About Nathan
French
Native or bilingual
English
Fluent
Experience
- KeringCybersecurity Governance & Risk OfficerLUXURY GOODSMarch 2025 - Today (1 year and 5 months)Paris, France
- Updated and structured security policies: contributed to the evolution of the Global Information Security Policy and associated operational policies.
- Alignment with cybersecurity frameworks and standards: ISO/IEC 27001:2022, NIST CSF, Secure Controls Framework, as well as the Group's internal requirements.
- Cybersecurity risk management: formalized risks, drafted risk letters, structured the risk register, and defined treatment plans.
- Security control mapping: mapped policies, control objectives, operational controls, expected evidence, and monitoring indicators.
- Improved cybersecurity documentation: defined the documentary hierarchy between policies, standards, procedures, and operational instructions.
- Support for compliance and audits: prepared evidence, justified control applicability, and contributed to continuous improvement.
- Structured cybersecurity dashboards: defined KPIs/KRIs for operational and strategic steering of cyber activities.
- Stakeholder support: collaborated with IT, security, risk, compliance, and business teams to make cybersecurity requirements understandable and actionable.
This mission was part of an international context, with a strong focus on harmonizing cybersecurity practices, tracing risk decisions, and steering security maturity across the Group. - BNP-ParibasIT and Cyber Risk EngineerBANKING AND INSURANCENovember 2020 - February 2025 (4 years and 3 months)Montreuil, France*Cyber and physical security incident management (in data centers and on-site)Incident response manager for France, Belgium, and Italy | Direct management with BNP Group CSIRT | Reporting and KPI monitoring in security committees for the CEO and CISO | Creation of the incident response process and procedures | Data Leak Prevention management.*Implementation of a hierarchical documentation framework for cybersecurityDrafting security policies and procedures | Identification and centralization of applicable standards and norms for BP²I (NIST CSF / ISO 27 001 / DORA / Internal Controls).*Management of internal and external auditsPreparation for ISO 27 001 audit to maintain BP²I certification (annual audit) | Internal audit via the BNP ISO division | External audit via AFNOR.*Implementation of an Information System mappingMapping of all assets associated with their IAM tools via PowerBI | Drafting of the Identity Credential & Access Management policy.*Cybersecurity culture managementImplementation of phishing campaigns (annual) | Implementation of SafeDesk campaigns | Monitoring of mandatory training | Reporting of awareness KPIs in security committees.*Pentest managementIdentification of assets to be tested | Tender | Kickoff | Analysis of pentest reports to implement recommendations.*Swiss Army knife for technical topicsWith a technical background, I was able to intervene on many urgent issues.
- BNP-ParibasGRC ConsultantBANKING AND INSURANCEFebruary 2020 - October 2020 (9 months)Montreuil, France*Detailed IT risk mapping for the bank.Creation of HeatMaps for an overall view of risks.*Risk register management.Drafting risk sheets including the entire risk analysis process | Management of action plans defined within the risk treatment plan | Specification of security measures to be implemented by the risk owner and monitoring of their implementation.*Internal security control steering.Management of internal security audits | Implementation and monitoring of action plans in case of non-compliance.
Recommendations
Be the first to recommend Nathan
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master of Science in Information Security EngineeringESGI2019MASTÈRE SÉCURITÉ INFORMATIQUE 4ème année Tout en renforçant les compétences liées à la sécurité des systèmes et réseaux, cette première année de Mastère Sécurité Informatique permet de développer des capacités techniques très opérationnelles dans la détection d’intrusions ou de vulnérabilités, dans le reverse engineering appliqués aux concepts de shellcodes et dans l’analyse forensic pour de l’investigation numérique. 5eme année La seconde année du Mastère Sécurité Informatique vise l’acquisition d’une expertise et d’un savoir-faire opérationnel dans l’audit et les tests d’intrusion, l’analyse de malwares, l’investigation numérique, le management de la sécurité du SI et la cyberdéfense. La préparation aux certifications professionnelles, telles que CCNA Security, ITIL et OSCP renforce des compétences et des capacités reconnues dans le monde de l’entreprise.
- Professional Bachelor's Degree in Networks and SecurityUFR Saint Martin Cergy2017Licence Professionnelle Réseau et Sécurité : Cette formation en apprentissage est dédiée à la maîtrise des technologies et sciences inhérentes à la sécurité logicielle et matérielle des systèmes informatiques ainsi qu'aux technologies et équipements de réseaux. Objectifs de la formation - Maîtrise des grandes structures multi-réseaux appuyée sur la connaissance des problèmes d’interconnexion de gestion de réseaux et de sécurité tant sur le plan matériel que sur le plan logiciel Acquisition des éléments méthodologiques relevant de la gestion de projets - Connaissance de l’environnement normatif, juridique et humain de l’entreprise Capacité à conduire un projet comportant le déploiement, la maintenance et l’évolution d’un réseau - Capacité à communiquer au sein de l’entreprise et assurer une communication efficace auprès des utilisateurs d’applications.