Freelancer profile translated to English.

Description

Senior cybersecurity consultant, specializing in governance, risk & compliance (ISO 27001, ISO 27005, NIS2, GDPR, LPM).

I work with organizations to integrate cybersecurity into their business projects and application solutions, particularly in HR, CMMS, ERP, and industrial environments. This includes compliance, risk assessment, and system security reinforcement.

My activities notably cover:

✔ Integrating security into business and application projects

✔ Implementing security assurance and business continuity plans (BCP/DRP)

✔ Risk and data assessment and governance

✔ Audits and risk assessments according to ISO 27001 and EBIOS RM

I also support organizations in third-party management:

✔ Supplier qualification and assessment

✔ Implementation of frameworks and audit questionnaires

✔ Risk analysis related to supplier dependencies

I have worked in various sectors (transport, energy, insurance, industry, and services), integrating cybersecurity into diverse solutions: HR, CMMS, ERP (CEGID), telecoms, and industrial environments.

Certifications:

✔ ISO 27001 Lead Implementer

✔ ISO 27005 – Risk Manager

✔ EBIOS RM

✔ DPO - GDPR

✔ ISO 27701

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km), Lille (up to 10km)

CyberAct
Cyber GRC Consultant & Owner
CONSULTING AND AUDITS
January 2025 - Today (1 year and 5 months)
Paris, France
Expertise:
IT & cybersecurity projects, risk management, compliance (ISO 27001, NIS2, GDPR), EBIOS RM, third-party management.

IS Management Platform:
CyberAct Platform: IS Management • Project Risk Analysis (EBIOS RM) · TPRM · RFP · Organizational ISO Audit ▸Referentials : ISO 27001, NIS2, DORA, GDPR, AI Act, HDS, OWASP LLM Top 10, ReCyF ANSSI… ▸Embedded AI (local LLM in reverse proxy), CISO workflow with GO / GOC / NO GO decisions, PDF, Word, and PowerPoint exports, MFA enabled and SSO. ▸Multi-tenant solution with role-based access control (RBAC) and perimeter portfolio management. ▸Target: VSE/SME/Large Enterprise
Project Management NIS2 Artificial Intelligence Cybersecurity Governance Cybersecurity Awareness
Keolis SA
Cybersecurity Consultant - GRC - NIS2
TRANSPORTATION
January 2023 - Today (3 years and 5 months)
Paris, France
Managed project risks for a portfolio of 50 projects per year across 33 subsidiaries, coordinating Cyber Defense, SecOps, Legal, and Business teams.
Led ISO 27001 good practice audits for subsidiaries.
Managed third-party risks (TPRM) for over 206 suppliers: end-to-end qualification, assessment, and monitoring.
Prepared 5 (EE/EI) entities for NIS2 compliance, implementing a dashboard to track 152 maturity controls.
Implemented EBIOS RM approaches, integrated security into artificial intelligence projects (AI Act), and reported to the executive committee.
Led the cybersecurity function, including program management and the preparation and facilitation of Group Cyber committees.
Cybersecurity awareness: prepared materials, organized training sessions, and monitored action plans.
Conducted phishing campaigns: preparation, targeting, whitelisting, launch, results monitoring, and reporting to the Executive Committee.
Cybersecurity Artificial Intelligence Cybersecurity Project Management Cybersecurity Training Project Management
DEVOTEAM
Career Manager - Senior Cybersecurity GRC
DIGITAL AND IT
January 2022 - January 2025 (3 years)
Paris, France
Lead author of the 1st NIS2 White Paper for Devoteam
Implementation of project risk analysis tools (ISP & Privacy by Design)
Career manager for consultants: Onboarding, interview preparation, client follow-up, performance reviews.
Client missions autonomously: supporting CAC40 / Energy / Industry clients.
NIS2 Risk Analysis Cybersecurity Project Management Penitentiary Sector ISO 27001