You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Thiery D.TD

Thiery D.

Supermalter

Auditor (AFNOR) ISO 27001/TISAX - CISSP/PMP

€900/day
6 projects
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Thiery

Hello and thank you for visiting my profile.

Cybersecurity consultant and independent certification auditor for AFNOR CERTIFICATION, I work on ISO/IEC 27001 and TISAX audits, with over 10 years of experience with SMEs, mid-sized companies, and large corporations.

I regularly act as a certification auditor, which allows me to support my clients with a precise understanding of certification bodies' expectations, evaluation criteria, and the key points actually observed during audits.

Value delivered to clients


- Effective preparation for ISO 27001 and TISAX audits
- Identification and prioritization of gaps
- Structuring of actionable evidence in certification audits
- Reduction of stress and major non-conformities

Areas of intervention

Certification audits (AFNOR)
- ISO 27001 audits
- TISAX audits (VDA ISA)
- Internal audits and mock audits
- Formalization of findings and follow-up of remediation plans

Cybersecurity & GRC Consulting

- Implementation and improvement of ISMS
- Governance, risk, and compliance (ISO 27001, 27002, 27005)
- CISO / CIO / Management support
- Information security awareness training

Technical Security & Architecture

- SOC, SIEM, EDR, XDR
- Network and cloud infrastructure security (AWS, Azure, GCP)

Independence and Ethics

In the context of this commercial proposal, I act as a consultant, in strict compliance with the impartiality and independence rules related to ISO 27001 and TISAX audits.

Objective

To make you compliant, secure, and confident in the face of your cybersecurity challenges.
  • French

    Native or bilingual

  • English

    Fluent

  • Italian

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • Comutitres
    Cybersecurity CDP / ISP Consultant (Integration of Security in Projects)
    TRANSPORTATION
    January 2024 - Today (2 years and 7 months)
    Paris, France
    Context: Actively assist the CISO and DPO on all infrastructure, creation, development, evolution, and improvement projects for IT systems, applications, and digital initiatives.

    Missions:
    • Conduct cybersecurity and personal data protection regulatory risk/impact analyses
    • Recommend technological, technical, functional, and organizational measures to cover/manage identified risks
    • Coordinate and monitor the implementation/application of issued recommendations
    • Assess the cybersecurity and regulatory compliance of personal data protection for service contracts managed and overseen by the client.
    • Formalize cybersecurity and regulatory requirements for personal data protection in response to various public tenders or competitive bidding processes conducted by the client.
    • Evaluate the responses of various bidders in public tenders or competitive bidding processes conducted by the client, from the perspective of cybersecurity and personal data protection regulations.
    • Lead and manage specific projects or studies for cybersecurity and regulatory compliance (e.g., Management of MFA and Bastion Wallix implementation on the SAGE ERP).
    • Define, implement, and maintain quality management KPIs related to the mission.
    • Handle any other cybersecurity and personal data protection regulation-related topics assigned.

    Environment: On-premise and Cloud Infrastructure (AWS/GCP/Azure), DASTRA (GDPR), EDR (CrowdStrike),
    Risk Analysis EBIOS RM ISO 27001 ISO 27002 EDR SIEM Project Management
  • L'Oréal SA - L'Oréal France
    Cloud Security Project Manager / Service Delivery Manager/ Rapid 7 Agent Deployment Project Manager
    FASHION AND COSMETICS
    May 2022 - Today (4 years and 3 months)
    Clichy, France
    #Mission 1: Cloud Security Project Manager


    Context:

    Leading the deployment of Palo Alto's Prisma Cloud CSPM (Cloud Security Posture Management) solution. A multi-cloud solution for managing non-compliance and security incidents on cloud-hosted assets.

    Missions:

    Prisma Cloud Deployment Orchestrator
    • Participation in project studies with technical architects
    • Organization of technical workshops
    • Coordination and formalization of the specifications document
    • Functional acceptance of the solution
    • Integration of the solution into the TVM (Threat & Vulnerability Management) service line
    • Leading the solution's transition to RUN mode
    • Coordination of knowledge transfer from the MSSP to the operational teams of each group division/zone
    • MSSP and all stakeholder management
    • Definition and formalization of operational processes
    • Implementation of operational processes

    Technical Environment:Azure, GCP, AWS, Alibaba Cloud, Prisma Cloud

    #Mission 2: Service Delivery Manager, TVM Vulnerability Management Service Line


    Context:

    Operational project manager for the TVM (Threat Vulnerability Management) service line – a managed service responsible for vulnerability management across all L'Oréal zones/divisions (EMEA, AMER, APAC).

    Missions:

    • Guarantee of service quality across all zones/divisions
    • Guarantee of contract execution by the MSSP
    • Guarantee of service quality provided
    • Guarantee of scan campaign execution
    • Lead the implementation of remediation plans
    • Presentation of KPIs to the CISO of each group zone/division
    • Lead responses to various audit requests across all zones/divisions.
    • Lead the migration of vulnerability scanning servers to the Cloud
    Lead the deployment of EDR/Crowdstrike on servers (15,000) and workstations (180,000)
    • Responsible for version upgrades
    • Responsible for the process of validating upgrade requests (submission to CAB)
    • Management of the contractual relationship with the vendor
    • Responsible for identifying assets not deployed in the CMDB and deploying them
    Lead RFP for competitive bidding of MSSP and vulnerability scanning tools
    • Organization of technical workshops with the different group zones/divisions
    • Drafting of the RFP following the various workshops
    • Lead presentations
    Technical Environment:On-premise and Cloud Infrastructure, Scanning (Rapid 7), ServiceNow (vulnerability management module, CMDB), Patch management, PowerBI, EDR (Crowdstrike), Firewall, CyberArk

    #Mission 3: Rapid 7 Agent Deployment Project Manager


    Context:

    Deploy the Rapid 7 agent on assets (servers (15,000) and workstations (180,000)) across all group zones and divisions.

    Missions:
    • Monitor CMDB updates by zones/divisions.
    • Definition of deployment scope
    • Preparation of workshops prior to deployment
    • Reporting/presentation of deployment KPIs to management
    • Guarantee of the agent version upgrade process
    • Definition of operational processes

    Technical Environment:On-premise and Cloud Infrastructure, Rapid 7, SCCM, Ansible, Tanium, ServiceNow (CMDB Module), Zscaler Proxy, AD
    Azure AWS GCP Alibaba Cloud PrismaCloud Palo Alto rapid7 ServiceNow Power BI Azure AD CMDB Vulnerability Management SCCM Ansible Cyberark
  • Groupe Renault
    Network Security Project Manager
    AUTOMOBILE
    January 2018 - July 2021 (3 years and 7 months)
    Le Plessis-Robinson, France
    **Overall Context**: Manage the network and security project portfolio for the EMEA region of the group.


    Overall Missions:
    • Guarantee the implementation of the WAN strategy defined by the IT department
    • Coordination of project stakeholders
    • Liaison with Telecom operators and international subcontractor management
    • Definition and monitoring of project schedules
    • Analysis and qualification of new telecom needs: physical/logical site upgrades, site migrations,
    • Management of new site moves and creations
    • Deployment of new network and security solutions
    • Change management for local Renault IT teams
    • Risk management (identification, analysis, monitoring, and mitigation of project risks: management of remediation plans
    • Conflict management
    • Contract management
    • Communication management

    Project - WAN EMEA Migration (migration of MPLS links from BT to OBS)


    Context:Lead the "WAN EMEA 2018" tender for the supply of the MPLS backbone in the EMEA region.

    • Scope: 80 sites of the Renault Nissan alliance
    • Budget: 10 million euros over 5 years

    1) Management and monitoring of the "RFP WAN EMEA 2018" tender
    o Organization of technical workshops
    o Coordination of technical experts and formalization of the specifications document
    o Management of presentations
    o Management of the tender response analysis
    2) Migration of the 80 sites in scope (true operational orchestrator)
    o Coordination of stakeholders (architects, deployment engineers, operators, subcontractors, production site managers, local IT teams)
    o Organization of technical workshops for all migrations
    o Guarantee of the overall deployment schedule
    o Guarantee of the change management process
    o Decommissioning of equipment and CMDB update

    Technical Environment:MPLS, WAN, VPN, IPSEC/TLS, Fortigate, CISCO, Radius, F5, WAF, RSA

    Project – WAN Hybridization (transition from a full MPLS network to a hybrid network with internet access)


    Context:Bring agility to the network to facilitate the migration and deployment of applications in the Cloud according to needs and scopes:

    Missions:
    • Removal of one of the MPLS circuits
    • Deployment of internet access with Fortinet Firewall
    • Organization of technical workshops and validation of target architectures
    • Operational management of migrations

    Project - SD – WAN


    **Context**: Conduct an SD-WAN POC within the Renault context

    Missions:
    • Participation in the drafting of the SD-WAN tender (RFI)
    • Analysis and evaluation of SD-WAN RFI responses
    • Participation in SD-WAN technical workshops (Cisco, Fortinet, Versa Networks)

    Technical Environment:MPLS, WAN, SD-WAN, IPSEC/TLS, Fortigate, CISCO, Radius, F5, WAF, RSA
    Tenders project management WAN MPLS SD-WAN Security IPSEC SSL/TLS Cisco SSL VPN RSA WAF

Recommendations

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master 2 Computer Science / Specialization Networks, Telecom
    Telecom Paris Tech & Université Paris 6 (UPMC)
    2012
  • University Diploma Data Protection Officer (DPO)
    Université Paris 2 Assas
    2021
    RGPD et gestion des données personnelles

Certifications

Skill set

Categories