Freelancer profile translated to English.

Description

Holder of a PMP and an MBA, as a cybersecurity consultant, Mr. Mejdi Arfaoui has over thirteen (13) years of experience in information technology, including specifically seven (7) years as an application delivery project manager and six (6) years in banking cybersecurity project management.

During his time with various IT service companies, such as Capgemini, he acted as an expert Cybersecurity accompanying consultant, and actively participated in the delivery of various modernization/transformation projects for Dempton Group Conseil, La Poste, BNP Paribas Bank, AXA insurance, and Paris Airport.

Thus, over all these years, he has demonstrated a great mobilizing capacity and has brought together all stakeholders around common objectives. Demonstrating a strong interest in cybersecurity, his recent mandates have allowed him to commit to obtaining certifications leading to the title of ISO 27001 and ISO9001 auditor and integrator. Thus, since the fall of 2023, he holds the titles that allow him to bring even more skills and knowledge to his clients.

An engineer by training, he also holds a master's degree from the renowned École SUPINFO in Paris. Very technical, he quickly earns the respect of developers.

Always seeking to integrate value-creating methods and practices within his clients' project environments. Bilingual, he is a highly autonomous consultant, with a strong ability to synthesize, in addition to a good command of the insurance domain.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Italian
Basic
Arabic
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

La Caisse DESJARDINS
Information Security Management System Manager
November 2021 - Today (4 years and 7 months)
CONTEXT:
"DEMPTON group conseil", an international company of "DEMPTON technological solutions" engaged Mr. ARFAOUI as the SMSI Manager and Lead Implementer of ISO 27001. The mission assigned consists of ensuring the compliance of operations with security standards, particularly to meet the requirements of the client "La Caisse Desjardins".
RESPONSIBILITIES:
• Development and supervision of information security policies to ensure the protection of sensitive financial data.
• Implementation of security procedures and standards, as well as management of compliance with current regulations.
• Management of information security risk assessments and implementation of mitigation plans.
• Training and awareness of banking staff to ensure a strong security culture.
• Constant monitoring of the IT infrastructure, detection and management of security incidents.
• Management of internal and external audits to continuously maintain and improve information security within the bank.
ENVIRONMENT: Cybersecurity, IAM, SSO, CyberArK, Confluence, Jira, Encryption, Fraud sensitivity, ISO 9001, ISO 27001
RESULTS: Creation and implementation of a security policy, 40% reduction in recorded security incidents, Deployment of security training and awareness programs, Implementation of a Security Operations Center (SOC)
CIB BNP PARISBAS –
PM SAFETY & TRUST - APPLICATION SECURITY
June 2021 - July 2023 (2 years and 1 month)
France
CONTEXT:
In the context of applying compliance criteria, confidentiality, integrity, availability, and traceability of applications for the cybersecurity department of BNP Paribas' Corporate Investment Bank, Mr. Arfaoui acts as guarantor of application and data security. The cybersecurity service's activity covers several IT Owners and CISOs, across the following areas: Global Markets, Risk Markets, Global Banking, ALM Treasury, BP Security Services, etc. This represents over 20,000 applications for more than 50 countries. Risk and security management are key elements for clients, regulatory organizations, and senior management.
RESPONSIBILITIES:
• Ensure the integrity, confidentiality, and traceability of information.
• Validate application compliance and adherence to GDPR.
• Advise on authentication solutions to implement and assist in the creation of Risk-Cards.
• Assist in the setup and implementation of pentests.
• Ensure AppSec process compliance (Development, Security testing, Risk Assessment).
• Participation in various SteerCo meetings (Communication and roadmap monitoring).
ENVIRONMENT: Cybersecurity, IAM, SSO, CyberArK, Arcot, Siteminder, Qualys, Jira, APM, Encryption, GSF, Fraud sensitivity, WAF, SCA
AXA GO
Infrastructure Cybersecurity Project Manager
May 2019 - May 2021 (2 years)
France
CONTEXT:
In the context of infrastructure modernization, multiple migrations are initiated. Mr. Arfaoui is involved in managing 12 projects related to the migration of critical business applications, such as: MARKIT, RHEA, NEREE, NOTUS, Clymène, IFRS17, Algo, Harp, Remetrica, RMS, ESG, eframe/Agrregator, etc. Furthermore, Mr. Arfaoui is responsible for data security and acts as an expert cybersecurity referent for auditors and pentesters.
RESPONSIBILITIES:
• Manage teams (12 teams of 10 people) responsible for securing platforms and applications (GDPR, MTSB, Queen Jewelry, vulnerabilities & obsolescence);
• Prepare and participate in committees: Project steering, internal audits, information security, risk management, training, performance indicator monitoring, management reviews;
• Develop risk analysis, impacts, and related strategies, considering various factors to reduce project risk level;
• Identify and define the scope of projects for the implementation and decommissioning of infrastructure environments;
• Identify and define the scope of projects and control projects for platform migrations and updates (Redhat, SQL, MS Office);
• Ensure the renewal of certifications for obsolete environments (Run & Build).
ENVIRONMENT: SUNRISE, SILVA, CONFLUENCE, JIRA, SCALA, VM, CITRIX, CLOUD, QUALYS.
RESULTS: 3/3 upgrade projects successful, 100% compliance for IFC, QMF, GDPR & Queen Jewelry. 80% of pentests remediated and 20% in RAP (Remediation Acceptance Plan).