Freelancer profile translated to English.

Description

Cybersecurity Director / CISO (18+ years of experience), I help organizations manage their risks, achieve compliance (ISO 27001, NIS2, GDPR, ISO 42001) and structure pragmatic and effective security. I focus on Information Security Strategy, SecOps, resilience, and securing AI usage. Available for Information Security leadership roles, program management, and transition roles.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

ESN INTERNATIONALE
Director of Information Systems Security
June 2022 - Today (4 years)
• Definition and execution of the Information Security Master Plan and a three-year roadmap (projects/budgets/partners).
• Maintenance and preparation for ISO 27001 certification (internal audits, remediations) and NIS2 alignment.
• AI Governance and ISO/IEC 42001: AI policy, use case/data/model registry, secure MLOps, gap analysis, and AIMS roadmap.
• Key deployments: XDR SentinelOne with SOC, Tanium/NinjaOne, encryption, group MFA, Cloudflare Zero Trust internal portal.
• Infrastructures: leadership of the redesign of the IT service center datacenter in Morocco; operational security of the center.
• Operations & resilience: user/client incident procedures, BCP/DRP and exercises, crisis committee.
• Culture & business: Security by Design for IT/development, pre-sales/tenders, monthly awareness program, continuous phishing, annual CyberTour.
Cybersecurity Cybersecurity Strategy AI Governance security-awareness-training it-strategy
ESN NATIONAL (groupe International)
CISO & Security
January 2020 - April 2022 (2 years and 3 months)
• Information Security Master Plan, roadmaps/budgets; member of the France and Global security committee, reporting to the CEO.
• Deployment of Group policies; Information Security team (3) + IT steering (~15). Incident procedures + SIEM, BCP/DRP.
• Compliance: ISO 27001, GDPR, OWASP controls/client requirements, ISO 27005/EBIOS RM risks.
• Audits/pentests and remediation plans; annual awareness and security onboarding.
ESN internationale spécialisée en Data
CISO
January 2017 - January 2020 (3 years)
• Group security policy (incl. health) and IT procedures; Information Security management (2) + infrastructure/network steering (~8).
• Group ISMS and ISO 27001 preparation (France/Tunisia); ISO 27005 & EBIOS RM risks; GDPR in team with the DPO.
• Incidents & continuity: incident procedures + SIEM; BCP/DRP on aging infrastructure; audits, pentests, remediations.
• Annual awareness and security onboarding.