You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Rayan M.RM

Rayan M.

GRC Cybersecurity Consultant – Governance, Risk,

€778/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Rayan

Cybersecurity consultant specializing in Governance, Risk Management, and Compliance (GRC), I support organizations in structuring and ensuring the compliance of their security systems, primarily in the Banking, Insurance, and Finance sectors.

My missions cover the entire GRC spectrum:
- IS Governance: development of PSSI, security frameworks, policies, and procedures aligned with best practices
- Risk Management: EBIOS RM / ISO 27005 risk analyses, treatment plans, residual risk monitoring
- Regulatory Compliance: DORA, NIS2, LPM, GDPR, PCI DSS — from gap analysis to operational action plan, including preparation for regulatory audits
- Audit and Control: ISO 27001/27002 audits, 1st and 2nd level controls, remediation monitoring
- Security Steering: KRI/KPI, EXCOM and regulatory reporting (ACPR, ECB)

Frameworks: ISO 27001 · ISO 27005 · DORA · NIS2 · LPM · GDPR · PCI DSS · NIST CSF · EBIOS RM · COBIT

10 years of experience in the banking and insurance sectors (large groups), working with cross-functional teams (IT, Compliance, Risk, Legal, Purchasing) in environments subject to strict regulatory constraints.

Autonomous and rigorous, I quickly integrate into CISO teams. Available in Paris / Île-de-France, hybrid or full remote.
  • French

    Native or bilingual

  • English

    Conversational

Can work on-site
Paris (up to 30km)

Experience

  • BPCE
    GRC Cybersecurity Consultant
    BANKING AND INSURANCE
    January 2022 - Today (4 years and 7 months)
    Paris, France
    GRC missions within the BPCE group (Banque Populaire Caisse d'Épargne), subject to ACPR/ECB requirements

    Similar mission to the one at Société Générale with the following main focus areas:
    - IS Risk Analysis: conducting EBIOS RM and ISO 27005 analyses, risk mapping, treatment plans, and residual risk monitoring
    - Regulatory Compliance: gap analyses, action plan development, audit preparation
    ISO 27002 GRC ISO 27005 EBIOS RM
  • COVEA (MMA, GMF, MAAF, Fidélia)
    GRC Cybersecurity Consultant
    BANKING AND INSURANCE
    September 2019 - December 2021 (2 years and 4 months)
    Paris, France
    GRC missions within Covéa (GMF/MAAF/MMA insurance group), in a context of strengthening IT security and regulatory compliance.

    Similar mission to the one at Société Générale with the following main focus areas:
    - IS Risk Analysis: conducting EBIOS RM and ISO 27005 analyses, risk mapping, treatment plans, and residual risk monitoring
    - Regulatory Compliance: gap analyses, action plan development, audit preparation
    ISO 27005 EBIOS RM security risk analysis security compliance Security Risks
  • Crédit Agricole SA
    External Cybersecurity Consultant
    BANKING AND INSURANCE
    September 2018 - September 2019 (1 year)
    Montrouge, France
    Project Manager: Supplier Risk Management
    ▪ Capitalization and sharing of existing practices: Identification of existing initiatives within the Companies through bilateral meetings, consolidation of feedback, dissemination of best practices.
    ▪ Harmonization of contracting practices: Development of a Group clause library for all types of suppliers with Purchasing and Legal using the ISO 27002 standard, tooling of the clause library to automatically determine clauses (qualification questionnaire).
    ▪ Monitoring of contractual commitments and supplier cyber incidents: Creation of a Group repository with centralization of audit and evaluation results via the Group Purchasing tool.

    Assistant Project Manager: Response to ECB audit – Group Risk Appetite
    ▪ Monitoring and planning of the regulatory framework: Updating policies (Regulatory Security) and the risk analysis method (Engineering Department).
    ▪ Integration of risk appetite into risk management: Specification of guiding principles and associated tools, particularly the Group's macro-risk matrix.
    ▪ Derogation management system: Determination of tools, processes, and RACI for reporting and consolidating non-conformities as group-level derogations.

    Project Management Office (PMO)
    ▪ Reporting to management (Group CISO): Project progress and team workload management.
    ▪ Ensuring delivery of the Programs department: Monitoring deadlines for each of the team's topics.
    ▪ Group Committee Structure: Cyber Strategy Committee (audience: Executive Directors of Companies) and Programs Committee (audience: CISOs).
    ECB Audit Cybersecurity PMO Security Audit Cybersecurity Project Manager ISO 27002

Recommendations

Be the first to recommend Rayan

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master 2. Extended Enterprise Information Systems (SIEE) – Audit & Consulting, Cybersecurity Specialization
    Université Paris-Dauphine
  • Master 1. Information Systems, Networks, and Digital (SIREN) – IT Project Management
    Université Paris-Dauphine

Certifications

  • ISO 27005 Risk Manager – Information Security Risk Management + EBIOS RM
    LSTI
    Audit Cybersecurity ISO 27001 Cybersecurity Governance Cyber Risk Analysis Consulting Risk Management GDPR Compliance GDPR Information Security
  • ISO 27001 Lead Auditor — Information Security and Privacy Management Systems
    LSTI
    Regulatory Compliance ISO 27002 Cybersecurity ISO 27001 Consulting IS Governance Security Audit Security Policy Information Security GDPR

Skill set

Categories