You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Xavier CessacXC

Xavier Cessac

Information Systems Security Officer

€850/day
Paris, FR
15+ years
Cybersecurity
Cybersecurity Governance
ISO 27001
CISSP
CCSP

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Xavier

Transition CISO & Cybersecurity Expert | CISSP, CCSP & ISO 27001 Lead Auditor

With over 20 years of experience in information systems security, I help companies structure, maintain, and manage their cyber strategy during transition periods.

Having held positions as Head of Operational Security (Groupe La Poste) and CISO (SAFRAN, EPSA), and previously working in more technical roles (auditor/pentester), I possess both a strategic and highly operational vision. I work to ensure the continuity of your governance, manage crises, lead your critical projects, or support your organization towards certification, guaranteeing perfect alignment with your business objectives.

My key areas of intervention as a transition CISO:
  • Leadership & Governance: Rapid takeover of the role, definition of security policies (PSSI), and operational implementation of strategic directives.
  • Compliance & Risk Management: Implementation of security management systems, guidance towards ISO 27001 certification, and risk analysis.
  • Operational Security (SecOps): Supervision and implementation of SOC/SIEM, vulnerability management leadership, and security event and incident management.
  • Cyber Culture: Facilitation of awareness campaigns (training, phishing tests).

Professional certifications:
  • CISSP, CCSP (ISC2 Member ID: 634197)
  • ISO 27001 Lead Auditor
  • EBIOS RM
  • Leading SAFe & ITIL Foundation

Rigorous, communicative, and accustomed to demanding environments, I secure your IT assets while facilitating your business processes.

  • English

    Native or bilingual

Can work on-site
Paris (up to 50km)

Experience

  • EPSA
    Deputy Information Systems Security Officer
    September 2024 - Today (1 year and 9 months)
    Paris, France
    • • Implementation of the standard and obtaining ISO 27001 certification for the group's IT scope
    • • Implementation of a managed SOC and management of alerts and developments
    • • Implementation of vulnerability management (detection, qualification, remediation, control)
    • • Management of penetration tests and audits performed by external providers
    • • Security awareness sessions (training, phishing tests, etc.)
    • • Security watch management (CERT bulletins, OSINT, CTI)
    ISO 27001 security-awareness-training Cybersecurity Governance grc Microsoft Azure
  • Groupe La Poste BGPN
    Head of Operational Security
    June 2022 - June 2024 (2 years)
    Paris, France
    • • Implementation and obtaining ISO 27001 certification for the department's scope
    • • Implementation of a SIEM for the branch (technical choices and scenario definition)
    • • Integration and exploitation of postal network security elements (EDR, EPP, MTD)
    • • Implementation of vulnerability management (detection, qualification, remediation, control)
    • • Implementation and exploitation of identity management (IAM)
    • • Security awareness sessions (training, phishing tests, etc.)
    • • Implementation of the scaled agile methodology SAFe for the department's scope
    • • Operational (tactical) implementation of group security directives (strategic)
    • • Security watch management (CERT bulletins, Cybelangel, OSINT, CTI)
    ISO 27001 security-awareness-training Security Incident Management Vulnerability Management IAM
  • SAFRAN
    Information Systems Security Officer
    April 2016 - June 2022 (6 years and 2 months)
    • • Awareness of cyber risks and implementation of risk reduction measures
    • • Performing EBIOS RM risk analyses within the framework of business projects.
    • • Participation and validation of security architecture committees
    • • Performing security audits on sensitive infrastructure components
    • • Creation and review of IS security KPIs
    • • Creation and updating of security repositories used within the group
    • • Work and remediation concerning applicable regulations within the scope
    • • Maintenance of a map of the area of responsibility
    • • Participation in security conferences (Les Assises 2020)
    CISO Cybersecurity Governance Risk Analysis Cybersecurity Awareness GRC
Check out Xavier's experience

Recommendations

Be the first to recommend Xavier

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master's Degree in Information Systems and Network Security
    Télécom Paris (ENST)
    2004
    Mastère Sécurité des Systèmes d'Information et des Réseaux
  • DESS in Networks and Distributed Systems
    Pierre and Marie Curie University
    2003
    DESS Réseau et Systèmes Distribués
Check out Xavier's education

Skill set

Security Awareness Training
GRC (Governance, Risk and Compliance)
Risk and Vulnerability Assessment
Least Privilege Principles

Categories