About Ulrich
French
Native or bilingual
English
Fluent
Experience
- ENGIETransversal Cyber Security AnalystENERGY AND UTILITIESApril 2026 - Today (4 months)La Garenne-Colombes, FranceWithin ENGIE, the S&EM (Supply & Energy Management) Global Business Unit, responsible for energy supply management, market operations, and international energy flow optimization, is structured around 4 teams: Architecture, DevOps Infrastructure, DB Administration, and the Transversal Risk Management team to which I am attached. This team is responsible for Cyber risk management in compliance with ENGIE Group's security doctrine. Faced with the high fragmentation of the B2B application landscape, the strategic BeeStone program was established to rationalize this application ecosystem. BeeStone covers 4 centers of expertise (Finance, Operations, Sales, Supply Portfolio Management) across 12 countries, building on GEMStone, a program initiated to harmonize energy risk management tools.
- AXA France GIEISP Project ManagerBANKING AND INSURANCEApril 2023 - April 2026 (3 years)Paris, FranceContextGIE AXA, the global headquarters of the AXA Group, works autonomously with the AXA Group's IT department on security implementation projects. Within GIE AXA, the security department comprises 4 areas: ISMS, BCM, CISO, and ISP. The ISP area, to which I belong, is responsible for maintaining the scope of AXA's applications and systems at an adequate level in compliance with Group standards for information security. My scope of action is primarily (but not exclusively) focused on security projects led by the HR, Com & Media departments, as well as on the security evaluation of suppliers and the review of security clauses in various contracts with suppliers.Responsibilities➢ Local Opinion• Due Diligence on applications shared with other departments and contextualization of data and risks for GIE AXA business• Security scoping and identification of DICP security criteria• Development of appropriate security measures• Residual risk assessment (frequency + impacts) & proposal of a treatment plan• Presentation to the CSO for validation at the LIRC (Local Information Risk Committee)➢ Vendor Security Due Diligence• RFI and RFP for security opinion• Security scoping to determine the vendor's DICP criticality• Supplier risk assessment and action plan proposals• Review of security clauses in contracts with suppliers➢ Cloud & API:• Participation in the security mitigation project for Core IT applications.• Development of API security measures based onTechnical and functional environment• Sylva, Confluence, and Microsoft 365Standards and methods• ISO/IEC 27002 information security requirements• ISO/IEC 27005 Risk Manager & EBIOS Risk Manager• Cloud Security Standards – CSA, Salt Security best practices & OWASP API Security Top 10
- Natixis Corporate & Investment BankingAssistant CISO & Risk ManagerBANKING AND INSURANCEJune 2021 - February 2023 (1 year and 9 months)Charenton-le-Pont, FranceContext:Natixis CIB defined a Group Information Security Policy that needed to be deployed within various entities and subsidiaries (such as Ostrum Asset Management, part of the Asset Management branch of the Financial Services division). Due to a reorganization, it was decided to evolve cybersecurity practices between the Group and its subsidiaries, leading to discrepancies between the new Information Security Policy and field practices. In direct contact with the CISO and Process Owners, my role was notably to harmonize practices and raise awareness about cybersecurity best practices.Responsibilities➢ Risks and continuity:• Creation, review, and update of Business Impacts for each asset➢ Security integration in projects:• Initiation of an ESP (Project Security Eligibility) to define the DICP• Review of the ESP questionnaire and challenging the business (Project Manager)• Definition of security requirements with the CISO (ISO 27002)• Monitoring of action plans resulting from security requirements with the PM• Go/No Go for application go-live➢ Performance and publication of technical and organizational controls (quarterly, semi-annually, annually) LoD2: Business continuity, IAM, Governance, Backups & Archiving, Development & Projects, IT Operations➢ Penetration testing & vulnerability testing:• Monitoring the feedback from auditors/pentesters• Facilitating follow-up committees for detected vulnerability remediation➢ Compliance:• Reporting inconsistencies for remediation to the process owner and the Archer GRC tool support• Monitoring remediation plans until closure with supporting evidence• Use of the Archer GRC tool for Dashboard productionTechnical and functional environment• Archer GRC• Cockpit & THORStandards and methods• ISO/IEC 27002 information security requirements• ISO/IEC 27005 Risk Manager & EBIOS Risk Manager
Recommendations
Be the first to recommend Ulrich
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Specialized Master in Global Risk ManagementKedge Business School2018Mastère Spécialisé Gestion Globale des Risques
- Master of Risk ManagementUniversité Paris La Défense2017Master II Management des Risques
Certifications
- ISO/IEC 27001 Lead ImplementerPECB2021
- ISO/IEC 27005 Risk ManagerPECB2021