You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Ulrich KamdemUK

Ulrich Kamdem

Cybersecurity Consultant - GRC

€778/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Ulrich

Governance, Risk, and Compliance cybersecurity consultant with a solid experience of nearly 5 years. Proactive on major topics: ISP, Level 2 compliance monitoring, business continuity and crisis management, vulnerability and issue management, supplier risk analysis, and management of supplier contract security clauses. I possess strong analytical and synthesis skills, and above all, a strong team spirit.
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • ENGIE
    Transversal Cyber Security Analyst
    ENERGY AND UTILITIES
    April 2026 - Today (4 months)
    La Garenne-Colombes, France
    Within ENGIE, the S&EM (Supply & Energy Management) Global Business Unit, responsible for energy supply management, market operations, and international energy flow optimization, is structured around 4 teams: Architecture, DevOps Infrastructure, DB Administration, and the Transversal Risk Management team to which I am attached. This team is responsible for Cyber risk management in compliance with ENGIE Group's security doctrine. Faced with the high fragmentation of the B2B application landscape, the strategic BeeStone program was established to rationalize this application ecosystem. BeeStone covers 4 centers of expertise (Finance, Operations, Sales, Supply Portfolio Management) across 12 countries, building on GEMStone, a program initiated to harmonize energy risk management tools.
    Risk Analysis Supplier Cybersecurity Maturity Analysis ISO 27002 ISO 27001 RFI/RFP
  • AXA France GIE
    ISP Project Manager
    BANKING AND INSURANCE
    April 2023 - April 2026 (3 years)
    Paris, France
    Context

    GIE AXA, the global headquarters of the AXA Group, works autonomously with the AXA Group's IT department on security implementation projects. Within GIE AXA, the security department comprises 4 areas: ISMS, BCM, CISO, and ISP. The ISP area, to which I belong, is responsible for maintaining the scope of AXA's applications and systems at an adequate level in compliance with Group standards for information security. My scope of action is primarily (but not exclusively) focused on security projects led by the HR, Com & Media departments, as well as on the security evaluation of suppliers and the review of security clauses in various contracts with suppliers.

    Responsibilities
    ➢ Local Opinion
    • Due Diligence on applications shared with other departments and contextualization of data and risks for GIE AXA business
    • Security scoping and identification of DICP security criteria
    • Development of appropriate security measures
    • Residual risk assessment (frequency + impacts) & proposal of a treatment plan
    • Presentation to the CSO for validation at the LIRC (Local Information Risk Committee)
    ➢ Vendor Security Due Diligence
    • RFI and RFP for security opinion
    • Security scoping to determine the vendor's DICP criticality
    • Supplier risk assessment and action plan proposals
    • Review of security clauses in contracts with suppliers

    ➢ Cloud & API:
    • Participation in the security mitigation project for Core IT applications.
    • Development of API security measures based on

    Technical and functional environment
    • Sylva, Confluence, and Microsoft 365

    Standards and methods
    • ISO/IEC 27002 information security requirements
    • ISO/IEC 27005 Risk Manager & EBIOS Risk Manager
    • Cloud Security Standards – CSA, Salt Security best practices & OWASP API Security Top 10
    Risk Analysis GRC Supplier Contract Management Supplier Contract Security Clause Management Supplier Cybersecurity Maturity Analysis
  • Natixis Corporate & Investment Banking
    Assistant CISO & Risk Manager
    BANKING AND INSURANCE
    June 2021 - February 2023 (1 year and 9 months)
    Charenton-le-Pont, France
    Context:
    Natixis CIB defined a Group Information Security Policy that needed to be deployed within various entities and subsidiaries (such as Ostrum Asset Management, part of the Asset Management branch of the Financial Services division). Due to a reorganization, it was decided to evolve cybersecurity practices between the Group and its subsidiaries, leading to discrepancies between the new Information Security Policy and field practices. In direct contact with the CISO and Process Owners, my role was notably to harmonize practices and raise awareness about cybersecurity best practices.

    Responsibilities
    ➢ Risks and continuity:
    • Creation, review, and update of Business Impacts for each asset
    ➢ Security integration in projects:
    • Initiation of an ESP (Project Security Eligibility) to define the DICP
    • Review of the ESP questionnaire and challenging the business (Project Manager)
    • Definition of security requirements with the CISO (ISO 27002)
    • Monitoring of action plans resulting from security requirements with the PM
    • Go/No Go for application go-live
    ➢ Performance and publication of technical and organizational controls (quarterly, semi-annually, annually) LoD2: Business continuity, IAM, Governance, Backups & Archiving, Development & Projects, IT Operations
    ➢ Penetration testing & vulnerability testing:
    • Monitoring the feedback from auditors/pentesters
    • Facilitating follow-up committees for detected vulnerability remediation
    ➢ Compliance:
    • Reporting inconsistencies for remediation to the process owner and the Archer GRC tool support
    • Monitoring remediation plans until closure with supporting evidence
    • Use of the Archer GRC tool for Dashboard production

    Technical and functional environment
    • Archer GRC
    • Cockpit & THOR

    Standards and methods
    • ISO/IEC 27002 information security requirements
    • ISO/IEC 27005 Risk Manager & EBIOS Risk Manager
    Internal Controls Security Integration in Projects Vulnerability Management GRC Risk Analysis

Recommendations

Be the first to recommend Ulrich

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Specialized Master in Global Risk Management
    Kedge Business School
    2018
    Mastère Spécialisé Gestion Globale des Risques
  • Master of Risk Management
    Université Paris La Défense
    2017
    Master II Management des Risques

Certifications

  • ISO/IEC 27001 Lead Implementer
    PECB
    2021
  • ISO/IEC 27005 Risk Manager
    PECB
    2021

Skill set

Categories