You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Thomas Le PoëtvinTL

Thomas Le Poëtvin

RSSI - Security Consultant | GRC ISO 27001, 27005, NIS2

€650/day
Lorient, FR
15+ years

Average response time: 2 hours

Freelancer profile translated to English.
Back to original language

About Thomas

I support CISOs and management in defining their cybersecurity strategy and managing their risks.

GRC cybersecurity consultant with 18 years of experience, I act as a CISO advisor or outsourced CISO for organizations seeking senior expertise to prioritize their security investments, reduce their risk exposure, and meet their regulatory requirements.

🎯I intervene particularly when organizations wish to:
→ structure or evolve their cybersecurity program
→ have a clear view of their risks
→ prepare for certification (ISO 27001, HDS, PCI DSS) or comply with regulatory requirements (NIS 2)
→ support decision-making at management level

🛡️ 𝐂𝐎𝐌𝐌𝐄 𝐈 𝐒𝐔𝐏𝐏𝐎𝐑𝐓 𝐎𝐑𝐆𝐀𝐍𝐈𝐙𝐀𝐓𝐈𝐎𝐍𝐒
• Definition of cybersecurity strategies and roadmaps aligned with business challenges
• Design and implementation of ISO 27001 ISMS (up to certification)
• Security risk management (ISO 27005, EBIOS RM, FAIR)
• Third-party risk management (TPRM)
• Regulatory compliance (NIS 2, HDS, Part-IS, PCI DSS)
• Security audits against ISO 27002, NIST CSF, ANSSI NIS OSE Hygiene and essential services guide.
• Outsourced CISO / strategic cybersecurity consulting

I am a certified trainer, with over 900 professionals trained on ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005, and EBIOS Risk Manager.

📩 Available for consulting, support, and outsourced CISO missions
  • English

    Fluent

  • French

    Native or bilingual

  • Spanish

    Fluent

Remote only
Primarily works remotely

Experience

  • CMA CGM
    Security Architect - GRC Consultant
    LOGISTICS AND SUPPLY CHAIN
    July 2020 - April 2026 (5 years and 9 months)
    Cyber Risk Team Leader and ISO 27001 GRC Expert

    Risks
    • Creation and implementation of the cyber risk management strategy from scratch, with risk monitoring at Group, business unit, and project levels.
    • Presentation of cyber risks to Management Committees, Business VPs, and CISOs to prioritize security investments and projects.
    • Management and training of a team of 8 GRC analysts, harmonizing practices and improving the quality of assessments.
    • Performance of 100+ risk assessments on applications, infrastructures, OT systems, AI solutions, Cloud services (SaaS, Azure, and AWS hyperscalers), and third parties (TPRM).

    Compliance
    • Maintenance of ISO 27001 certification for 5 consecutive years as a referent expert, enabling the acquisition of new clients.
    • Assistance in implementing the NIS2 directive with the evaluation of information systems based on ANSSI's OSE guides.
    • Assistance in implementing Part-IS for AirCargo, and performance of risk assessments on 20+ Boeing, Airbus & other SaaS applications for air operations management.
    • Performance of security audits based on NIST CSF and NIST SP 800-171 for CMMC certification.
    EBIOS ISO 27005 NIS2 TPRM GRC
  • Hervé Schauer Sécurité (HS2)
    Information Security Trainer
    EDUCATION AND E-LEARNING
    January 2012 - Today (14 years and 7 months)
    Paris, France
    Training of over 900 professionals on:
    • ISO 27005 Risk Manager
    • ISO 27001 Lead Implementer
    • ISO 27001 Lead Auditor
    • EBIOS Risk Manager
    • CISO Training
    ISO 27005 EBIOS RM ISO 27001 CISO GRC
  • Société Générale
    Public Cloud Security Consultant
    BANKING AND INSURANCE
    December 2019 - July 2020 (7 months)
    Paris, France
    • Creation of the Cloud security risk management framework integrated with Agile practices (Scrum), to improve security integration in projects, in collaboration with DevOps and Cloud architects.
    • Performance of 15 security risk analyses on AWS and Azure infrastructure foundations and presentation to management to build trust with business units: logs management, OS patching, Internet Proxy and Reverse Proxy services, network interconnection between Public Cloud and internal IT systems, security controls monitoring and automation, security incident detection (AWS Guard Duty & Security Hub, Azure Sentinel).
    • Formalization of risk assessments and definition of action plans for DevOps.
    Microsoft Azure Risk Analysis EBIOS RM ISO 27005 AWS

Recommendations

Be the first to recommend Thomas

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • BTS Network Administrator
    Lycée Chaptal - Quimper
    2005
  • Master in Management of Information Systems and Industrial Systems Security
    IRIAF - University of Poitiers
    2008

Certifications

Skill set

Categories