourcing contracts for hosting, objectives:o Raise awareness among business and technical project managers about GDPR and the security risks of information systems (IS) related to any outsourcing of business applications.o Provide a consistent approach to detect procurement projects for outsourced platform services (Shadow IT).o Implementation of a security questionnaire to assess the maturity level of outsourced hosting providers.o Establishment of a set of standard contract clauses and a security requirements database, to be adapted according to the specific context of each infrastructure outsourcing project.• Study on the security aspects of business application eligibility for cloud hosting:o Definition of evaluation criteria.o Cloud vs. On-premise comparison.o SaaS solutions comparison.o Definition of security directives for applications containing personal or sensitive data.• Management of audit and penetration testing missions: WiFi, IPS infrastructure, telephony (WebRTC), workstations, printers, business applications, smartphone applications, Microsoft Azure, etc.• Source code audit of business applications with Checkmarx: analysis and qualification of vulnerabilities, definition of the remediation action plan.• Security project framing: deployment of security bastions (CyberArk), log management, code audit, workstation encryption with ZoneCentral, etc.• Framing and Implementation of SIEM and SOC.• Other activities:o GDPR Lead.o Security Integration in Projects Lead.o Lead and functional role within the IS Security team.o Risk Treatment Plan.o Management of the business continuity plan for Pacifica subsidiaries.o Management of the risk dashboard monitoring (strategic and operational indicators).Technical environment: Checkmarx, Microsoft Azure, CyberArk, Splunk, ZoneCentral...
- CA.SA (Crédit Agricole)Security ConsultantBANKING AND INSURANCEFebruary 2012 - June 2012 (4 months)Paris, FranceDistributor IS, Producer IS:Support for CASA in implementing a global access control strategy for Distributor IS and Producer IS interconnections.• Facilitation of working meetings with Crédit Agricole entities (CAAGIS, PREDICA, etc.).• Presentation of a state-of-the-art on customer identity management and securing service calls between partner IS.• Joint analysis of different scenarios leading to the definition of a shared strategy on these topics.
Recommendations
Be the first to recommend Makan
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- EngineerTélécom Lille (Mines-Télécom)Sécurité des systèmes d’information et sûreté de fonctionnement