Freelancer profile translated to English.

Description

Cybersecurity consultant specializing in Governance, Risk, and Compliance (GRC), I support organizations in analyzing and managing cyber risks, as well as in their regulatory compliance.

I particularly focus on risk analysis using the EBIOS RM method, structuring security approaches, and supporting ISO 27001 certification (compliance, audits, action plan monitoring).

Sensitive to European regulatory challenges, I also assist organizations in anticipating and understanding the requirements related to NIS 2 and the AI Act, translating regulatory texts into concrete and operational actions.

In addition, I conduct awareness and training activities to involve teams and sustainably strengthen security culture. Rigorous, pedagogical, and results-oriented, I bring a pragmatic approach adapted to business needs.

Languages

English
Fluent
Spanish
Fluent
French
Native or bilingual

Workplace preferences

Can work on-site

Rennes (up to 50km)

IDEMIA
Governance, Risk, and Compliance Analyst
SOFTWARE PUBLISHING
October 2023 - September 2025 (1 year and 11 months)
Courbevoie, France
Risk Management & Governance: Risk mapping and analysis (EBIOS RM, ISO 27005), definition and monitoring of compliance action plans, updating and improving security policies and procedures.
ISO 27001 Certification & Compliance: Support for ISO 27001 certification and renewal, participation in audits and risk assessments, compliance with ISO 27001:2022 requirements, monitoring of deviations and remediation actions.
Application Security & DevSecOps: Identification and remediation of vulnerabilities in code and dependencies (SAST, SCA, CVE, CVSS), assessment of risks related to third-party components, prioritization of vulnerabilities and tracking of fixes in collaboration with DevSecOps teams, system hardening through best practices (CIS-CAT, security benchmarks).
Monitoring & Continuous Improvement: Tracking of regulatory changes and new cyber threats, development and implementation of remediation plans, proactive management of compliance deviations.
ISO 27001 Risk Management EBIOS RM Audit Governance
Klesia
Cybersecurity Expert
BANKING AND INSURANCE
January 2023 - September 2023 (8 months)
Paris, France
Identity & Access Management: IAM, MFA, and privileged access management.
Governance: Development and updating of security policies and procedures.
Security by Design: Integration of security principles into projects.
Pentesting & Remediation: Implementation and supervision of penetration tests, tracking of corrective actions.
Awareness: Training teams on security best practices.
security-awareness-training Security by design Identity Management