Numa Resplandy

I help VSEs, SMEs, and mid-sized companies structure and manage their cybersecurity in a pragmatic and business-appropriate way.

📌 What we can achieve together:

▸ Cyber maturity assessment (NIST CSF, ISO 27001) and definition of a target trajectory

▸ Structuring your cyber governance: committees, roles, responsibilities, management indicators

▸ Implementation of an ISMS and support towards ISO 27001 certification

▸ Scoping and deployment of your risk management program (ISO 27005)

▸ Risk assessment: identification, analysis, mapping, and treatment plan (EBIOS RM)

▸ Regulatory compliance: NIS2, GDPR, DORA, etc.

▸ Development of your business continuity and disaster recovery plans (BCP/DRP, ISO 22301)

▸ Design and facilitation of cyber crisis exercises

▸ IAM Governance: access policies, identity lifecycle, authorization reviews

▸ Raising awareness among your teams on cyber issues

📩 Feel free to contact me to discuss your project!

I assisted the university (9 faculties, 30,000 students, 8,000 employees) in defining and deploying an information security program. Alongside the CISO, I contributed to structuring cyber governance, implementing a risk management framework, and conducting an assessment of the organization's maturity.

▸ Definition of information security governance, including organizational structures (security committees, CISO, security liaisons), key governance processes, and responsibilities (RACI matrix for security roles).

▸ Design of a governance dashboard (performance KPIs, risk KRIs) for management oversight.

▸ Identification and analysis of applicable standards and regulations and their integration into the NIST CSF 2.0 reference framework.

▸ Consolidation of results and production of summary documents for the management committee (maturity mapping, gaps, recommendations).

▸ Development of an upgrade roadmap based on the analysis results and monitoring of measure implementation.

▸ Definition of the university's internal and external context, stakeholders, and risk appetite criteria.

▸ Drafting of the risk management policy in accordance with ISO 27005 & ISO 27001 standards.

▸ Definition of the university's business continuity program: dedicated governance, roles and responsibilities of stakeholders (crisis committee, faculty liaisons), and integration into the overall security framework.

I conducted a risk analysis using the EBIOS Risk Manager method on a critical business application used by many network users. The mission led to the identification of strategic and operational scenarios, risk mapping, and reduction of the system's attack surface.

▸ Collection and analysis of the technical context: network architecture, critical flows, application dependencies, business interfaces.

▸ Validation of risk criteria and consequence/likelihood scales for framing the risk assessment.

▸ Conducting a complete risk analysis according to the EBIOS RM method (workshops 1 to 5).

▸ Construction of a risk map and identification of priority scenarios impacting business services.

▸ Definition of a risk treatment plan with prioritization of measures following a cost/benefit logic.