Freelancer profile translated to English.

Description

Attached to the General Management of the Crédit Agricole Group, I work on IT audits of the General Inspection, specializing in Information Systems Security for the Group's entities (including international entities). Today, thanks to my past experiences, I have been able to acquire:

✅ A 360° vision of cybersecurity issues, in its technical, functional and organizational aspects;

✅ Pedagogy and adaptability to the different profiles of my interlocutors (top management, operational staff, audit supervision).

As an independent consultant, I can carry out missions of:

🛡️ Implementation of an ISMS;

🛡️ CISO / CISO support;

🛡️ Audit and improvement of a security process (incident management, vulnerabilities, IT obsolescence, outsourcing / IT service providers, in particular);

🛡️ Risk analysis;

🛡️ Cybersecurity crisis management;

🛡️ Project and security program management (SOC, in particular);

🛡️ Compliance (DORA, NIS2, EBA guidelines, in particular);

🛡️ Security training / awareness;

🛡️ Production and monitoring of security dashboards.

Industry field of expertise

Languages

English
Fluent
French
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

Confidentiel
Cybersecurity Consultant
March 2025 - Today (1 year and 3 months)
Paris, France
Security assessment of projects and new service providers
Document overhaul
SSI compliance
Management of red team, CAC, etc. audits.
Cyber governance (monitoring of indicators, management of committees)
Implementation of cyber solutions (password manager)
Lacoste
Cybersecurity Consultant
LUXURY GOODS
March 2024 - March 2025 (1 year)
Paris, France
Cyber governance (committees, monitoring of indicators)
ISP and project support
SSI compliance
Management of red team, CAC, etc. audits.
Cybersecurity IS governance
Crédit Agricole SA
Auditor Inspector
BANKING AND INSURANCE
April 2021 - January 2024 (2 years and 8 months)
Montrouge, France
Evaluation of information systems, security policies and risk management practices according to a cybersecurity audit methodology comprising several phases:
Manage a team of junior auditors (support, definition of mission objectives, evaluation);
Determine the scope of missions, priorities and schedule;
Conduct risk analyses to define the scope of the audit: these risk analyses are defined based on the results of permanent controls and previous audits, incidents and interviews with the auditees;
Define cybersecurity audit programs to assess compliance with current standards and regulations (NIST, EBA, ISO 27001, ISO 27035, etc.);
Define control procedures according to the risks identified during the diagnoses;
Analyze security controls and perform technical security tests (Ping Castle, Bloodhound, Flexera to identify unauthorized/obsolete applications, in particular);
Write a global diagnosis and submit it for validation to the supervisor and mission managers;
Write the audit report, conclusions and recommendations;
Debrief the investigations to the auditees (operational staff and COMEX members) and support the recommendations to the auditees, the supervisor, the audit managers, up to Top Management.

Audit missions carried out (8 missions in total covering 10 entities of the Crédit Agricole Group in France, Portugal, Switzerland and Germany):
Audit of a Group entity against the NIST Framework:
o Identification of threats and governance of information security (definition of an ISS score card/Dashboard, definition of security policies, identification and classification of critical assets, risk assessment, etc.);
o Asset protection: security training/awareness, asset hardening, DLP measures, etc.
o Threat detection and incident response: implementation of a SOC, definition of an incident handling process, etc.

Audit of two Group entities against the EBA guidelines on IT outsourcing:
o Definition of an outsourcing policy and strategy, identification of risks prior to outsourcing;
o Review of outsourcing contracts, management of service providers and performance of security audits;
o Verify the implementation of an exit / reversibility strategy.

Evaluation of the security of applications and websites for individual and professional accounts:
o vulnerability management, incident management, obsolescence management, securing domain names, test/acceptance procedure for new versions of developed applications).

Evaluation of cloud computing risk management arrangements for a Group entity:
o Audit of an IaaS cloud, audit of vulnerability management processes, audit of the tender process, etc.).

Audit of an IS security program for a Group entity:
o audit of 10 projects of the program (obsolescence management, data protection and DLP measures, audit of program management including budget monitoring, audit of backup measures and PCA testing, etc.).

Evaluation of the risk management system related to IT obsolescence for two Group entities (technical, application and hardware obsolescence):
o Evaluation of the obsolescence risk management framework: governance and committees;
o Securing obsolete assets;
o Process for allocating budgets to address obsolescence, monitoring of obsolescence treatment projects, in particular.

Audit of a service provider / manufacturer of banking ATMs for the Crédit Agricole Group and 5 other local banks:
o Project methodology for the development of banking ATM software (testing strategy, code review and pentest);
o Training and awareness of developers to the OWASP TOP 10;
o Reversibility / escrow agreement strategy, security assurance plan and business continuity plan, etc.

Monitoring of recommendations from previous audits and / or by the banking regulator (topics covered: overhaul of security policies, performance of tests of massive workstation unavailability scenarios, updating of Business Impact Analysis, performance of risk analyses for critical applications, etc.).

Other work:
Participation in the training of the DORA regulation led by an external firm (20 people in total: IT Supervisor, Mission Managers, Assistant Mission Managers, junior and senior inspectors). The training specifies in particular the description of the pillars of the DORA regulations, the new requirements including the notion of resilience, classification of incidents, etc.;
Definition of a DORA audit guide. This guide lists the technical, operational and organizational security measures required by the DORA regulation and also specifies the key questions, the points of investigation / audit by security measure.
Risk analysis NIST NIST CSF DORA BCP BCP/DRP DRP/BCP code audit Project management Vulnerability management SAAS IAAS Incident management Security incident management Project committees Steering committees Security policy Security awareness

Check out Manal's experience

Martin

Lacoste Operations HQ

Reviewed on 5/30/2024

Manal is very autonomous, she provides quality work, respecting the set deadlines. She is a valuable asset.

Be the first to recommend Manal

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Mastère Spécialisé en cybersécurité
Télécom Paris
2018
Diplôme d'ingénieur en réseaux et télécommunication
Ecole Nationale des Sciences Appliquées
2016

ISO 22301 Lead Auditor
PECB
2020
ISO 27001 Lead Implementer
PECB
2017

Manal's certifications are only visible to Malt Community members

Cybersecurity Expert

Manal Rhayate

Cybersecurity Consultant and Auditor

About Manal

Experience

Reviews

5.0

Quality

5.0

Deadline

5.0

Communication

5.0

Martin

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set (55)

Categories