You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Nathan LemaireNL

Nathan Lemaire

GRC Consultant | CISSP

€900/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Nathan

Cybersecurity consultant specializing in Governance, Risk, and Compliance. I assist organizations in structuring, managing, and improving their security systems.

My goal: to help companies build clear, coherent, defensible, and truly manageable cybersecurity.

I primarily focus on cyber governance, risk management, regulatory compliance, security policies, audits, control mapping, and the implementation of cybersecurity frameworks such as ISO 27001, NIST CSF, EBIOS RM, NIS2, DORA, and the Secure Controls Framework.

My approach is to make cybersecurity understandable, actionable, and aligned with business objectives. I help security, IT, risk, compliance, and management teams transform regulatory or normative requirements into concrete, measurable, and trackable action plans.

I have notably worked on:

- Defining and updating security policies;
- Building cybersecurity documentation;
- Conducting risk assessments;
- Creating risk registers and risk letters;
- Preparing for ISO 27001 audits;
- Mapping controls with ISO 27001, NIST CSF, or SCF;
- Defining cybersecurity KPIs/KRIs for CISO steering;
- Structuring cybersecurity dashboards in Power BI;
- Assisting business units in integrating security into projects;
- Maturity assessments and defining remediation plans.

I can be involved in strategic scoping missions as well as operational tasks such as documentation production, risk assessment, gap analysis, audit preparation, or cyber program structuring.
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • Kering
    Cybersecurity Governance & Risk Officer
    LUXURY GOODS
    March 2025 - Today (1 year and 5 months)
    Paris, France
    • Updated and structured security policies: contributed to the evolution of the Global Information Security Policy and associated operational policies.
    • Alignment with cybersecurity frameworks and standards: ISO/IEC 27001:2022, NIST CSF, Secure Controls Framework, as well as the Group's internal requirements.
    • Cybersecurity risk management: formalized risks, drafted risk letters, structured the risk register, and defined treatment plans.
    • Security control mapping: mapped policies, control objectives, operational controls, expected evidence, and monitoring indicators.
    • Improved cybersecurity documentation: defined the documentary hierarchy between policies, standards, procedures, and operational instructions.
    • Support for compliance and audits: prepared evidence, justified control applicability, and contributed to continuous improvement.
    • Structured cybersecurity dashboards: defined KPIs/KRIs for operational and strategic steering of cyber activities.
    • Stakeholder support: collaborated with IT, security, risk, compliance, and business teams to make cybersecurity requirements understandable and actionable.

    This mission was part of an international context, with a strong focus on harmonizing cybersecurity practices, tracing risk decisions, and steering security maturity across the Group.
    Risk Management GRC Security Governance Control Plan CISSP
  • BNP-Paribas
    IT and Cyber Risk Engineer
    BANKING AND INSURANCE
    November 2020 - February 2025 (4 years and 3 months)
    Montreuil, France
    *Cyber and physical security incident management (in data centers and on-site)

    Incident response manager for France, Belgium, and Italy | Direct management with BNP Group CSIRT | Reporting and KPI monitoring in security committees for the CEO and CISO | Creation of the incident response process and procedures | Data Leak Prevention management.

    *Implementation of a hierarchical documentation framework for cybersecurity

    Drafting security policies and procedures | Identification and centralization of applicable standards and norms for BP²I (NIST CSF / ISO 27 001 / DORA / Internal Controls).

    *Management of internal and external audits

    Preparation for ISO 27 001 audit to maintain BP²I certification (annual audit) | Internal audit via the BNP ISO division | External audit via AFNOR.

    *Implementation of an Information System mapping

    Mapping of all assets associated with their IAM tools via PowerBI | Drafting of the Identity Credential & Access Management policy.

    *Cybersecurity culture management

    Implementation of phishing campaigns (annual) | Implementation of SafeDesk campaigns | Monitoring of mandatory training | Reporting of awareness KPIs in security committees.

    *Pentest management

    Identification of assets to be tested | Tender | Kickoff | Analysis of pentest reports to implement recommendations.

    *Swiss Army knife for technical topics

    With a technical background, I was able to intervene on many urgent issues.
    ISO 27001 Incident Management Cybersecurity Cybersecurity CISO
  • BNP-Paribas
    GRC Consultant
    BANKING AND INSURANCE
    February 2020 - October 2020 (9 months)
    Montreuil, France
    *Detailed IT risk mapping for the bank.

    Creation of HeatMaps for an overall view of risks.

    *Risk register management.

    Drafting risk sheets including the entire risk analysis process | Management of action plans defined within the risk treatment plan | Specification of security measures to be implemented by the risk owner and monitoring of their implementation.

    *Internal security control steering.

    Management of internal security audits | Implementation and monitoring of action plans in case of non-compliance.
    Risk Analysis EBIOS RM GDPR PCI DSS GRC

Recommendations

Be the first to recommend Nathan

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master of Science in Information Security Engineering
    ESGI
    2019
    MASTÈRE SÉCURITÉ INFORMATIQUE 4ème année Tout en renforçant les compétences liées à la sécurité des systèmes et réseaux, cette première année de Mastère Sécurité Informatique permet de développer des capacités techniques très opérationnelles dans la détection d’intrusions ou de vulnérabilités, dans le reverse engineering appliqués aux concepts de shellcodes et dans l’analyse forensic pour de l’investigation numérique. 5eme année La seconde année du Mastère Sécurité Informatique vise l’acquisition d’une expertise et d’un savoir-faire opérationnel dans l’audit et les tests d’intrusion, l’analyse de malwares, l’investigation numérique, le management de la sécurité du SI et la cyberdéfense. La préparation aux certifications professionnelles, telles que CCNA Security, ITIL et OSCP renforce des compétences et des capacités reconnues dans le monde de l’entreprise.
  • Professional Bachelor's Degree in Networks and Security
    UFR Saint Martin Cergy
    2017
    Licence Professionnelle Réseau et Sécurité : Cette formation en apprentissage est dédiée à la maîtrise des technologies et sciences inhérentes à la sécurité logicielle et matérielle des systèmes informatiques ainsi qu'aux technologies et équipements de réseaux. Objectifs de la formation - Maîtrise des grandes structures multi-réseaux appuyée sur la connaissance des problèmes d’interconnexion de gestion de réseaux et de sécurité tant sur le plan matériel que sur le plan logiciel Acquisition des éléments méthodologiques relevant de la gestion de projets - Connaissance de l’environnement normatif, juridique et humain de l’entreprise Capacité à conduire un projet comportant le déploiement, la maintenance et l’évolution d’un réseau - Capacité à communiquer au sein de l’entreprise et assurer une communication efficace auprès des utilisateurs d’applications.

Certifications

Skill set

Categories