Freelancer profile translated to English.

Description

Computer engineer and Cybersecurity Consultant, I support organizations, particularly in the banking and insurance sectors, in their governance, risk management, and compliance (GRC) initiatives.

Certified ISO 27001 Lead Auditor, ISO 27005 Risk Manager (Ebios RM), and PMP, I have developed a balanced approach between strategy and operations: implementation of ISMS, IT risk management, SI hardening, security improvement plan management, internal audit, and regulatory compliance support (DORA, NIS2, GDPR, LPM, HDS).

My background has led me to work on cyber governance and transformation projects within large financial environments, ensuring coherence between regulatory requirements, business risks, and business continuity imperatives (BCP/DRP, CRA, TPRM).

I am committed to promoting pragmatic cybersecurity, based on risk management, compliance, and cyber resilience culture within organizations.

Areas of expertise:

🔹 Governance & Compliance: DORA, NIS2, ISO 27001, GDPR, LPM, HDS

🔹 Risk Management following ISO 27005 / EBIOS RM, TPRM, KRI, and BCP/DRP activities

🔹 Operational Security & ISMS: audits, remediation, indicators, and governance

🔹 Management: IT project management (Agile / V-Model), CISO coordination, reporting, awareness, intelligence.

🎯 Objective: To support companies in strengthening their cybersecurity governance and compliance, by reconciling regulatory requirements, resilience, and operational efficiency.

Industry field of expertise

Languages

French
Native or bilingual
Arabic
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Republic of France (up to 50km), Paris (up to 50km)

METSYS
Senior Consultant Cyber Security, GRC
December 2024 - November 2025 (11 months)
Managed projects related to GRC security governance, managed services, and project-based assignments (Clients: Assurance MGP, Groupe ENG, and internal Metsys).

• Supported Assurance MGP in implementing DORA and managed the necessary work for DORA compliance.
Activities: DORA Gap analysis, roadmap, development and declaration of EBA/ACPR compliant ROI, incident and cyber threat management, ICT supplier contractual relations, Risks and TPRM (200 IT providers), preparation of TLPT resilience tests according to TIBER-EU framework, training activities…
• Supported the implementation and management of ISMS, BIA preparation, risk analysis activities (Metsys, NGE).
• Client assistance, application of ISO27001, ISO27002, ISO27005, RGS, LPM, ANSSI frameworks.
Activities: Documentation corpus, asset management, ISO 27005 risk analysis, gap analysis, assessment, Change Management, Incident Management...
• Monitoring dashboards, reporting, Committee activities.

Environment: DORA, ISO 27001, ISO 27005, Ebios RM Risks, NIS2, GDPR, LPM, TPRM, ServiceNow
DORA ISO 27001 ISO 27002 ISO 27005 ISMS
BIAT
Information Security Officer
January 2019 - June 2024 (5 years and 5 months)
I was responsible for developing IT security and upgrading the bank's resilience and mitigating risks against cyber threats.

• Conducted a diagnostic of the situation and approved a 3-year improvement action plan;
• Developed and implemented security policies;
• Conducted IT Security Audits following ISO 27001 & 27002 standards with accredited companies (ANSI -Tunisia);
• Organized PENTEST activities for the Bank's critical applications (Monetics, GBS, Net Banking, Swift) using ISO 27005 risk analysis approach;
• Monitored and corrected identified vulnerabilities, including zero-day or critical ones...
• Contributed to the project: Securing BIAT's e-banking platform,
• Participated in PCI-DSS Compliance work:
o Contributed to improvements in the bank's payment system to meet standard requirements,
o Developed security policies and procedures and implemented them as part of the PCI-DSS project.
• Contributed to the Gap analysis study for the Swift CSP.
• Improved the IT production incident management process.
• Collaborated with various business departments and external organizations such as the Financial CERT, ANSSI, INPDP and coordinated all activities related to IT security, physical security, and personal data protection;
• Led internal IT security training and awareness activities.
• Provided periodic reporting to the committee, the General Management, and an annual presentation of the situation to a restricted committee of the Bank's Board of Directors.
Tech Env:
• ISO 27001, ISO 27002, ISO 27005;
• Risk Management, Ebios RM;
• IT Audit approach, pentesting;
• Dashboard, Reporting, Gantt, KPI;
ISO27001 ISO 27002 ISO 27005 Risk Management, Ebios RM Banking IT Audit
BIAT
Project Director
June 2010 - December 2018 (8 years and 6 months)
Internal promotion: moved to a 'Project Director' position in the Information Systems Department and took charge of new projects or development areas for the Bank's IS.

Activities:
• Managed a project to overhaul document management and secure the Bank's data and documents;
• Studied and implemented an ECM (Enterprise Content Management) project: business databases, COLD DMS, and process modeling (GARGANTUA system from Siatel);
• Integrated and put into production the StreamServe (Exstream) business mail product;
• Managed the BIAT internal notes and circulars database and the Bank's database;
• Contributed to the migration of BIAT's IS to a new Core Banking System (Temenos System) and its integration with the ECM system. Coordinated with development, infrastructure, and production teams.
• Dematerialization of files and automation of the Credit process;
• BIAT IS Architecture work: application mapping, data flows, business processes, modeling, and implementation according to the Archimate standard;
• IT incident management;
• Contributed to the implementation of a new Net Banking system, MyBIAT;
• Managed integration projects with external suppliers such as:
• A spending control system;
• An E-Dealing solution for the trading room...
• Contributed to other projects: BCP/DRP, HRIS, IT Service Governance under ITIL...

Environment:
• Oracle DBMS, Windows, MS Office, MS Exchange;
• ECM GARGANTUA System, StreamServe Business Mail System;
• Unix, Java, Tomcat, Jboss, XML;
• Temenos Core Banking, HRIS, Agile Methodology;
Banking Management Business Analysis Change Management IT Management