You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Sarah H.SH

Sarah H.

Senior GRC/TPRM/DORA Consultant | Full Remote

€778/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Sarah

Having assisted several organizations with cybersecurity, governance, and compliance in various sectors (banking, insurance, human resources, etc.), I can help you strengthen your security level and meet your regulatory and normative requirements.
I intervene particularly on issues related to DORA, ISO 27001, ISO 27005 compliance and risk management using the EBIOS RM method, in order to define security measures adapted to your context and your business challenges.
I also have solid expertise in Third Party Risk Management (TPRM), including supplier risk assessment, critical third-party management, security questionnaires, compliance reviews, and follow-up of remediation plans in regulated environments.
What I can bring you:
Definition of your cybersecurity strategy and IS security governance.
Writing and updating security policies, procedures, and frameworks.
Support for regulatory and normative compliance (DORA, ISO 27001, etc.).
Management of ISO 27001 certification processes.
Conducting risk analyses according to EBIOS RM and ISO 27005.
Management of risks related to third parties and suppliers (TPRM).
Assessment of the cybersecurity maturity of critical service providers and suppliers.
Monitoring of risk treatment plans and security action plans.
Integration of security into projects and operational practices.
Awareness and support for teams on cyber and compliance issues.
Available to discuss your issues and projects in complete confidentiality, in order to identify concrete areas for improvement and provide you with real added value.
  • French

    Native or bilingual

  • English

    Fluent

  • Japanese

    Basic

  • Spanish

    Conversational

Remote only
Primarily works remotely

Experience

  • GIE AXA
    ISP Senior Consultant/ lead TPRM
    BANKING AND INSURANCE
    February 2025 - Today (1 year and 6 months)
    Paris, France
    Integration of security into projects ( Security Scoping, definition of security measures, action plans, Risk analysis, Risk mitigation, ... )

    Third Party Risk Management ( Due diligences analysis, Audits, remediation Plan follow up, Contract negociation, ...)
    Risk Management Security Audit Project Management ISO 27001 TPRM
  • Valeo
    Third Party Risk Analyst
    AUTOMOBILE
    August 2023 - April 2024 (7 months)
    Paris, France
    • Supplier/partner risk analysis
    • Definition of treatment plans
    • Follow-up of treatment plans
    • Contractual follow-up.
    EBIOS RM ISO27005 TPRM
  • Squad
    Security Consultant
    DIGITAL AND IT
    June 2021 - Today (5 years and 2 months)
    Paris, France
    I work on a project-by-project basis for SQUAD clients (BNPP Asset Management)

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master 2 in Management and Industrial Development
    IAE Savoie Mont Blanc
    2016
  • State Engineering degree in Electrical Engineering (Electronics and Telecommunications)
    EHTP Casablanca
    2013

Certifications

  • ISO 27001 Lead Implementer
    PECB
    ISMS Cybersecurity Security Audit Security Policy IT Security
  • ISO 27005 Risk Manager
    LSTI
    Risk Management

Skill set

Categories