Freelancer profile translated to English.

Description

IT Risk Manager & Cyber Programme Manager 🛡️

CISM · CRISC · ISO 27001 Lead Auditor & Implementer · EBIOS RM

Expert in IT Risk Management and Cyber Programme steering with 8+ years of experience in major groups (BNP Paribas, AG2R La Mondiale, AXA, Capgemini). Graduate of Paris-Dauphine.

What sets me apart 👇

🚀 Cyber Programme Steering

€9M budget managed at AG2R La Mondiale. Full committee management (Steering Committee/Project Committee/Security Committee), Group CISO reporting, budget arbitration, vendor negotiation.

📊 IT Risk Management

Identification, assessment, and monitoring of IT risks. Risk register, KRIs, Level 2 controls, remediation plans — reduction of critical risk remediation time by 45 days.

📜 ISO 27001 Audit & Compliance

Certified PECB Lead Auditor & Implementer. 40% progress towards AG2R group certification. Non-conformity management, corrective action plans.

💡 Cyber Innovation

Global watch (Gartner, Viva Tech), cyber startup sourcing, 5 POCs managed. Position papers on Quantum Computing & Zero Trust disseminated to BNP Paribas CISO.

📍 Île-de-France · ⚡ Available immediately ·

Languages

English
Fluent
French
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

AG2R
Deputy Director Cyber Programme & IT Risk Manager
BANKING AND INSURANCE
May 2024 - March 2026 (1 year and 10 months)
Levallois-Perret, France
Strategic steering & Cyber programme management:
• Steering of the group cybersecurity programme (budget: €9M/year): coordination of a team of 4 people
(PMO, cyber architect, development project managers), arbitration between projects in steering committees (budget,
resources, deadlines), monitoring of milestones and deliverables.
• Representation of the Programme Director at the Group CISO: participation in steering committees to present
the group's IT risk profile and obtain budgets for implementing group
security tools, formalization of security frameworks, raising awareness of risk culture among business and IT teams.
• Identification, assessment, and monitoring of technological and cyber risks: construction and monitoring of the group IT risk register, analysis of business impacts, threats, and vulnerabilities, calculation and monitoring of KRIs.
• Assessment of IT asset criticality in collaboration with technical teams: revision of the supplier assessment framework with three levels according to the criticality of the data processed (PII, internal data,
non-sensitive data).
• Development and management of remediation plans for critical risks: definition of corrective actions,
assignment of responsibilities, monitoring of deadlines, and validation of closure evidence — reduction of remediation time by 45 days on average.
• Level 2 control and challenge of existing systems: ISO 27001 audit and certification support, assessment of Annex A control compliance, identification of non-conformities, management of corrective action plans — 40% progress towards certification.
• Production of reports for management: presentation of the IT risk profile to risk committees and the Group CISO, executive dashboards (KPIs/KRIs).
EDR Risk Analysis Program Management ISO 27005
BNP Paribas
IT Risk Advisor & Cyber Innovation
BANKING AND INSURANCE
August 2021 - April 2024 (2 years and 8 months)
Montreuil, France
Cyber Innovation & global startup sourcing:
• Identification and analysis of emerging Cyber topics through structured global technology watch: Gartner cycle, Viva Tech, Cyber Week, professional networks — sourcing of innovative cyber startups in strategic areas (network security, pentest automation, immersive honeypot).
• Due Diligence on innovative cyber solutions: in-depth and structured assessment of cyber startups before any integration decision — analysis of their security architecture, organizational maturity, compliance with applicable regulatory requirements, ability to integrate into the BNP group's technical environment, and financial stability. Production of documented evaluation reports for the IT Risk & Cyber department and internal sponsors.
• Due Care and continuous monitoring: verification that appropriate security measures were in place and maintained throughout the lifecycle of the evaluated solutions — monitoring compliance with the BNP Group Framework, independent challenge of IT choices, Level 2 control on all systems, rigorous documentation of evaluations, and escalation to the CISO in case of identified discrepancies.
• Scoping and coordination of 5 POCs on innovative cyber solutions: preparation of specifications, coordination of stakeholders (business units, CISO, startups), challenging solutions against BNP Group Framework requirements, presentation of results to the IT Risk & Cyber department.
IT Risk Management & position papers:
• Identification, assessment, and monitoring of technological risks: construction and maintenance of the IT risk register, analysis of business impacts, threats, and vulnerabilities related to emerging technologies, calculation and monitoring of KRIs.
Technology Watch Innovation
AXA
IT Risk Manager – GRC & ISO 27001 Compliance
August 2020 - August 2021 (1 year)
• Conducting IS Security Risk Analyses (EBIOS RM): facilitating strategic and operational workshops, risk qualification, drafting treatment plans and decision-making support documents for steering committees.
• Internal security audit of the SAP module: compliance assessment, identification of non-conformities, drafting recommendations, management of the remediation plan, and follow-up of corrective actions.
• ISMS Improvement: updating the risk treatment plan according to ISO 27001 controls (Annex A), production of operational IS dashboards, reporting to steering committees.
Senior Consultant – IT Risk & Audit ISO 27001 | Capgemini August 2017 – July 2020
ISO 27001