Freelancer profile translated to English.

Description

With 25 years of expertise in cybersecurity, I support companies in protecting their information systems against emerging threats. Strategic vision, risk anticipation, and the design of robust security solutions are at the heart of my approach. My goal: to combine innovation and compliance to ensure effective and resilient cybersecurity.

Key Skills

🔹 Cybersecurity Strategy – Development and deployment of security policies adapted to current challenges.

🔹 Risk Management – Proactive assessment of vulnerabilities and compliance with regulatory standards.

🔹 Secure Architecture – Design of resilient infrastructures to protect networks and sensitive data.

Always staying updated on the latest threats and technologies, I put my expertise at the service of organizations wishing to strengthen their security posture.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Conflans-Sainte-Honorine (up to 50km)

BNPP
Senior Cybersecurity Consultant
June 2022 - Today (4 years)
Paris, France
Within the Cybersecurity and Digital Fraud department: Monitoring of CISO, ITRO, and OPC functions for IT Group departments on the following topics:

Risk Register Monitoring:
--- Qualitative monitoring of risk sheets issued by departments
--- Monitoring of associated action plans
-- Monitoring of risk sheets associated with each cloud asset (IAAS, PAAS, SAAS, CAAS)
--- Monitoring of associated action plans
Monitoring of arrangements and associated risks within the framework of TPTRM
Within the cyber program: Supervision and monitoring of the execution of cyber panoramas presented to ITG management for steering the progress of the Cyber Program (quarterly).
--- Presentation of progress by theme (based on NIST)
--- Analysis of lagging topics and identification of associated action plans
Steering of Shadow IT campaigns: Identification of Shadow IT situations: End-user computing / Application engineering solutions / Market solutions / Cyber Artificial Intelligence
--- Assessment of associated risks
--- Definition of action plans to be implemented.
--- Definition and maintenance of KPIs/KRIs and associated dashboards
Monitoring of RAS (Risk Appetite Statement) indicators.
--- Focus on indicators from IVS and EVS scans (internal and external vulnerability scans)
--- Steering of action plans for "back to green"
Steering of RCSA (Risk and Control Self Assessments)
--- Definition of roadmaps and monitoring of assessments
--- Monitoring of action plans for residual risks of "Notable" and "High" levels
Steering of IT control campaigns (permanent operational controls) on the five themes: Security, Integrity, Availability/Continuity, Change, and Outsourcing.
--- Steering of delegations
--- Monitoring of campaign progress and execution results.
--- Monitoring of action plans for "marginally satisfactory" and "unsatisfactory" controls
Cybersecurity
AFM Téléthon / Généthon / AIM / I-STEM
Deputy CISO
September 2021 - June 2022 (9 months)
Information Security Policy Design: Responsible for defining, drafting, and implementing the Information System Security Policy (PSSI) for the organization, in alignment with legal and regulatory requirements (GDPR, etc.) and cybersecurity best practices (ISO 27001, NIST).
Risk Analysis and Asset Mapping: Conducting a risk analysis and identifying critical assets to protect within the information system, assessing vulnerabilities, threats, and potential impacts.
Definition of Security Policies: Developing security policies adapted to the organization's needs.
Cybersecurity Master Plan Design: Responsible for defining and implementing the Cybersecurity Master Plan (SDC) for the organization, aiming to establish a strategic roadmap for securing information systems in the medium and long term.
Definition of Cybersecurity Strategy: Developing a comprehensive cybersecurity strategy covering all security domains (prevention, detection, response) and strategic axes to follow, taking into account technological evolutions, regulations (GDPR, health data management), and the organization's specific needs.
Action and Priority Planning: Developing a clear roadmap with action priorities for cybersecurity projects, measurable objectives, and milestones for deploying security initiatives, integrating aspects related to governance, data protection, and infrastructure resilience.
Risk and Resource Management: Identifying the necessary resources for implementing the SDC, ensuring an adequate budget, and monitoring risks through key performance indicators (KPIs) to measure the effectiveness of actions taken and adjust priorities as needed.
Collectivités territoriales et locales
Senior Cybersecurity Consultant
June 2019 - June 2021 (2 years)
Steering projects funded by Cyber France Relance (): Responsible for supporting and monitoring projects supported by the Cyber France Relance plan, aimed at improving the cybersecurity level of local authorities.
Identification of cybersecurity funding opportunities: Analyzing client needs in cybersecurity and identifying available funding under the Cyber France Relance program to support investments in information system protection, sensitive data security, and compliance with industry standards.
Project Compliance Management: Ensuring project compliance with the criteria and requirements defined by the Cyber France Relance program, working closely with public and private stakeholders to ensure alignment with the recovery plan's objectives.
Coordination of Implementation Actions: Steering project implementation in collaboration with internal teams and external partners, while ensuring adherence to deadlines, budgets, and regulatory requirements related to public funding.
Performance Monitoring and Reporting: Monitoring the performance of funded projects, producing regular reports on results achieved, the impact of investments, and the achievement of France Relance plan objectives, with a focus on success indicators.