Vyrhak Sath

Development, update, and review of security profiles for approximately 50 assets. This mission includes analyzing the application context, assessing confidentiality, integrity, and availability (CIA) criteria, verifying compliance with current security policies and measures, and interpreting IT architecture diagrams to validate their robustness.

Conducting in-depth security analyses on assets involved in corporate and international projects, considering the operational context, potential threats, identified vulnerabilities, and specific security requirements for each system. These analyses include a detailed review of technical architectures to detect potential security flaws or inconsistencies.

Analysis and risk management based on asset security profiles: creation and tracking of risk records in ServiceNow (SNOW), with detailed descriptions, assessment of likelihood and impact, justification of acceptance or mitigation strategy, and monitoring of the treatment plan.

Validation of the security framework through compliance and implementation audits, aimed at verifying the effective application of technical and organizational security measures, supported by the analysis of supporting evidence and associated deliverables.

Risk Management: conducting risk analyses and managing associated treatment plans, ensuring the control and monitoring of information security risks.

Security Project Management

Managed a portfolio of approximately 20 security and compliance projects per month, including internal initiatives (deployment of Wallix bastion for administrators, Windows and Linux version upgrades) and external projects (secure integration of SaaS solutions, implementation of secure data exchange flows).

Security Integration in Projects

Reviewed and validated project security deliverables, including penetration test reports, code reviews, and vulnerability scans (infrastructure and web applications), to ensure compliance with Group policies and standards.

Security Governance and Alignment

Ensured consistency between Group security frameworks and project operational requirements.

Conducted reviews and validated architecture diagrams and data flow matrices to verify their compliance and robustness.

Penetration Test Coordination

Planned and supervised penetration testing campaigns with the Group's testing team.

Regularly monitored remediation actions through bi-weekly or monthly follow-up committees, until complete correction of identified vulnerabilities.

Risk Management

Performed risk analyses using the EBIOS 2010 method, developed and monitored information-related risk treatment plans, with regular operational follow-up until their effective closure.

Third-Party Cybersecurity Assessment

Analyzed and validated Security Assurance Plans (PAS) from external partners, assessing their cyber maturity level and providing recommendations for improvement.

Documentation and ISMS Management

Supervised and updated security documentation, including the inventory, formalization, and standardization of IT security procedures and processes within the framework of the Information Security Management System (ISMS).