About Rayan
French
Native or bilingual
English
Conversational
Experience
- BPCEGRC Cybersecurity ConsultantBANKING AND INSURANCEJanuary 2022 - Today (4 years and 7 months)Paris, FranceGRC missions within the BPCE group (Banque Populaire Caisse d'Épargne), subject to ACPR/ECB requirementsSimilar mission to the one at Société Générale with the following main focus areas:- IS Risk Analysis: conducting EBIOS RM and ISO 27005 analyses, risk mapping, treatment plans, and residual risk monitoring- Regulatory Compliance: gap analyses, action plan development, audit preparation
- COVEA (MMA, GMF, MAAF, Fidélia)GRC Cybersecurity ConsultantBANKING AND INSURANCESeptember 2019 - December 2021 (2 years and 4 months)Paris, FranceGRC missions within Covéa (GMF/MAAF/MMA insurance group), in a context of strengthening IT security and regulatory compliance.Similar mission to the one at Société Générale with the following main focus areas:- IS Risk Analysis: conducting EBIOS RM and ISO 27005 analyses, risk mapping, treatment plans, and residual risk monitoring- Regulatory Compliance: gap analyses, action plan development, audit preparation
- Crédit Agricole SAExternal Cybersecurity ConsultantBANKING AND INSURANCESeptember 2018 - September 2019 (1 year)Montrouge, FranceProject Manager: Supplier Risk Management▪ Capitalization and sharing of existing practices: Identification of existing initiatives within the Companies through bilateral meetings, consolidation of feedback, dissemination of best practices.▪ Harmonization of contracting practices: Development of a Group clause library for all types of suppliers with Purchasing and Legal using the ISO 27002 standard, tooling of the clause library to automatically determine clauses (qualification questionnaire).▪ Monitoring of contractual commitments and supplier cyber incidents: Creation of a Group repository with centralization of audit and evaluation results via the Group Purchasing tool.Assistant Project Manager: Response to ECB audit – Group Risk Appetite▪ Monitoring and planning of the regulatory framework: Updating policies (Regulatory Security) and the risk analysis method (Engineering Department).▪ Integration of risk appetite into risk management: Specification of guiding principles and associated tools, particularly the Group's macro-risk matrix.▪ Derogation management system: Determination of tools, processes, and RACI for reporting and consolidating non-conformities as group-level derogations.Project Management Office (PMO)▪ Reporting to management (Group CISO): Project progress and team workload management.▪ Ensuring delivery of the Programs department: Monitoring deadlines for each of the team's topics.▪ Group Committee Structure: Cyber Strategy Committee (audience: Executive Directors of Companies) and Programs Committee (audience: CISOs).
Recommendations
Be the first to recommend Rayan
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master 2. Extended Enterprise Information Systems (SIEE) – Audit & Consulting, Cybersecurity SpecializationUniversité Paris-Dauphine
- Master 1. Information Systems, Networks, and Digital (SIREN) – IT Project ManagementUniversité Paris-Dauphine
Certifications
- ISO 27005 Risk Manager – Information Security Risk Management + EBIOS RMLSTI
- ISO 27001 Lead Auditor — Information Security and Privacy Management SystemsLSTI