You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Mumin GuvendiMG

Mumin Guvendi

GRC Cybersecurity Consultant

€556/day
Paris, FR
3-7 years
Cybersecurity
ISO 27001
ISO27005
Data Governance
EBIOS RM

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Mumin

🔐 GRC Consultant | Certified ISO 27001 / ISO 27005 | EGERIE Risk Manager V4

Specialist in cybersecurity risk management, I support companies in steering their GRC & Awareness strategy: risk analysis (EBIOS / ISO 27005), ISMS audit (ISO 27001), regulatory compliance, and tooling via the EGERIE platform.

🎯 Audit, consulting, awareness & cyber-risk management.
Banking and Financial Services
Retail (Small Business)
Consulting and Audits
Digital and IT Services
Telecommunications

  • French

    Native or bilingual

  • English

    Fluent

  • Turkish

    Native or bilingual

Can work on-site
Paris (up to 50km)

Experience

  • SQUAD Conseil et Expertises
    Cyber Security Consultant
    BANKING AND INSURANCE
    May 2023 - December 2025 (2 years and 7 months)
    Paris, France
    🛡️ Cyber Project Manager – Security Control (FDJ)

    📌 Access Security & Compliance (FDJ)
    • Analysis of SSH key gaps to identify vulnerabilities related to remote access.
    • Assessment of supplier cybersecurity maturity within the TPRM program.
    • Management of access review tool deployment (directories, O365, critical apps), in project coordination and daily operations (run).
    • Facilitation of user training sessions (500–700 people) on security review tools.
    • Analysis and validation of access requests for critical systems and sensitive applications.
    • Conducted ISO 27001 reviews to ensure compliance with security best practices.

    🛡️ CISO Consultant (BNP Paribas ITGP)

    📌 Governance & Security Management (BNP Paribas ITGP)
    • Monthly organization of Cyber Security Committees (preparation, facilitation, follow-up).
    • Collection and analysis of security KPIs (vulnerabilities, patching, PAM, logs, AV), with reporting to subsidiary CISOs.
    • Design of materials, writing of auditable minutes, and follow-up of action plans.
    • Optimization of the global security dashboard and formalization of associated materials.
    • Remediation of residual vulnerabilities on workstations and writing of a lessons learned report to improve the treatment process.
    • Creation and facilitation of a security committee dedicated to Active Directory, to enhance privilege management.

    📌 Environments: ISO 27001, O365, SharePoint, PowerBI, PowerPoint, Excel, Tanium, Qualys, RedHat, Windows, MacOS
    ISO 27001 ISO27005
  • FORMIND
    Cyber Security Consultant
    RAW MATERIALS INDUSTRY
    June 2022 - May 2023 (11 months)
    Paris, France
    🔐 Deputy CISO – Cybersecurity Awareness & Compliance (Nexans / Formind)

    📌 Main missions:

    📣 Cybersecurity Awareness & Culture
    • Definition of the cybersecurity roadmap and coordination of key actions (phishing, training, communication).
    • Design of internal phishing campaigns to test vigilance and raise awareness of risks.
    • Organization of training, dissemination of targeted communications, and facilitation of a cross-functional awareness program.
    • Development and facilitation of a rapid crisis management exercise to test organizational resilience.

    📊 Governance & Management
    • Monitoring of training & awareness KPIs, with weekly reporting to Group Cybersecurity Management.
    • Writing of summaries on cyber incidents for top management.
    • Administration of meeting materials for structured and effective monitoring of security activities.
    • Risk analysis on internal projects (ISP) and recommendations for remediation to ensure security compliance.

    📌 Internal missions for Formind:

    📑 Development of the ISMS (ISO 27001) offering
    • Creation of training and sales presentation materials to promote the compliance offering and train teams.
    • Contribution to structuring the internal ISMS approach.

    📚 Cybersecurity Watch & Strategy
    • Strategic watch on academic research in cybersecurity (PhDs/theses) for positioning purposes.
    • Writing cybersecurity content for social media to promote employer branding and the firm's expertise.

    📌 Environment: NIST, ISO 27001, Awareness Platforms (phishing, LMS), Crisis Management Tools, M365, PowerPoint, SharePoint, LinkedIn
    Cybersecurity ISO 27001
  • Orange
    Cyber Security Project Manager
    TELECOMMUNICATIONS
    September 2019 - June 2022 (2 years and 9 months)
    Paris, France
    🔐 Cyber Security Project Manager – Data Governance & Sovereign Cloud

    📌 Main achievements:

    🧪 Data Governance PoC (GDPR context):
    • Definition of objectives, evaluation criteria, and test scenarios to compare different solutions.
    • Coordination of tests, supplier visits, structured benchmarking, estimated ROI, and reporting to governance bodies (DSEC, DPO, etc.).

    ☁️ Implementation of a Sovereign Collaborative Cloud (LPM context):
    • Replacement of a collaborative suite for sensitive data processing.
    • Writing of specifications, project scoping (RACI, kick-off), definition of technical prerequisites.
    • Launch of partnerships, external security audit, user support, operations management.
    • Training, guide writing, integration of a real-time collaboration module.

    📤 Emergency replacement of a file transfer solution (30,000+ users):
    • Requirements gathering, web client development, transition to a new domain, CGU, user guides.
    • Change management support, gradual ramp-up, support and platform management.

    🔐 Implementation of an SFTP solution for business teams:
    • Needs analysis, specification writing, development of a thick client for large transfers, documentation.

    🧼 Refurbishment of a USB device cleaning system:
    • Log backup, license acquisition with integrated connectivity, reconfiguration, supervised restart.

    📹 Pre-production of a secure video conferencing solution:
    • Instance creation, configuration, hardening, installation, and technical documentation.

    📌 Cross-functional missions:
    • PKI representative, awareness workshops (Keepass, privacy), enrollment booths, contribution to a national publication on digital sovereignty.
    Data Governance Cybersecurity ISO 27001
Check out Mumin's experience

Recommendations

Be the first to recommend Mumin

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master's Degree in Management and Consulting in Information Systems, Computer Science
    ESGI
    2021
    Mastère Management et Conseil en Systèmes d'Information, Informatique
  • Public Speaking Training
    Cours Florent
    2019
    Formation de Prise de Parole en Public
Check out Mumin's education

Certifications

  • ISO 27001
    LSTI
    2024
    ISO 27005 ISO 27002 ISO 27001 ISO 27001 Lead Auditor
  • ISO 27005
    PECB
    2024
    ISO 27005 EBIOS RM MEHARI

Skill set

GRC (Governance, Risk and Compliance)
Security Awareness Training
Risk and Vulnerability Assessment
Least Privilege Principles
Cybersecurity Incident Management
Data Privacy (GDPR, CCPA)
Change and Transformation Management
Workshops Facilitation

Categories