Freelancer profile translated to English.

Description

With 16 years of experience in cybersecurity, I am a recognized expert in cyber risk management and information system security. Specializing in the management and execution of information system security audits, penetration tests, and regulatory compliance, I have held CISO and cybersecurity manager positions in major banking, insurance, and telecommunications organizations. My expertise covers the entire information system security lifecycle, from conducting cyber risk analyses to cyber crisis management, including team training and awareness.

Multi-certified ISO 2700x, I have led highly significant missions in terms of content and duration, notably at:

CREDIT AGRICOLE SA, BNP PARIBAS, STET, LA MUTUELLE GENERALE, ORANGE (2011 to 2019)

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
German
Fluent
Spanish
Basic

Workplace preferences

Can work on-site

Paris (up to 50km)

LessonSharing
CYBERSECURITY TRAINER
January 2025 - Today (1 year and 5 months)
Train a diverse audience including students, companies, associations, etc. on various aspects of cybersecurity.
STET
INFORMATION SYSTEM SECURITY REFERENT
January 2024 - October 2024 (9 months)
Analyze the cyber needs of business projects and assess associated cyber risks to strengthen security in the application development lifecycle of the department.
Control the compliance of the department's applications with the security policy.
Draft the information system security roadmap for the department.
Implement and manage the security relays network within the development teams.
Draft and/or update hardening guides for middleware.
Within the framework of "Security by Design", ensure that security is considered in the solutions provided by the department as early as possible and throughout their lifecycle.
Within the CI/CD pipeline, ensure that all planned security tests have been performed and that discovered vulnerabilities have been corrected before the application goes into production.
Contribute to the implementation of the MCS process for solutions provided by the department.
Ensure awareness and training actions for the department's developers by ensuring that knowledge and application of best practices in secure development are taken into account and that security rules for development environments and software components are effective.
Train the department's developer community on "secure coding".
Define and update essential security tools for the business.
Implement operational security management and oversight for solutions provided by the department.
Contribute to the resolution of security incidents within the department's scope.
Security watch on the department's essential assets.
CREDIT-AGRICOLE-SA
CYBERSECURITY RUN MANAGER
January 2024 - November 2024 (10 months)
Vulnerabilities
 Evaluation and correction of critical application security flaws
 Periodically define objectives and needs
 Ensure the production of KPIs,
 Produce and disseminate vulnerability reporting to ICA operational teams and monitoring bodies,
 Provide expertise to ICA operational teams
 Manage the security relays network within ICA
 Work on raising awareness and training ICA teams on security aspects
Robustness
 Risk assessment and compliance
 Security sheets: Assist application referents in maintaining their security sheets and implementing improvements
 Information System Unavailability Tests (ILSI): Monitor, centralize, and report on ILSI test progress
 IT Disaster Recovery Plan (PSI) Tests: Validate application scopes, list testers, coordinate tests (intervention on weekends twice a year), and report results

Governance
 Prepare and lead ICA security meetings
 Contribute to and participate in Security Run Quality Committees.
 Provide KPIs for the Monthly Management Committee
 Participate in other security monitoring meetings

Cybersecurity Crisis Management
 Participate in technical committees, coordinate actions within ICA and/or with CAGIP, manage communication in relation to the incident manager and in compliance with procedures.

Risk Mapping, Recommendation, and Permanent Control
 Participate in the review of risk mapping and associated action plans
 Monitor the smooth execution of action plans related to their activity