Freelancer profile translated to English.

Description

Solid experience in DORA/NIS2 compliance, IT risk management, and program management in international financial organizations. Former CISO. Expertise in TPRM, information register (ROI), risk analysis (EBIOS RM, ISO 27005), and cross-functional stakeholder coordination.

Industry field of expertise

Languages

French
Native or bilingual
English
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

prevaia
Cybersecurity Consultant
BANKING AND INSURANCE
July 2024 - Today (1 year and 11 months)
Paris, France
• Functional specification of compliance modules (NIS2, DORA, ISO 27001) in conjunction with technical teams (DevOps, data scientists, and developers)
• Definition of the third-party risk management (TPRM) methodology: scoring based on operational security criteria (vulnerability management, SOC, BCP), criticality, and questionnaires
• Client support for DORA/NIS2 compliance: gap analysis, remediation tracking
• Relay client feedback to the product team: prioritization of developments, tracking of fixes and improvements
• Production of operational documentation: guides, procedures, and training materials
TPRM DORA Compliance DevOps NIS2
Stellantis Finance & Services
Cybersecurity Consultant
BANKING AND INSURANCE
April 2023 - June 2024 (1 year and 2 months)
Poissy, France
• Management of the third-party risk (TPRM) security program, deployment across 12 countries
• Benchmark, selection, and integration of the TPRM SaaS solution: testing, corrective feedback, and functional enhancements
• Risk analysis, prioritization, and remediation plans for critical ICT providers
• Multi-country coordination and change management: Cyber/CISO, Procurement, Legal, Compliance, and Business units
• Writing security standards: runbooks, operational procedures, governance (RACI)
• Facilitation of steering committees and reporting to CISOs/EXCOM
Cross-functional Coordination TPRM SaaS Deployment Procedure Writing Reporting
Arval - BNP Group
Tribe Security Officer
BANKING AND INSURANCE
February 2022 - April 2023 (1 year and 2 months)
Rueil-Malmaison, France
• Operational liaison for the CISO: interface between project teams and the security department.
• Identification and monitoring of infrastructure and application vulnerabilities, coordination of pentests, and remediation validation
• DevSecOps/SSDLC: code reviews, vulnerability scans, CI/CD pipelines
• Security by Design in projects & applications: definition of requirements and monitoring of remediation plans
• Risk analyses EBIOS & ISO27005: impact assessment, threat scenarios, and treatment plans
SSDLC Risk Analysis CI/CD Assistant CISO Integration of Security in Projects