About Thomas
English
Fluent
French
Native or bilingual
Spanish
Fluent
Experience
- CMA CGMSecurity Architect - GRC ConsultantLOGISTICS AND SUPPLY CHAINJuly 2020 - April 2026 (5 years and 9 months)Cyber Risk Team Leader and ISO 27001 GRC ExpertRisks• Creation and implementation of the cyber risk management strategy from scratch, with risk monitoring at Group, business unit, and project levels.• Presentation of cyber risks to Management Committees, Business VPs, and CISOs to prioritize security investments and projects.• Management and training of a team of 8 GRC analysts, harmonizing practices and improving the quality of assessments.• Performance of 100+ risk assessments on applications, infrastructures, OT systems, AI solutions, Cloud services (SaaS, Azure, and AWS hyperscalers), and third parties (TPRM).Compliance• Maintenance of ISO 27001 certification for 5 consecutive years as a referent expert, enabling the acquisition of new clients.• Assistance in implementing the NIS2 directive with the evaluation of information systems based on ANSSI's OSE guides.• Assistance in implementing Part-IS for AirCargo, and performance of risk assessments on 20+ Boeing, Airbus & other SaaS applications for air operations management.• Performance of security audits based on NIST CSF and NIST SP 800-171 for CMMC certification.
- Hervé Schauer Sécurité (HS2)Information Security TrainerEDUCATION AND E-LEARNINGJanuary 2012 - Today (14 years and 7 months)Paris, FranceTraining of over 900 professionals on:• ISO 27005 Risk Manager• ISO 27001 Lead Implementer• ISO 27001 Lead Auditor• EBIOS Risk Manager• CISO Training
- Société GénéralePublic Cloud Security ConsultantBANKING AND INSURANCEDecember 2019 - July 2020 (7 months)Paris, France• Creation of the Cloud security risk management framework integrated with Agile practices (Scrum), to improve security integration in projects, in collaboration with DevOps and Cloud architects.• Performance of 15 security risk analyses on AWS and Azure infrastructure foundations and presentation to management to build trust with business units: logs management, OS patching, Internet Proxy and Reverse Proxy services, network interconnection between Public Cloud and internal IT systems, security controls monitoring and automation, security incident detection (AWS Guard Duty & Security Hub, Azure Sentinel).• Formalization of risk assessments and definition of action plans for DevOps.
Recommendations
Be the first to recommend Thomas
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- BTS Network AdministratorLycée Chaptal - Quimper2005
- Master in Management of Information Systems and Industrial Systems SecurityIRIAF - University of Poitiers2008