Freelancer profile translated to English.

Description

Interim CISO / RSSI with over 15 years of experience in cybersecurity, governance, and risk management, working with industrial, international, and regulated groups. Specializing in post-audit, regulatory compliance, and transformation contexts, I support management in cyber decision-making, risk arbitration, and structuring operational, auditable security systems aligned with business and regulatory challenges. Proven experience in critical and regulated environments: NIS 901, Cyber Resilience Act (CRA), DORA, NIS2, ISO27001 / 22301, with strong exposure to Executive Committees and executive governance.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km), Lille (up to 50km), Abbeville (up to 50km), Compiègne (up to 20km), Rouen (up to 30km)

Netatmo (Groupe Legrand)
2025 | Fixed-price projects – Netatmo (Legrand Group)
February 2025 - December 2025 (10 months)
Senior Consultant – Cyber Risk & Cyber Resilience Act (CRA)
Fixed-price consulting mission for Netatmo (Legrand Group) to support cyber risk analysis and compliance with the Cyber Resilience Act (CRA), in connection with ISO 27001 requirements and risk governance challenges.

Deliverables & responsibilities

Conducting a risk analysis report aligned with CRA requirements
Developing a risk treatment plan with action prioritization
Conducting a Cyber Resilience Act gap analysis
Performing an ISO 27001 ↔ Cyber Resilience Act mapping
Assisting management in arbitrating risks to be included in the CRA risk map
Pyroalliance
Head of Information Security
February 2025 - Today (1 year and 4 months)
March 2025 – Present Independent (client PyroAlliance – Ariane Group subsidiary)
Interim CISO / Interim Head of Information Security – NIS 901 scope
Mission:
Acting as Interim CISO / Head of Information Security to manage the NIS 901 accreditation process and regain control of the cybersecurity governance of a critical IT system, in an industrial and regulatory context with high stakes.

NIS 901 Governance & Accreditation
• Defining and managing the NIS 901 accreditation strategy, in line with regulatory requirements and business objectives
• Comprehensive structuring of the IT system and site mapping, including flows and architectures, serving as a foundation for security decisions
• Conducting risk analysis and formalizing risk scenarios
• Implementing an ISMS dashboard and a decision-oriented management system
• Building the ISMS documentation corpus (policies, procedures, standards)
• Defining structuring ISMS strategies: IT system urbanization, BCP/DRP, integrating security into projects, cyber awareness
• Deploying a security assurance plan and a cyber and security crisis management system

Resource & Third-Party Management
• Scoping and recruiting external service providers (defining needs, interviews, profile validation)
• Structuring supplier management: security questionnaires, assessments, security assurance plans

Executive Governance
• Active participation and presentation of arbitration and progress in Executive Committee and GRC/operational Committee meetings
• Supporting management decision-making on the prioritization of ISMS risks and actions

Scope & Organization
• On-premise industrial environment – ~500 users
• Managed team: 1 Head of Information Security, 1 Deputy Head of Information Security, 3 consultants

Technical Environment (Summary)
• On-premise infrastructure, VMware, Active Directory, Exchange
• EDR: Trellix | Monitoring & indicators: Power BI
Africa Global Logistic
GRC Manager
LOGISTICS AND SUPPLY CHAIN
October 2023 - February 2025 (1 year and 4 months)
Paris, France
Interim CISO – Cyber Governance & Risk – Africa Global Logistics (AGL, MSC Group) International environment – critical & multi-site scope
Interim Cyber Governance Lead mission to structure and manage the cybersecurity governance of an international group, in a context of maturity improvement, preparation for ISO 27001:2022, and transformation of GRC practices.
Governance & Compliance

Structuring and drafting the ISMS documentation corpus (policies, procedures, standards)

Implementing and managing a GRC dashboard focused on compliance monitoring and decision support

Preparation and support for ISO 27001:2022 certification

Facilitating the GRC committee and management review (preparing materials, presenting arbitration decisions)
Audit & Assurance

Managing the Statement of Applicability (SoA) control mapping

Supporting internal and ISO 27001 certification audits

Coordinating evidence provision and monitoring the remediation plan
Risk Management & Security Integration

Conducting risk analyses using the EGERIE tool

Integrating security into infrastructure, cloud, and development projects

Methodological support to the operational security team on governance aspects
Awareness & Security Culture

Designing and deploying the cybersecurity awareness program

Integrating security from onboarding

Raising awareness among development teams on best practices (OWASP Top 10) via Secure Code Warrior
Management & Coordination

Defining and monitoring security indicators (Power BI dashboards)

Contributing to RUN activities with a governance approach (access management, change security)
Scope & Organization

International Group – ~23,000 users

Functional coordination of a team composed of 1 Head of Information Security and ~10 consultants
Technical Environment (Summary)

SIEM: Splunk | Alert Management: TheHive
ISO27001 EGERIE Risk analysis Governance