Freelancer profile translated to English.
Back to original languageAbout Ronny
With 5 years of experience in audit and cybersecurity, I have supported major international groups such as BNP Paribas, Société Générale, Renault Group (Mobilize Financial Services), PwC, and Mazars.
Certified CISA, ISO 27001 Lead Implementer, Security+, and ITIL, I specialize in IT and cybersecurity audits, governance, risk management, and regulatory compliance in demanding environments.
My services include:
- IT Audit & Cybersecurity Maturity Assessment:NIST CSF, ISO 27001, COBIT, ITGC
- Regulatory Compliance:DORA, GDPR, NIS2
- ISO 27001 Certification:ISMS implementation (Certified ISO 27001 Lead Implementer)
- Risk Management & Internal Control:Risk analyses, remediation steering
- IT Project Management & Resilience:Management, coordination, reporting
- Governance:Policy/procedure implementation, IS security steering, CISO/PMO assistance
What I bring to you:
- A clear and actionable diagnosis of your security posture.
- Pragmatic support to reduce your risks and achieve compliance.
- The ability to work with both your technical teams and your C-level stakeholders.
Looking to strengthen your cybersecurity, prepare for an audit, or achieve ISO 27001 certification?
📥Contact me today for an initial discussion to define your needs.
French
Native or bilingual
English
Fluent
Can work on-site
Paris (up to 50km), Bry-sur-Marne (up to 50km)
Experience
- BpifranceHead of Security AuditsBANKING AND INSURANCEOctober 2025 - Today (8 months)Maisons-Alfort, FranceClient Context: On assignment at BpifranceMission: Leading security audits in conjunction with agile teams and monitoring remediation plans for Bpifrance.Team Size: 7Tasks Performed:
- Led over 50 security audits(penetration tests and configuration audits on web applications, AI, Cloud infrastructures, CI/CD tools): scoping, coordination of pentester providers, remediation tracking, and reporting to the CISO.
- Optimized the audit process:reduced operational workload by50%through industrialization and workflow automation (build).
- Vulnerability Management via Hackuity and JIRA:prioritization according to OWASP and CVSS, action plan tracking,KPI-driven management(coverage rate, remediation times, vulnerability distribution by criticality).
- Key liaison between project teams and pentesters:facilitated security committee meetings and presented findings in governance bodies.
- Contributed to the creation of a bug bounty program:defined scope, rules of engagement, and vulnerability triage process.
- Société GénéraleCybersecurity Expert - NIST Permanent ControlBANKING AND INSURANCENovember 2024 - Today (1 year and 7 months)Fontenay-sous-Bois, FranceClient Context: On assignment at Société Générale through Squad Conseil et Expertises - mission to enhance cybersecurity maturity for several group entities, including Ayvens, Assu, and SGEF.Mission: Cybersecurity maturity assessment based on the NIST framework for the Société Générale Group.Team Size: 13 to 15Tasks Performed:
- Conducted cybersecurity assessments based on NIST controls to measure the compliance and resilience level of entities with C-level stakeholders.
- Led periodic workshops with over 10 entities based abroad to support them in implementing controls and reviewing associated evidence.
- Defined a testing process to validate security procedures and execute technical scripts (via Powershell).
- Provided consulting and technical support to entities to remediate identified weaknesses.
- Contributed to enriching the IAM (Identity & Access Management) knowledge base and training the NIST team on identity management processes.
- Collaborated closely with technical experts to improve the SG NIST framework.
- Supported internal audit requirements (IGAD).
Results Obtained: Improved cybersecurity posture of assessed entities, upskilled internal teams, strengthened IAM processes, proactive response to internal audit requirements, and better control of cybersecurity-related risks. - Mobilize Financial ServicesIT and Cybersecurity AuditorBANKING AND INSURANCESeptember 2023 - October 2024 (1 year and 1 month)Paris, FranceClient Context: Mobilize Financial Services is the finance arm for the Renault, Dacia, Alpine, Renault Samsung Motors, and Mobilize brands within Renault Group.Mission: Audits for Mobilize Financial Services and its subsidiaries (Slovenia, Germany, Spain, South Korea).Team Size: 3 to 6Tasks Performed:• Reviewed IT governance processes (strategy, steering, internal control...), IT operations (monitoring, asset management...), project management, and cybersecurity (business continuity, incident management...).• Assessed the IT Cyber Risk governance of Renault Group during a specific assignment.• Diagnosed the compliance of Mobilize Financial Services Group with DORA regulations.• Presented audit findings to auditees and COMEX members.• Trained new joiners on general IT controls.• Implemented an automated follow-up tool for actions initiated after audits.Results Obtained: Improved IT risk management, reduced exposure to cyber threats, contributed to the group's compliance (ECB, GDPR, DORA...), productivity gains.
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's degree in Management, Audit, and Information Systems ConsultingInstitut Mines-Télécom Business School2021• Participation à divers cours pratiques autour de la gestion des risques, la sécurité des systèmes d'information et l'audit des systèmes d'information • Conduction d'un projet de conseil de 6 mois avec Accenture visant à améliorer la planification et le respect des délais dans le secteur de la construction
- Higher National Diploma (BTS), Management of Commercial UnitsLycée André MauroisBrevet de technicien supérieur (BTS), Management des unités commerciales
Certifications
- ITIL FoundationPeopleCert2023
- CISAISACA2025