You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Pablo BustamantePB

Pablo Bustamante

Supermalter

GRC / CISO Cybersecurity Consultant (27005|27001)

€725/day
1 project
Toulouse, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Pablo

My expertise is structured around the following activities:

- GRC:
o ISMS compliance (ISO 27001),
o Implementation of security best practices (ISO 27002),
o Risk analysis (ISO 27005, EBIOS RM),
o Drafting of security policies,
o Awareness training.

- Organizational audit:
o Business Continuity Plan (BCP),
o Disaster Recovery Plan (DRP),
o Security Plan (SP).

- Security architecture:
o Validation of security architecture solutions,
o Compliance with functional architecture principles and rules.

- AMOA (Assistance to the Project Owner):
o Drafting of specifications, RFI, RFP, tender documents.
o Consulting and assistance to the Project Owner on business needs.

- AMOE (Assistance to the Project Contractor):
o Integration of security into projects, Consulting and assistance to the Project Contractor on functional security aspects of projects.

  • French

    Native or bilingual

  • English

    Fluent

  • Spanish

    Native or bilingual

Can work on-site
Toulouse (up to 50km)

Experience

  • Indépendant
    Freelance Cybersecurity Consultant (Governance, Risk, and Compliance)
    January 2023 - Today (3 years and 5 months)
    • CISO at e-Santé Occitanie (since October 2024).
    • Security Business Partner and Risk Analyst (EBIOS RM) at Airbus (May 2023 - September 2024).
    • Deputy CISO at Infomil (January 2023 - April 2023).
    Cybersecurity CISO
  • SERMA SAFETY & SECURITY
    Information Security Consultant
    December 2019 - January 2023 (3 years and 1 month)
    Toulouse, France
    Orange SA, CISO Assistance (February 2022 - Present):
    - Awareness and training: Presenting challenges, tools, and best practices on a daily basis.
    - Solution selection: Security and Data Protection assessment of vendors.
    - Project security analysis and studies: Risk identification and recommendation proposals.
    - Personal data protection study: Assistance in complying with GDPR principles and recommendations.
    - Run support: Request management, incident management. Allianz, Risk Analysis Service Center (March 2021 - February 2022):
    - Application of the EBIOS RM methodology (workshops, reports, approval).
    - Use of the EGERIE tool.
    - Application System Risk Analysis.
    - Vendor Risk Analysis. BPIFrance, Integrating Security into Projects (December 2019 - March 2021):
    - Formalize a security framework (requirements, guides, best practices, controls, monitoring).
    - Integrate security into each project methodology.
    - Raise awareness and train business units and project teams on security.
    - Identify risks.
    - Integrate security as early as possible from the scoping and tender stages.
    - Apply the concept of security by design.
    - Cooperate with the DPO.
    - Assist business units in identifying and addressing their digital risks.
    - Define and implement security measures necessary for risk treatment.
    - Monitor identified residual risks.
    - Ensure compliance with internal policies.
    - Ensure compliance with legislation and regulations.
    - Review contracts with subcontractors.
    - Hold weekly progress meetings with the CISO.
  • HARMONIE TECHNOLOGIE
    Information System Security Consultant
    October 2018 - December 2019 (1 year and 2 months)
    Île-de-France, France
    Crédit Agricole (CASA and CACIB), Risk Analysis (applications and infrastructures):
    - Update existing analyses
    - Perform simplified and detailed analyses
    - Business and technical interviews
    - Security support for projects
    - Perform DPIAs
    - Presentations to the CISO SII, Design of a risk analysis methodology:
    - Participation in working groups with the CISO and internal/external project managers
    - Study of project typologies
    - Identification of applicable frameworks, standards, laws, and regulations
    - Selection of security measures
    - Formalization of questions
    - Development of an Excel tool IT-CE, Scoping of the SSI strategic plan:
    - Participation in working groups with all stakeholders
    - Assessment of security practices
    - Identification of gaps compared to best practices and Group directives
Check out Pablo's experience

Recommendations

Be the first to recommend Pablo

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master 2 Professional in International Strategic Management Consulting (M2 CMSI), Business Management and Strategic Management
    Université Paris 1 Panthéon-Sorbonne
    2015
    Master 2 Professionnel en Conseil en Management Stratégique International (M2 CMSI), Gestion d'entreprise et Management stratégique
  • Specialized Master in Economic Intelligence Strategy, Economic Intelligence
    Ecole de Guerre Economique
    2016
    Master Spécialisé en Stratégie d'Intelligence Economique, Intelligence économique

Skill set (27)

EBIOS RM
Information Security Policy
GRC
Information Security Policy
Risk Analysis
CISO Assistant
Audit
Security Awareness Training
Risk and Vulnerability Assessment
Least Privilege Principles
Cybersecurity
IT Security
ISO 27001
CISO
Security Audit
ISO 27005
Project Management
ISO27001
DORA
NIS2
ISO 27002
ISO 27001 Lead Implementer
CISO Support
CISO Assistance
Security
Security Policy
Information Security

Categories