Freelancer profile translated to English.
Back to original languageAbout Mehdi
Cybersecurity & AI Expert | Governance · Compliance · Use Case Deployment
For over 15 years, I have been working with demanding organizations — Airbus Protect, Euroclear, BNP Paribas, Pierre & Vacances, Yazaki — to structure their IT security and manage their regulatory compliance. More recently, I have also been assisting my clients in their transformation through AI.
Cybersecurity & GRC — IS security plans, risk governance, ISO 27001 / DORA / NIS2 / GDPR compliance, audit management. Recently: ISO 27001:2022 certification obtained for a multi-country SOC (France, Germany, UK) and DORA roadmaps managed for international groups.
Artificial Intelligence — AI charter drafting, business use case identification, tool evaluation and selection, secure deployment with ethical safeguards, team training, AI Act alignment. A concrete approach, from scoping to production.
What my clients appreciate: the ability to communicate with both the executive committee and technical teams, and a cross-functional understanding of regulatory and technological challenges.
Certifications: C|CISO · ISO 27001 Lead Auditor · CIPP/E
Available to discuss your cybersecurity challenges or AI projects.
French
Native or bilingual
German
Native or bilingual
English
Fluent
Can work on-site
Marseille (up to 50km), Paris (up to 10km)
Experience
- TehtrisCISO (CHIEF INFORMATION SECURITY OFFICER)SOFTWARE PUBLISHINGFebruary 2026 - Today (4 months)Bordeaux, FranceExpert in cybersecurity governance, European regulatory compliance, and securing complex technological environments (SaaS, SOC, cyber products).1) Compliance & Regulatory Leadership
- Management of NIS 2 Directive compliance
- Cyber Resilience Act compliance (2027 readiness)
- Implementation & maintenance of ISO/IEC 27001 ISMS
- Regulatory gap assessment & strategic roadmap
- Risk management
- Liaison with authorities, auditors, investors
Close coordination with the DPO for GDPR alignment on NIS2 & CRA aspects (security vs. data protection).2) AI Security & Emerging Risks- Governance of AI-integrated systems
- AI Risk Assessment & AI Threat Modeling
- Model security (ML / LLM)
- Integration of security requirements in DevSecOps cycles
- Secure by Design / Secure by Default
3) Security Operations & Strategy- Definition of group cybersecurity strategy
- Major incident management & crisis coordination
- Deployment of technical & organizational controls
- Executive & technical team security awareness
- Structuring security KPIs & reporting
- ID LOGISTICSCybersecurity Governance ManagerLOGISTICS AND SUPPLY CHAINAugust 2025 - January 2026 (5 months)Marseille, FranceMain responsibilities:1) Ensure the maintenance and review of the documentation corpus.2) Conduct ongoing and/or periodic controls on the ISMS.3) Define recommendations to mitigate risks arising from non-compliance. • Ensure action plan follow-up.4) Collaborate with IT departments across all countries to implement recommendations.5) Participate in IT security awareness initiatives.6) Produce dashboards on security and compliance levels.7) Evaluate the compliance of the ISMS with ISO/IEC 27001:2022 in preparation for certification/recertification audits.8) Prepare security committees and management reviews.9) Lead the Governance network in coordination with all countries of the Group.10) Participate in security risk analyses (EBIOS RM).11) Assess the compliance of PARTNERS with internal policies, standards, and current laws.12) Respond to security questionnaires (renewal and tenders) from Group Clients.13) Lead annual tabletop crisis management exercises.
- Airbus protectISO 27001:2022 Project ManagerAVIATION AND AEROSPACEApril 2025 - September 2025 (5 months)Toulouse, FranceActive participation in structuring the Information Security Management System (ISMS) for a SOC operating in several European countries (France, Germany, UK), in compliance with ISO/IEC 27001:2022.
- Conducted a comprehensive internal audit including documentation analysis, team interviews, and site visits.
- Authored the audit report structured by ISO clauses and Annex A, including a summary of gaps, recommendations, and an action plan.
- Led awareness sessions for top management.
- Contributed to stakeholder mapping and the formalization of security policies.
Reviews
Recommendations
Be the first to recommend Mehdi
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Engineering DegreeEcole d’Ingénieurs Littoral Côte d’Opale (EILCO)2009
- PhD in CybersecurityFernUni Hagen (Germany)Détection et limitation des fuites de donnés via les canaux cachés.
Certifications
- Certified Information Privacy Professional/Europe (CIPP/E)BSI2018
- Certified Chief Information Security Officer (C|CISO)TSHUKUDU TECHNOLOGY COLLEGE BV (TSTC)2017
Skill set
Categories
- Other