Description

I am a cybersecurity expert with more 10 years of experience as a project manager, risk analysis according to ISO 27005 and EBIOS RM standards, and compliance with ISO 27001, ISO42001, PCIDSS, INDUSTRIAL STANDARD IEC62443, IEC61850 and IEC61511. My expertise extends to the security by design in projects, Zero Trust, AI Security Governance and managing cybersecurity programs as NIST, NIS2, as well as compliance with DORA, AI Act, Cyber Resilience Act, regulatory standards with the ISO.

I have a strong background in compliance with security standards, which has allowed me to guide organizations through the certification process and help them comply with security requirements. With my knowledge in risk analysis, I am able to put in place policies to manage efficiently risks, threats, identify potential vulnerabilities in assets and recommend security measures.

My experience and skills make me a competent and experienced cybersecurity expert, capable of providing high quality security solutions to organizations of all sizes and from all sectors.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Arabic
Conversational

Workplace preferences

Can work on-site

Paris (up to 50km)

ACG cybersecurité
Consultant Cyber Sécurité (sous traitance)
TRANSPORTATION
September 2025 - December 2025 (3 months)
Paris, France
En collaboration avec ACG Cybersécurité pour une durée de 3 mois pour la réalisation d'une mission chez un client du milieu transport pour réaliser ces taches ci-dessous :

OBJECTIFS PRINCIPAUX

• Améliorer la maturité de la sécurité de l'information de l'entité
• Evaluer et communiquer sur les cyber-risques, définir des plans de remédiation
• Être le principal point de contact de la Direction de la Sécurité du Groupe :
Signaler les incidents potentiels de manière centralisée et apporter votre soutien pendant les phases de confinement, de remédiation et de récupération
Donner de la visibilité au Groupe sur les priorités locales de sécurité, les contraintes et les spécificités locales du système d'information et du Métier
Appliquer et communiquer les nouvelles politiques de sécurité du Groupe
• Créer les politiques, les normes et les procédures de sécurité locales et s’assurer qu'elles sont appliquées de manière cohérente
• Organiser des tests d'intrusion du réseau local et des applications
• Orchestrer les audits et se concentrer sur les domaines clés
• Soutenir les équipes informatiques sur les sujets de sécurité
• Soutenir le plan de sensibilisation à la sécurité de l'information
• Mesurer la conformité à la politique de sécurité et aux réglementations légales
• Identifier les buts, les objectifs et les mesures de sécurité et de protection de l'information conformes au plan stratégique de l'entreprise.
• Gérer les initiatives de conception, de configuration, de mise en œuvre et de test de solutions de systèmes de sécurité stratégiques pour répondre à des exigences techniques et commerciales complexes
• S'associer aux dirigeants de l'entreprise pour s'assurer que les projets de sécurité de l'information de l'entreprise reçoivent les priorités et les ressources appropriées.
• S'associer aux parties prenantes de l'entreprise pour les sensibiliser aux problèmes de gestion des risques
Cybersécurité Security by design Gouvernance Cybersécurité Gestion des incidents ISO 27001
Compagnie sucriere
OT Cyber Security Consultant
AGRICULTURE
May 2024 - August 2025 (1 year and 3 months)
Paris, France
Context: Fixed-price mission with extent to review and update security policies
OT/IT according to ISO27001/IEC62443,
Role: Review the various changes made to the IT/OT environment and their
compliance with industrial security policy. Ensure that IT/OT architecture is
compliant with Purdue model.
Missions:
- Assessment of OT maturity in industrial environments
- Review the OT/IT architecture based on Purdue model to ensure an
effective application and compliance
- Developed and maintained OT/IT security policies, standards and
procedures
- Review the security policy and procedures according to ISO
27001/EIC62443 and provides updates.
- Review changes during the last policy review and the according scope
- Review OT security Vulnerability and patch management
- Advise for new challenges in OT cyber security and best practices
- Improvement of cyber defense service offerings and providing expertise
in the face of cyber risks.
Cybersecurity ICS-SCADA Cybersécurité IEC 62443 PURDUE IEC 61850
AXA Group Operation
Correspondant cyber sécurité
BANKING AND INSURANCE
May 2023 - April 2024 (11 months)
Paris, France
Cyber security project management according to COPIL requests
- Ensure the treatment and monitoring of cyber risks
- Coordinate and manage requests on subjects related to cyber
management of entities (AXA France)
- Improve the quality of server and workstation data used for vulnerability
management (completeness of the inventory and attributes).
- Support the onboarding of small entities into the ITAM tool.
- Ensure monitoring of the quality of data related to vulnerability
management, at the operational and executive levels, in collaboration
with the IT and Security teams.
- Monitor inventory quality remediation (servers and workstations): support
entities in correcting anomalies, creating and tracking data incidents in
the CMDB.
- Prepare and coordinate the onboarding of small entities with the ITAM
team, including the creation of presentation materials and dissemination
via the markets.
- Identify critical areas of the CMDB for vulnerability management and
coordinate the implementation of data quality KPIs with the ITAM and
Security teams.
- Contribute to the design of IT/Security target governance for monitoring
data quality applied to vulnerability management
- Satisfy entities’ requests by providing them with practical answers
- Review and Certification of high-privileged accounts (CyberArc)
- Identify and present KPIs and KRIs to meet regulatory and contractual
requirements with entities
- Define an action plan for processing gab on the status of KPIs & KRIs
- Ensure monitoring and remediation of vulnerabilities affecting system,
workstation and network assets
- Present to the steering committee results of the security assurance plan
and KRI - KPI controls
- Steering regulatory security audits (IFC, PCI DSS, SWIFT, network
configuration audit, etc.)
- Implement configuration standards MTSB for system and network assets
as part of IFC regulatory projects;
- Ensure the presentation of cyber Defense products to entities and any
potential issues
Cybersécurité ISP Audit IFC Gestion de projet