Freelancer profile translated to English.

Description

I am a freelance cybersecurity & GRC consultant, specializing in supporting VSEs/SMEs, ETIs, and IT/SaaS players who need to structure their security in a concrete and immediately actionable way.

My role: clarify your risks, your rules, and your priorities so that cybersecurity becomes a managed subject, presentable to your management and your clients (audits, questionnaires, ISO 27001, NIS2, GDPR...).

What I do concretely for you

Cybersecurity diagnosis and risk analysis: inventory, risk mapping, prioritized 90-day action plan + 12-month outlook.

Governance and documentation: PSSI, charters, policies, registers... short, readable documents, aligned with your actual practices.

ISO 27001 / NIS2 Compliance: gap analysis, realistic roadmap, risk treatment plan, materials for management and clients, support for compliance with applicable standards.

Cybersecurity awareness program: definition of a 6-12 month awareness plan and launch session to engage your teams.

My added value

Operational deliverables from day one: action plans, risk matrices, management summaries, and reusable templates for your teams.

Very pragmatic approach: few meetings, I work autonomously and you receive clear results, ready to be used in committees, audits, or with your clients.

Dual technical + GRC culture: I understand your IT constraints and I speak the language of management.

Field experience + Cybersecurity Master's degree, certified ISO 27001 Lead Auditor and EBIOS RM.

📍 Based in France, I work 100% remotely for short and targeted missions, with a simple objective:

to give you a clear vision of your security level and an immediately actionable action plan.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

Devoteam
GRC Cybersecurity Consultant
DIGITAL AND IT
September 2025 - December 2025 (3 months)
Toulouse, France
Participation in the development of an AI-assisted compliance engine: NLP analysis of documents, study and experimentation of SLM/LLM to accelerate compliance assessment (policies, contracts, client requirements).

Assessment of organizations' compliance level (security, GDPR, internal frameworks) and formulation of concrete remediation recommendations, in conjunction with legal, GRC, and technical teams.
Contribution to IS governance initiatives: EBIOS RM and ISO 27005 projects and training (risk analysis, security measures, treatment plans).

Work on data protection and leak prevention (DLP): self-training, risk identification, proposals for organizational and technical measures.
EBIOS RM DLP Regulatory Compliance Risk Analysis ISO 27005
SPIE ICS
Cybersecurity Architect
CONSULTING AND AUDITS
December 2024 - September 2025 (9 months)
Toulouse, France
Design and implementation of security architectures for public and private clients: network segmentation, filtering, VPN, monitoring, system hardening.

ISO 27001 compliance: drafting of PSSI, audit reports, risk analyses, and action plans to structure IS governance and prioritize measures to be deployed.
Production of detailed architecture files, integration guides, and test reports for security solutions (firewalls, IAM/PAM, SIEM, log collection...).

Leading client presentations: responses to tenders, technical defenses, reports to management and steering committees.
Support for technical teams in the deployment and operation of implemented solutions, with skills transfer.

Environment: firewalls & VPN, IAM/PAM, SIEM / ELK, Active Directory, network and server infrastructures.
Cybersecurity Architecture IS Governance Action Plan IT Security Risk Analysis
SPIE ICS
Networks and Security Expert
TELECOMMUNICATIONS
September 2023 - December 2024 (1 year and 3 months)
Toulouse, France
Complete integration of network & security solutions for public and private clients: Fortinet firewalls, VPN, segmentation, filtering, high availability.

Implementation of monitoring and detection platforms: Wazuh, ELK stack (Elasticsearch, Logstash, Kibana), collection and correlation of security logs.
Drafting of integration procedures, operation guides, and test reports to secure deployments and facilitate adoption by client teams.

Conducting technical presentations (workshops, committees, short training sessions) and support documentation for IT teams and decision-makers.
Support for operational teams during production deployment and incident resolution related to network/security infrastructures.
Network Administration SIEM IT Infrastructure Security Policy IT Security

Check out Tiphael's experience

Be the first to recommend Tiphael

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master Expert in Cybersecurity and IT Security
EPSI
2025
Gouvernance, gestion des risques, cybersécurité technique, pentest, gestion de projet, présentations clients
Bachelor in Network Systems and Database Administration (ASRBD)
EPSI
2023
Informatique, réseaux, sécurité, systèmes (linux, windows), bases de données, développement informatique

ISO 27001 - Lead Auditor
GASQ
2025
https://app.skillsclub.com/credential/170510-66471ce1ea9ac526919222b1a6c345e76d9e83f07bbf08d525543480ace7358d?locale=en
Regulatory Compliance Audit Techniques ISO 27001 ISO 27001 Lead Auditor Managerial Posture
EBIOS RM - MOOC
Club EBIOS
2025
EBIOS RM

Tiphael's certifications are only visible to Malt Community members

IT consultant

Cybersecurity Expert

Tiphael Flak

GRC Cybersecurity Consultant

About Tiphael

What I do concretely for you

My added value

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories