You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Nandy S.NS

Nandy S.

GRC/ISSO/DORA/NIST Cybersecurity Consultant

€1,000/day
Paris, FR
8-15 years
ISSO
GRC
GDPR
ISO 27001
ISO 27005

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Nandy

Nandy is a professional with 10+ years of experience in various areas of Cybersecurity: cyber governance & strategy, risk management & assessment, and regulatory compliance management for critical assets. She has contributed to the management and execution of various digital and industrial Cybersecurity projects (specification of secure by design solutions, implementation of cyber-surveillance solutions with SIEM technologies and SOC project management, audit and crisis management, data privacy, etc.).
She graduated from the first class of engineers specializing in cyber defense from ENSIBS in Vannes (Brittany).
She has obtained 2 Harvard Manage Mentor certificates in marketing and budgeting. She defines herself as a lifelong learner, and she is pursuing two other modules on finance and negotiation to perfect her skills in mastering the fundamental principles of business.

Human, open-minded, entrepreneurial, and proactive, she is motivated to join your team, share her passion and motivation with you to build a safer and more innovative digital world together.

  • English

    Fluent

  • French

    Native or bilingual

Remote only
Primarily works remotely

Experience

  • Orange Business Services
    Network Infrastructure Security Engineer
    DIGITAL AND IT
    September 2013 - September 2016 (3 years)
    Rennes, France
    - EBIOS 2010 cybersecurity risk analysis
    - Vulnerability management on network equipment
    - SOC project management
    - Development of a methodology for monitoring network and security equipment (international framework) and definition of a cyber incident detection strategy
    - Cybersecurity crisis management
    - Management of business compliance with the Group ISSP (based on ISO 27001/27002)
    - Managerial and technical reporting
    - Contribution to the animation of the risk analysis steering committee
    SIEM/SOC ISSP Risk analysis EBIOS 2010 Crisis management Technical project management Project management French / English report writing
  • EDF
    R&D Engineer in cybersecurity
    ENERGY AND UTILITIES
    November 2016 - August 2019 (2 years and 10 months)
    Paris, France
    - Design of secure by design services / solutions (smart grid context)
    - SOC / SIEM monitoring for industrial systems (definition of adapted architecture and implementation of a methodology and strategy for logging and detecting industrial cyber incidents)
    - Support in regulatory compliance (ISA/IEC 62443, LPM)
    - Support in the cybersecurity risk management approach (business supervision, definition of cyber needs of industrial businesses and performance of risk analysis based on ISO 27005 and EBIOS 2010)
    - Contribution to the management of the development of a risk analysis tool adapted to the realities of the industrial field
    - Development of a cyber risk analysis method adapted to the nuclear context
    Military Planning Law ISSO Risk analysis methods SOC / SIEM monitoring Management / Project management ISA /IEC 62443
  • Thales
    Cybersecurity Consultant (Governance / Risk / Compliance / Cybersecurity Policy & Strategy)
    AVIATION AND AEROSPACE
    September 2019 - Today (6 years and 9 months)
    Supporting clients (various sectors of activity) in their GRC activities
    - Definition / Update of Information System Security Policy (ISSP) based on ISO 27002 and internal client repositories
    - Support of the ISSO team in GRC projects
    - Implementation of a "Secure by Design" project management process for IT and industrial businesses
    - Regulatory compliance (sectoral according to the client's field of activity, data privacy)
    - Risk management (risk analysis methodology and tools)
    - Support in defining cyber strategy
    - Definition of technological and commercial offers (Cloud Organizational Audit, Physical Security Audit, cybersecurity support and consulting services, accreditation and LPM compliance)
    - Managerial and technical reporting
    - Establishment and contribution to the reporting of cyber KPIs (indicators) to management / COMEX for strategic decision-making
    - Supporting the client in the automotive sector in its compliance with the ISO/ SAE 21434 standard
    - Management of EBIOS RM risk analyzes for various industrial clients and managerial reporting to their ISSOs
    ISSP ISSO ISO 27001 ISO27005 GDPR Corporate strategy EBIOS RM ANSSI Guides

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • CISSP
    HS2
  • CISM
    HS2
Check out Nandy's education

Certifications

  • ISO 27001 Lead implementer
    LSTI
    2018
  • ISO 27005 Risk manager
    LSTI
    2018

Skill set

Risk analysis
Project management
ISMS
DPO
Cyber compliance
NIST
Cyber strategy
Military Planning Law
ISA/IEC 62443
Technical project management
ISSP
Cybersecurity crisis management
SOC / SIEM project management
Cybersecurity Accreditation
gdpr
industry 4.0
SIEM/SOC
EBIOS 2010
Crisis management
French / English report writing
Risk analysis methods
SOC / SIEM monitoring
Management / Project management
ISA /IEC 62443
ISO27005
Corporate strategy
EBIOS RM
ANSSI Guides

Categories