You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Sephora A.SA

Sephora A.

GRC Consultant - IT Audit | Compliance | Risks

€700/day
1 project
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Sephora

After several years of supporting international groups at PwC and Deloitte, I decided to switch sides: to independence, flexibility, and above all, impact. Today, I help companies secure their systems, manage their IT risks, and remain aligned with regulatory requirements.
In parallel with my assignments, I also teach several courses at EPITA in the field of risk management and cybersecurity.

I undertake strategic, high-value-added assignments:

- Governance and GRC: implementation of governance frameworks, risk mapping, monitoring of remediation plans, indicator steering.

- Regulatory Compliance: support for compliance with current standards and regulations (ISO 27001, DORA, NIS2, GDPR, etc.).

- Risk Analysis (EBIOS RM, ISO 27005, NIST): structuring a methodical approach to map, assess, and manage information system risks.

- Security in IT Projects: integration of security requirements into projects (ERP, cloud migration, IS transformation), from design to deployment.

- IT Audit (internal, external, SOX, ISAE, SOC): analysis of your environments, processes, and controls to ensure their robustness, compliance, and effectiveness. Review of IT General Controls (ITGCs) and IT Automated Controls (ITACs).

I combine proven field expertise with a strategic vision of information security challenges.
Available as a freelancer, I adapt to your operational needs while providing an expert and objective external perspective.
  • French

    Native or bilingual

Can work on-site
Paris (up to 50km), Lille (up to 30km)

Experience

  • Zenride
    Information Systems Security Manager
    TRANSPORTATION
    June 2025 - Today (1 year and 2 months)
    - Third-Party Risk Management (TPRM): Implementation and management of the supplier risk management framework; review of security questionnaires; assessment of provider maturity; validation of contractual guarantees (security, confidentiality, GDPR clauses); monitoring of action plans and communication with strategic partners.
    - Automation and optimization of TPRM processes: Design and deployment of automated workflows for third-party management; standardization of questionnaires; establishment of a single repository; integration of tools to improve traceability, consistency of assessments, and reduce processing time.
    - Conduct and structuring of the ISO 27001 program: Definition and implementation of the ISMS; construction of the asset map; risk assessment; drafting of policies and procedures; preparation for certification audit; coordination with internal product/tech/support teams to ensure integration of security requirements.
    - Governance & Compliance: Contribution to the cybersecurity roadmap; formalization of the security documentation framework; implementation of cross-functional processes (incident management, access management, information classification).
    - Support for internal teams: Awareness-raising for product & tech teams on ISO 27001 requirements; support for integrating security into the development cycle; participation in the daily management of the security and compliance context.
    ISO 27001 SOC2 GRC Risk Management TPRM
  • Valiuz
    Cyber Risks Analyst
    DIGITAL AND IT
    April 2025 - Today (1 year and 4 months)
    Lille, France
    - Risk Management: Mapping and analysis of risks related to business and data projects, with formalization of recommendations based on business context, criticality level, and compliance objectives.

    - Third-Party Management: Assessment of provider security maturity through scoring grids; review of responses to security questionnaires; validation of contractual clauses (security requirements, SLAs, GDPR); monitoring of action plans and regular exchanges with suppliers.

    - Security Management in Projects: Integration of security requirements from the project design phase, support for project managers, risk analysis (ISO 27005, EBIOS), drafting of security deliverables (risk sheets, recommendations, action plans).

    - Compliance & Security Structuring: Support for the implementation of an internal security foundation: drafting of frameworks, participation in the development of internal procedures, contribution to the structuring of security governance and the roadmap.

    - CISO Assistant: Configuration and setup of the CISO Assistant tool for centralized management of risk analyses and third-party management.
    Risk Analysis Third-party Management Security Audit Cybersecurity ISP
  • Alliance Automotive France
    IT Compliance Officer
    AUTOMOBILE
    March 2025 - Today (1 year and 5 months)
    Levallois-Perret, France
    - External Audit & Coordination: Main point of contact for external auditors: preparation of IT audits (SOX, ITGC…), coordination of exchanges, collection of evidence, monitoring of recommendations, and closure of audit points.

    - IT Project Security: Integration of security requirements into group and France projects: risk analysis, exchanges with key stakeholders, definition and implementation of security requirements.

    - IT Controls & Compliance: Implementation and documentation of IT controls on critical systems: access control, log review, backups, application security, etc. Support for IT teams to ensure compliance with internal and external standards.

    - Access Review & Segregation of Duties (SoD): Management of access review campaigns on sensitive applications; analysis of rights and SoD conflicts; management of discrepancies and coordination of remediation actions.

    - Documentation & Security Policies: Creation and updating of procedures, IT policies, and compliance documentation.
    SOX IT Audit Internal Control ITGC ITAC

Recommendations

Jean De LaforcadeJD
CM
Jean De Laforcade and 1 other person have recommended Sephora

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Information Systems Engineering
    Télécom Paris
    2021

Skill set

Categories

  • Other