Marvin Tchoula Njia

Assistance to 2 CISOs:

- Group

- UMG

Within the DFR, I hold 2 positions in 1: Group Deputy CISO and UMG Deputy CISO

Missions:

- IS Security Governance

- Definition and management of the 2024 IS Security roadmap (awareness, IAM, BCP)

- Definition and feeding of security indicators (KPI and KRI)

- CISO Committee facilitation

- Management of internal audit recommendations

- Management of operational security and IS security incident management

- Management of awareness and phishing campaigns

- Implementation of RFPs and bidder evaluation (CTI, IAM, awareness tool, EBIOS RM...)

- Implementation of the documentation corpus (PSSI, Incident Management Policies, ...) for DORA compliance

- Implementation and management of the authorization review campaign (Manual Review)

- Management of cyber insurance renewal

- Participation in cyber crisis and resilience exercises (UMG, Group BCP Test)

- Follow-up of Bug Bounty remediation

- Implementation of Application and Third-Party Classification

- definition of the third-party evaluation process for DORA compliance

- Business Support (integration of IS security in projects)

- Definition of an IS Security-GDPR questionnaire for DORA compliance

- Management, monitoring, and evaluation of service providers (Risk Analysis, Security in contracts, PAS, etc.)

Security support in projects with cross-functional, purchasing, legal, risk, and compliance teams:

- Risk analyses

- Contractual analysis (including from an RGPD perspective)

- Technical recommendations (architecture, solution to implement.)

- Third-party maturity assessment

- Contractual recommendations (clauses, PAS)

Within the DSSI, the objective of this mission, as a security referent in IT for IT or Business IT trains, is to support the IT department and businesses in integrating Security by Design principles.

Missions: Integration of security in projects

- Control of outsourced service providers (IS Security requirements in contracts, review of interface contracts and PAS, ISO 27001 compliance)

- Security criteria and requirements in RFPs (CDS selection, ...)

- Drafting and review of thematic policies (authorization policy, ...) compliant with ISO 27001

- Identify cyber risks and define IS Security features in agile projects

- Integrate and track IS Security Features in the backlogs of different Teams

- Define security User stories (Threat modeling + Acceptance criteria)

Other Missions:

- Mission 1: Business Risk Management Process

- Define and implement the process (principle, committee, ..)

- Draft the BRM policy

- Dashboarding and Reporting to the security committee

- Mission 2: Exception Management Process

- Define and implement the exception process

- Implement a non-compliance tracking tool (Exception / Risk Acceptance)

- Automate alerting and follow-up workflows

- Dashboarding and Reporting to the authorization and exception committee.

- Mission 3: IAM

- Express IS Security needs for an IAM solution

- Define and implement IAM governance (RACI, Governance Committee, ...)

- IS Security framework for technical audit services (Shadow IT, 802.1 X, ..)

- Draft security policies (AIP email confidentiality, CIAM password, ...)

- Define security needs/criteria in the selection of IT department tools (Firewall, MDM, ...)

Tools and technologies: SAFE agile methodology, JIRA, Confluence, Sharepoint, Word, Excel, Powerpoint