You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Sofiene DaoudSD

Sofiene Daoud

Senior GRC Consultant

€650/day
Paris, FR
3-7 years
Project Management
DORA Lead Manager
ISO 27001 & ISO 22301 Implementation
Risk Management ISO 27005 & EBIOS
Governance, Risk and Compliance

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Sofiene

Senior GRC Consultant with 6 years of experience in risk management, compliance, and information security governance.
I intervene on multi-standard compliance issues (ISO 27001, NIST, DORA, NIS2, GDPR, etc.), with a focus on IS security maturity, a risk-based approach, and transverse management.
My goal is to contribute to strategic missions around regulatory and normative compliance, by taking an active role in project management, stakeholder coordination, and continuous improvement of GRC frameworks.

  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • METSYS
    Senior GRC Consultant
    CONSULTING AND AUDITS
    September 2025 - Today (9 months)
    Boulogne-Billancourt, France
    Senior GRC Consultant – ISO 27001:2022 Program (major construction group, multi-entities)
    • Construction / recovery and structuring of the ISMS: policies, procedures, standards, registers, matrices, dashboards.
    • Risk Management (ISO 27005 / EBIOS RM depending on context): workshops, risk register, treatment plans, prioritization.
    • Derivation of ISO 27002 into auditable requirements: IAM/access controls, hardening, logging, vulnerabilities/patching, backup & restore, change management, workstation/server/network security, secure development.
    • Operational management: RACI, committee, RAID monitoring, reporting, coordination of IT/CISO/Infra/SOC/application teams.
    • Audit preparation (internal/external): evidence consolidation, traceability, compliance, and continuous improvement.
    ISO 27001 Project Management Change Management ISMS
  • Exalt
    Information Security Officer / Senior GRC Consultant
    CONSULTING AND AUDITS
    July 2023 - May 2025 (1 year and 10 months)
    Paris, France
    Information Security Officer, Governance & Cybersecurity @ Geodis SCO (2023 - 25)
    Cybersecurity Governance, Implementation of the group security strategy, Compliance with security directives, Vulnerability management and monitoring, Application security, Integration of security in projects, Vendor management.
    Senior Consultant, Compliance @ eXalt Shelid
    Internal DORA compliance referent, Creation of training content, Conducting training sessions for consultants on topics such as cybersecurity awareness, Risk Management, and DORA regulatory compliance.
    Regulatory Compliance IS Governance Coaching and Mentoring
  • DELOITTE
    Information Security Consultant
    CONSULTING AND AUDITS
    February 2019 - February 2023 (4 years)
    Tunis, Tunisia
    Main Missions:
    Senior Consultant @ Deloitte
    Writing typical deliverables for the Cyber-Strategy offering, Cybersecurity watch, Contribution to tender responses, Mentoring junior profiles, Organizing and leading sharing sessions within the community.
    Cyber Risk, Governance & Compliance @ Industrial Sector (2021 – 2022)
    ISMS implementation, ISO2700 Certification compliance, ITIL maturity assessment, IT Risk Management program implementation, SI governance diagnosis (ITSM-ITIL).
    Cyber Resilience & Security Assessment @ Banking and Insurance Sector (2021-2022)
    Cyber Resilience strategy development, Disaster Recovery Plan development, Documentation of NIST controls and assessment processes, IT Compliance and regulatory compliance, Operational security hardening.
    Business & Cyber Resilience @ Public Sector (2022)
    Business Continuity Plan development, Risk management and Business Impact Analysis, Business continuity strategy development and deployment.
    Head of IT Risk Management @ Telecom Sector (2019-2020)
    Update of operational risk mapping, Risk assessment, Development of an audit plan for risk treatment.
    Head of ISMS & Cyber Risk Management @ Banking & Insurance Sector (2019)
    Update of the risk management program, Improvement of subsidiary security in line with group security strategy.
    GRC Risk Management Mentoring Interns IS Strategy

Recommendations

Be the first to recommend Sofiene

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Engineering Degree
    International Institute of Technology
    2019
    en Technologie d'information de Communication
  • Fundamental License
    National School of Electronics and Telecommunications
    2016
    en Sciences Technologie d'Information et de Communication

Certifications

  • Certified DORA Lead Manager
    PECB
    2024
  • ISO/IEC 27001 Lead Implementer
    PECB
    2022
Sofiene's certifications are only visible to Malt Community members

Skill set

Cybersecurity Strategy
DORA
NIS2
GDPR
Risk Management
ISMS
Security Policy
Risk Mapping
Gap Analysis
Action Plan
Communication
Cybersecurity Awareness
NIST CSF
NIST
GRC Tools
Leadership
Autonomy
Versatility and Adaptability
IT Project Management
IT Strategy
IT Service Management
IT Vendor Management and Procurement
Project Management (PMO)
Target Operating Model
Corporate Strategy
Digital Transformation
Compliance
Risk Management
Change Management
Consulting
Digital Transformation
Team Management
Training
Business Strategy

Categories