Freelancer profile translated to English.

Description

I have over 25 years of experience in organizing and executing cyber defense missions, including penetration testing, Red Team, cyber investigation, and configuration and architecture reviews. I assist clients with various cybersecurity challenges, most often organizational and/or technical. As an expert Cybersecurity Consultant and Manager, I have led and executed client missions and various internal projects for several major companies.

Languages

French
Native or bilingual
English
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

ITGP-GROUPE BNP PARIBAS
Assistant CISO - Cybersecurity GRC Expert
BANKING AND INSURANCE
February 2025 - January 2026 (11 months)
Montreuil, France
- Risk Management and Analysis related to IT production.
- Perform risk analyses (EBIOS-RM methodology) on critical infrastructures and Cloud services.
- Assess Cyber risks and ensure their monitoring.
- Monitor partner risks.
- Manage exception requests submitted for CISO approval (access rights, bypass of security controls/measures, etc.).
- Governance & committee management: Prepare security committees with ITGP for a 10,000+ employee IT system.
- Vulnerability scan management: Manage Qualys scans, analyze, prioritize, and track fixes.
- Monitor ITGP group vulnerabilities/findings on BitSight.
- Process security derogation requests within the ITG Group.
- Pentests: Prepare specifications, coordinate service providers, review reports, and track remediation.
- Risk Management: Assess threats and risks to critical activities (BIA) within the ISP framework, develop mitigation plans.
- Security by Design: Participate in architecture reviews, define and validate security requirements according to ISO 27001.
ISO 27001 CISO
COMITEM – GROUPE ALAN ALLMAN ASSOCIATES
Cybersecurity Consultant Manager / GRC Expert
June 2023 - March 2024 (9 months)
Paris, France
As a Cybersecurity Manager, I assisted the Alan Allman group CISO in implementing their ISMS based on ISO 27001 and ISO 27002 standards:
• Contribution to the development of the ISSP and security charter of the Alan Allman group.
• Support for the Alan Allman group in complying with the ISO 27001 standard.
• Develop the ISMS governance policy and the ISMS scope document for the Alan Allman group.
• Audit of the overall hybrid architecture of the Alan Allman group and recommendations for its improvement by integrating an NDR solution.
• Lead workshops and cybersecurity awareness training sessions for the subsidiaries of the Alan Allman group.
• Development of Cybersecurity offerings.
• Management of cybersecurity consultants within COMITEM.
• Provide experience and expertise in project management for technical skill development.
Online Network Security
Senior Cybersecurity Consultant
DIGITAL AND IT
January 2007 - June 2023 (16 years and 5 months)
Tunis, Tunisia
• Internal and external penetration tests on various environments: websites, mobile applications (iOS and Android), Active Directory, Citrix, thick client applications.
• Organization of phishing campaigns to assess the awareness level of the client's employees.
• Physical penetration tests to assess physical security and difficulty of access to client premises.
• Evaluation of SOC effectiveness through RedTeam/BlueTeam exercises.
• Assessment of Microsoft infrastructure security (Active Directory, Exchange, etc.) against standards like CIS benchmarks and Microsoft guidelines.
Security Audit PenTest Risk Management Training integration