You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Taha OualifTO

Taha Oualif

⭐GRC/ EU AI Act / ISO 27001 / RSSI / Cybersecurity

€700/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Taha

I assist you in your compliance objectives (SOC 2, ISO 27001, EU AI Act...) and your security management (part-time CISO).

Ex-Big 4 consultant (+10 years of experience): cybersecurity, IT compliance, AI security, and risk management.

❗Have you lost contracts due to lack of certification?
❗Are your clients pressuring you to provide them with an information security certification (PCI-DSS, SOC 2, ISO 27001, ISO 42001)?
❗Do you not know how to answer the security assessment questionnaire you just received from your client, and it takes too much time?
❗Do you lack time/resources to dedicate to compliance efforts and endless meetings?
❗Are you struggling to understand the certification process, associated costs, and timelines?
❗Have you just purchased a compliance tool (Drata, Vanta, ...) but don't know the next step?

Services offered:

📝 Drafting and reviewing policies and procedures
📝 Security gap analysis based on your chosen frameworks (ISO 27001, NIST, SOC 2, etc.)
📝 IT and compliance audits
📝 Conducting risk assessments, risk treatment, and establishing action plans and roadmaps.
📝 Assessing current security maturity against regulatory requirements.
📝 Organizational security strategy
📝 Support for Governance, Risk, and Compliance (GRC) projects
📝 Cloud security governance, management, and strategy
📝 Security Operations (SecOps)
📝 DPO Service: GDPR compliance, policy drafting/review, gap analysis, and long-term compliance.
📝 CISO / RSSI Service: Assistance and support to define your security strategy, implement action plans, and monitor their long-term implementation.

Let's discuss your project.

(The daily rate shown is indicative)
  • French

    Native or bilingual

  • English

    Native or bilingual

  • Arabic

    Native or bilingual

  • Spanish

    Conversational

Remote only
Primarily works remotely

Experience

  • Soter Advisory
    Founder
    TECH
    February 2024 - Today (2 years and 6 months)
    Founder at Soter Advisory, specializing in security strategy, privacy compliance, and AI security management.
    I lead a specialized team of consultants and security experts to deliver comprehensive GRC and cybersecurity solutions. We act as a strategic partner for organizations, handling their security roadmap from compliance certification to offensive security testing.

    𝗞𝗘𝗬 𝗥𝗘𝗦𝗣𝗢𝗡𝗦𝗜𝗕𝗜𝗟𝗜𝗧𝗜𝗘𝗦:

    • 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲 𝗟𝗲𝗮𝗱𝗲𝗿𝘀𝗵𝗶𝗽: Managing a distributed team of consultants and contractors to ensure high-quality delivery of security projects and audits.

    • 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗲𝗮𝗱𝗲𝗿𝘀𝗵𝗶𝗽 (𝘃𝗖𝗜𝗦𝗢): Designing long-term security roadmaps, maturity models, and action plans for clients to secure operations without stalling growth.

    • 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆: Steering organizations through complex certification processes including ISO 27001, SOC 2, HIPAA, NIST, PCI-DSS, EU AI Act and ISO 42001 (AI Management System).

    • 𝗢𝗳𝗳𝗲𝗻𝘀𝗶𝘃𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Coordinating and supervising penetration testing campaigns (Web, Mobile, API, Network) and vulnerability assessments to identify and remediate critical weaknesses.

    • 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: Conducting organization-wide security risk assessments, gap analyses, and third-party risk management (TPRM).

    • 𝗔𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Advising on AI security and governance to ensure secure adoption of emerging technologies.

    • 𝗗𝗮𝘁𝗮 𝗣𝗿𝗶𝘃𝗮𝗰𝘆: acting as vDPO for GDPR/Data Privacy compliance, policy review, and privacy impact assessments.
    vCISO Risk Management Cybersecurity AI Security ISO 42001
  • G-Research
    Security Risk & Algorithm Safety
    TECH
    August 2022 - February 2024 (1 year and 7 months)
    London, United Kingdom
    • 𝗔𝗹𝗴𝗼𝗿𝗶𝘁𝗵𝗺𝗶𝗰 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: Managed security risks associated with algorithmic trading platforms and quantitative research environments.

    • 𝗠𝗼𝗱𝗲𝗹 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲: Developed frameworks to identify and mitigate model risk and data integrity issues within complex ML pipelines.

    • 𝗗𝗲𝘃𝗦𝗲𝗰𝗢𝗽𝘀 𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻: Collaborated with engineering and research teams to embed security controls into the software development lifecycle (SDLC) without hindering high-frequency trading performance.

    • 𝗜𝗣 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻: Evaluated emerging threats to intellectual property and trading strategies, ensuring robust defense against insider threats and external espionage.
    AI Security Risk Management DevSecOps
  • MarshMcLennan
    Cybersecurity Consultant
    CONSULTING AND AUDITS
    August 2020 - July 2022 (2 years)
    Paris, France
    • 𝗖𝘆𝗯𝗲𝗿 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 & 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲: Architected cybersecurity strategies for clients, aligning IT infrastructure with business objectives and risk appetite.

    • 𝗥𝗶𝘀𝗸 𝗤𝘂𝗮𝗻𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Quantified ransomware risks and potential financial losses for blue-chip companies to inform insurance coverage and risk transfer strategies.

    • 𝗖𝗿𝗶𝘀𝗶𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: Led ransomware and IT outage simulations, developing comprehensive Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP).

    • 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗦𝘂𝗽𝗽𝗼𝗿𝘁: Assisted ransomware victims with insurance claims, technical remediation plans, and post-incident security hardening.

    • 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻: Designed cloud and IT environments to meet ISO 27001, NIST, SOC 2, and GDPR standards.
    ISO 27001 Cloud Computing Cybersecurity Cybersecurity Governance Cybersecurity Audit

Recommendations

Be the first to recommend Taha

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Engineering Degree
    INSA Rennes
    2017
  • Management
    Audencia
    2017
    Double-diplôme Ingénieur-Manager

Certifications

  • ISO 27001 Lead Auditor
    EY CertifyPoint
    2019
  • ISO 27001 Lead Implementer
    EY CertifyPoint
    2019

Skill set

Categories