About Ronny
My services include:
- IT Audit & Cybersecurity Maturity Assessment:NIST CSF, ISO 27001, COBIT, ITGC, AI ACT, NIS2
- Regulatory Compliance:DORA, GDPR, NIS2
- ISO 27001 Certification:ISMS implementation (Certified ISO 27001 Lead Implementer)
- Risk Management & Internal Control:Risk assessments, remediation management
- IT Project Management & Resilience:Management, coordination, reporting
- Governance:Policy/procedure implementation, ISMS management, CISO/PMO assistance
What I bring to you:
- A clear and actionable diagnosis of your security posture.
- Pragmatic support to reduce your risks and achieve compliance.
- The ability to work with both your technical teams and your C-level stakeholders.
French
Native or bilingual
English
Fluent
Experience
- BpifranceSecurity Audit ManagerBANKING AND INSURANCEOctober 2025 - Today (10 months)Maisons-Alfort, FranceClient Context: On assignment at BpifranceMission: Managed security audits in collaboration with agile teams and oversaw remediation plans for Bpifrance.Team Size: 7Tasks Performed:
- Managed over 50 security audits(penetration tests and configuration audits on web applications, AI, Cloud infrastructures, CI/CD tools): scoping, coordination of pentester providers, remediation tracking, and reporting to the CISO.
- Optimized the audit process:reducedoperational workload by 50%through industrialization and workflow automation (build).
- Vulnerability Management via Hackuity and JIRA:prioritization according to OWASP and CVSS, action plan tracking,KPI-driven management(coverage rate, remediation times, vulnerability distribution by criticality).
- Key liaison between project teams and pentesters:facilitated security committee meetings and presented results in governance bodies.
- Société GénéraleCybersecurity Expert - NIST Permanent ControlBANKING AND INSURANCENovember 2024 - Today (1 year and 9 months)Fontenay-sous-Bois, FranceClient Context: On assignment at Société Générale through Squad Conseil et Expertises - mission to enhance cybersecurity maturity for various group entities, notably Ayvens, Assu, and SGEF.Mission: Assessed cybersecurity maturity against the NIST framework for the Société Générale Group.Team Size: 13-15Tasks Performed:
- Conducted cybersecurity assessments based on NIST controls to measure the compliance and resilience level of entities with C-level stakeholders.
- Led periodic workshops with over 10 international entities to support them in implementing controls and reviewing associated evidence.
- Defined a testing process to validate security procedures and execute technical scripts (via PowerShell).
- Provided consulting and technical support to entities for remediating identified weaknesses.
- Contributed to enriching the IAM (Identity & Access Management) knowledge base and trained the NIST team on identity management processes.
- Collaborated closely with technical experts to improve the SG NIST framework.
- Supported internal audit (IGAD) requirements.
Results Achieved: Improved cybersecurity posture of assessed entities, enhanced internal team skills, strengthened IAM processes, proactive response to internal audit requirements, and better control over cybersecurity-related risks. - Mobilize Financial ServicesIT and Cybersecurity AuditorBANKING AND INSURANCESeptember 2023 - October 2024 (1 year and 1 month)Paris, FranceClient Context: Mobilize Financial Services is the financial arm for Renault, Dacia, Alpine, Renault Samsung Motors, and Mobilize brands within Renault Group.Mission: Audits for Mobilize Financial Services and its subsidiaries (Slovenia, Germany, Spain, South Korea).Team Size: 3-6Tasks Performed:
- Reviewed IT governance processes (strategy, management, internal control...), IT operations (monitoring, asset management...), project management, and cybersecurity (business continuity, incident management...).
- Assessed the Cyber Risk Governance of the Renault Group during a specific assignment.
- Diagnosed the compliance of Mobilize Financial Services Group with DORA regulations.
- Presented audit findings to auditees and COMEX members.
- Trained new joiners on general IT controls.
- Implemented an automated reminder tool for actions initiated after audits.
Results Achieved: Improved IT risk management, reduced exposure to cyber threats, contributed to group compliance (ECB, GDPR, DORA…), productivity gains.
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's degree in Management, Audit, and Information Systems ConsultingInstitut Mines-Télécom Business School2021• Participation à divers cours pratiques autour de la gestion des risques, la sécurité des systèmes d'information et l'audit des systèmes d'information • Conduction d'un projet de conseil de 6 mois avec Accenture visant à améliorer la planification et le respect des délais dans le secteur de la construction
- Higher National Diploma (BTS) in Commercial Unit ManagementLycée André MauroisBrevet de technicien supérieur (BTS), Management des unités commerciales
Certifications
- ITIL FoundationPeopleCert2023
- CISAISACA2025