Freelancer profile translated to English.

Description

GRC Consultant Certified ISO27701 and EBIOS RM | Governance and Compliance Expert | Rigorous, Pragmatic, Curious

Welcome to my profile! I am an experienced GRC consultant with a rich background of 3 years at PwC as an IT security auditor, followed by just over 2 years as a GRC consultant at Accenture and Formind. This experience has allowed me to specialize in compliance, particularly in IT security auditing, ISO27001 auditing, and maturity assessment. I have also acquired project management skills, further strengthening my versatility and ability to lead various assignments.

My work philosophy is based on rigor, pragmatism, and curiosity. I firmly believe in the importance of these values in the complex world of governance, risk, and compliance. My goal is to provide tailored and effective solutions to help my clients achieve their compliance and security objectives.

I am ISO27701 and EBIOS RM certified, which attests to my expertise in assessing and managing data privacy risks. With my expertise in governance and compliance, I am also open to exploring risk analysis topics, continually seeking to expand my skills and bring added value to my clients.

If you are looking for a passionate, committed GRC consultant capable of meeting your compliance, governance, and risk management needs, do not hesitate to contact me. I would be delighted to collaborate with you and contribute to your company's success.

Languages

French
Native or bilingual
English
Fluent
Spanish
Conversational

Workplace preferences

Can work on-site

Paris (up to 50km)

DOCAPOSTE (Projet cloud privé souverain)
Senior GRC Consultant
September 2025 - March 2026 (6 months)
Context: Compliance and security of a multi-tenant Cloud infrastructure (OpenStack, VMware, Kubernetes) aiming for ISO 27001 certification for the critical needs of the La Poste Group.

Compliance & Governance Management:
• Gap Analysis & Roadmap: Performed gap analysis (ISO 27002) and defined the strategic remediation plan for the certification audit (scheduled for late March).
• Documentation Engineering (ISMS): Drafted the Statement of Applicability (SoA) and the entire procedural corpus on Confluence.
• HDS Convergence: Aligned processes with the existing ISMS (HDS - Health Data Hosting) to ensure seamless interoperability.
• Audit Management: Supported the mock audit and prepared for the certification audit (scheduled for late March).
Operational Security & IAM Expertise
• RBAC Modeling: Designed the privilege matrix and defined critical access rules (Who accesses what?).
• PAM Governance (Wallix): Identified administration flows requiring transit through the bastion and supervised the implementation carried out by DevOps teams.
• Cryptographic Audit: Verified the compliance of algorithms, key lengths, and encryption protocols applied to virtualized environments.
• Security Maintenance (MCS): Defined processes for vulnerability management, hardening, and logging.
Resilience & Business Continuity (BCP)
• Impact Analysis (BIA): Led workshops with operational managers to identify critical processes and define RTO/RPO objectives.
• Continuity Strategy (BCP): Drafted the continuity plan and formalized operational recovery Playbooks for technical teams.
Asset Security & Human Aspect
• Asset Lifecycle:
• Cyber Skills Matrix
Cryptography ISO 27001 Security Audit BCP/DRP Project Management
AXA BANQUE
Internal IT & Cyber Control Analyst – Level 2 (N2)
January 2025 - June 2025 (5 months)
Context: Management of the permanent control framework within the Risk and Compliance department, in a highly regulated banking environment (ACPR).

Permanent Control & Level 2 Monitoring (LOD2)
• Audit of Level 1 Control Effectiveness: Quarterly assessment of the robustness of first-level controls across Cybersecurity, Resilience (BCP/DRP), Data, and IT units.
• KPI Management: Exploited and monitored AXA Group performance indicators to measure the evolution of security maturity and the effectiveness of remediations over the quarters.
• Evidence Challenge: Targeted selection of Level 1 controls and critical verification of produced evidence to ensure the integrity of Group reporting.
Third-Party Risk Management & Remediation
• Vendor Recommendation Tracking: Operational management of action plans for external service providers audited by AXA France.
BCP/DRP Indicator Definition and Monitoring (KPI) TPRM Risk Management IT Internal Control
FNAC DARTY
GRC & IAM Project Manager – Legal Audit Management
October 2024 - June 2025 (8 months)
Context: Coordination of the legal audit (statutory auditors) and management of the identity and access lifecycle (IAM) compliance.

Audit Coordination (Deloitte / KPMG Interface)
• Legal Audit Management: Single point of contact for external auditors; managed evidence collection and secured responses to requests.
• IT & Business Facilitation: Translated audit requirements into concrete actions for technical teams and business departments.
• Control Justification: Defended internal control mechanisms before auditors to limit non-compliance findings.
IAM Governance Overhaul (Remediation)
• Identity Lifecycle: Defined and formalized access management processes: Joiner, Mover, and Leaver.
• Periodic Rights Review: Implemented account and rights review campaigns to ensure adherence to the principle of least privilege.
• Documentation Standardization: Drafted target procedures and created RACI matrices to clarify responsibilities between HR, IT, and Business units.
Roadmap Management & Reporting
• Management Reporting: Presented work progress to management committees (CISO, CIO, CFO) and monitored compliance indicators.
• Strategic Prioritization: Arbitrated and planned post-audit corrective actions based on the criticality of identified risks.
Key Results:
• Streamlined Audit Process: Significantly reduced response times to auditors through effective evidence centralization.
• Group Standardization: Deployed a unified IAM procedure corpus approved by Senior Management.
• Post-Audit Remediation: Closed 100% of priority recommendations from the legal audit within the allotted deadlines.
CYBER PROJECT MANAGER Remediation IAM Identity and Access Management (IAM) RACI