You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Mustapha BaddouMB

Mustapha Baddou

Senior Cybersecurity Consultant / Deputy CISO

€700/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Mustapha

Passionate about Cybersecurity, my experiences have allowed me to acquire a dual technical and functional expertise as well as a transversal view of Information Security.
I have notably contributed to the success of major group-wide programs, which has strengthened my ability to manage and coordinate a diversity of complex topics simultaneously.

Currently an Information Security consultant, I work on various topics, with a strong capacity for adaptation and rapid learning.

My areas of intervention include:
• IS Security Governance & Cybersecurity Project Management (IS Security Risk Mapping, Steering Committee, Risk Monitoring).
• Audit (Organizational, Technical, Penetration Testing, General Inspectorate Audit).
• Cyber Risk Management (IS Security Risk Mapping, Risk Analysis, Implementation of Treatment Plans).
• Cybersecurity Incident Management and Response (Incident Response, Post-mortem, Continuous Improvement).
• Cybersecurity Architecture (Design and Validation).
• Support for Project Ownership (AMOA) and Project Management (MOE).
• Cybersecurity Consulting and Expertise (Risk Analysis, Cybersecurity Policies and Procedures, Cybersecurity Approval, Awareness and Training).
• Application Security (DAT, Functional Architecture Security Analysis).
• Regulatory Compliance (GDPR, DORA, LPM, etc.).
• Level 2 Permanent Control (PSSI-G, LPM, Logical Access Control).

I am also certified ISO 27005 Risk Manager and ISO 27001 Lead Implementer, attesting to my expertise in Cybersecurity and risk management.

I would be happy to put this versatility and expertise to work for the success of your projects.
  • English

    Fluent

  • French

    Native or bilingual

  • Arabic

    Native or bilingual

Can work on-site
Paris (up to 50km), Lille (up to 30km)

Experience

  • BPCE
    CISO / C-TRM
    BANKING AND INSURANCE
    June 2024 - Today (2 years and 2 months)
    Paris, France
    —> Definition and deployment of the TRM (Technology Risk & Management) program for all BPCE SA entities (~30 entities) - Group's Cyber and IT risk management model
    —> Facilitation of committees and coordination: Preparation and facilitation of security steering meetings
    —> IS Security Policy: Derivation of the security policy, definition of needs, and implementation of appropriate procedures.
    —> Risk and Incident Analysis: Identification of threats, impact assessment, and proposal of corrective solutions.
    —> Risk Mapping: Updating, dissemination, and monitoring of IS risk mapping, presentation of risk maps to BPCE SA's CDG-1
    —> Project Support: Integration of security requirements into new projects and products.
    —> Cyber Crisis and Alert Management: RITM monitoring and resolution of security incidents.
    —> Consulting and Awareness: Training and support for employees and managers on cybersecurity issues.
    —> Controls and Audits: Development of control plans and participation in IS security audits,
    Cybersecurity Project Management Crisis Management C-TRM Deputy CISO Risk Mapping
  • CGI Finance
    Project Manager in IS Cybersecurity
    AUTOMOBILE
    April 2023 - September 2024 (1 year and 5 months)
    Lille, France
    —> Management of cybersecurity projects (administration bastion, network segmentation, log centralization, Azure Cloud security).
    —> Deployment of protection solutions (OME for email encryption, DLP for data leak prevention)
    —> Management of security incidents (phishing, malware, intrusions) and coordination of remediation plans.
    —> Analysis of technical and business risks (ASA, ARA, flows, application projects, user needs).
    —> Evaluation of application security (review, testing, compliance) and GDPR support.
    —> Contribution to security qualification/validation activities for applications and monitoring/remediation of vulnerabilities on the Azure environment and critical applications.
    —> Participation in the NIST-based monitoring program (control, audit, and compliance)
    —> User awareness and regular reporting to the CISO,
    Deputy CISO IT Program and Project Management GRC Security Audit Cybersecurity Awareness
  • France TV
    IS Cybersecurity Consultant
    PUBLIC SECTOR
    January 2023 - April 2024 (1 year and 3 months)
    Paris, France
    —> Integration of security into projects (ISP) for France Télévisions.
    —> CISO support (incident management, access requests, IS security committee…)
    —> Security support for all projects (IT Department, Digital, Media Factory, CDE).
    —> Drafting security requirements in projects according to security needs
    —> Integration of security into contracts with technical or business suppliers
    —> Analysis and evaluation of proposals from technical or business suppliers.
    —> Security analysis of SaaS/non-SaaS applications (EBIOS RM).
    —> Management and monitoring of an LPM security approval mission (audiovisual sector: Broadcasting and Exchange Center)
    —> Identification and monitoring of operational committees, budget management
    —>Detailed requirements related to LPM rules
    Validation of the technical solutions' compliance, security analysis according to needs,
    CISO GRC ISP Operational Security IT Vendor and Procurement Management

Recommendations

Be the first to recommend Mustapha

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • DUT Electrical Engineering and Industrial Computing (GEII)
    IUT de Valenciennes
    2014
  • General Bachelor's Degree in Engineering Sciences (SPI)
    Ecole Polytechnique de Valenciennes
    2015

Certifications

  • ISO 27005 Risk Manager
    PECB
    2019
  • ISO 27001 Lead Implementer
    PECB
    2020

Skill set

Categories

  • Other