Mario Z.

Responsible for piloting the local cybersecurity strategy in alignment with global standards (NIST, ISO 2700X).

Main objectives: risk management, business continuity (DRP), compliance, and strengthening the security posture.

1. Security operations:

Implementation and updating of global strategies adapted to local threats.

Compliance with internal/external policies and monitoring of security audits.

Development of action plans to correct risks and non-conformities.

Incident and vulnerability management.

2. Security awareness:

Conducting cybersecurity training campaigns, adapted to the local context.

Management and training of personnel dedicated to cybersecurity.

3. Security strategy:

Identification and recommendation of measures to prevent risks.

Collaboration with regional teams to develop controls and processes that strengthen security.

4. Process control:

Coordination of security incidents and self-assessments of controls.

Monitoring of service performance (patches, antivirus, backups).

Participation in the development and deployment of security standards and procedures.

5. Change management (CAB):

Supervision of technological and organizational impacts related to security.

Validation of changes via the Change Advisory Boards (CAB).

Verification of the compliance of changes with security standards and regulations.

Expert in governance, compliance and security operations, I have led strategic and operational initiatives to strengthen the cybersecurity posture of large organizations, including SwissLife and OpCo France (HEINEKEN). My role consisted of aligning local practices with international standards (ISO 2700X, NIST) and ensuring regulatory compliance, while developing resilience and awareness strategies.

Main areas of responsibility:

1. Governance and compliance:

Implementation and monitoring of security policies (ISO 2700X) to ensure their compliance in projects.

Definition of standards and animation of security committees (COMSEC) to pilot indicators and SSI advances.

Collaboration with the CISO to supervise compliance processes and ensure alignment of policies with regulations.

2. Operational security:

Piloting risk analyses and integrating security into projects (ISP).

Supervision of intrusion tests and vulnerability scans, with proactive management of remediation plans.

Monitoring of access controls (periodic reviews of authorizations) and coordination of security indicators.

3. System resilience (PCI/PCA):

Organization and piloting of annual business continuity and recovery tests to ensure the resilience of critical systems.

Evaluation of the effectiveness of processes and coordination of stakeholders.

4. Awareness and training:

Design and management of awareness programs adapted to the levels of the organization, including campaigns and phishing exercises.

Training and support of teams to strengthen the cybersecurity culture.

5. Security referent role:

Strategic interface between governance and operations, ensuring the coordination of security policies and initiatives.

Strengthening the overall security posture in response to emerging threats.

Expert in cybersecurity and identity and access management (IAM), I have led strategic projects within the CISO team to strengthen the security of information systems and optimize IAM governance, in compliance with group requirements.

Main areas of responsibility:

1. Project security:

Qualification of projects requiring cybersecurity support, with an approach focused on risk reduction.

Conducting risk analyses (MESARI tool), identifying residual risks and implementing adapted security plans.

Supervision of intrusion tests (black and gray box) and piloting of remediation plans to strengthen the security posture.

Definition of strategic measures to be integrated into critical projects to meet the group's governance requirements.

2. Identity and access management (IAM):

Development of IAM strategic plans, including the identification of critical applications and the integration of business and hierarchical authorization review processes.

Implementation of recommendations from internal audits (IGL) with rigorous monitoring of results.

Technical environment: use of BrainWave for IAM management and control.

3. Continuous improvement and IAM governance:

Strengthening the management processes of roles, profiles and associated rights for better access control.

Optimization of the deactivation times of rights in case of departure or mobility, with structured processes for derogations.

Supervision of password policies and coverage of critical applications in control tools.

4. Periodic reviews of authorizations:

Coordination of regular reviews of business and hierarchical authorizations to ensure compliance and minimize the risk of unauthorized access.