Freelancer profile translated to English.

Description

Cybersecurity expert with over 8 years of experience in highly regulated environments, particularly banking. I specialize in risk management, governance, cloud security, and regulatory compliance. I have designed and maintained security frameworks covering controls, audits, and architecture reviews, and led DLP and IAM initiatives that reduced sensitive data exposure and excessive privileges. I also advise on vendor risks, incident response readiness, and produce security metrics for executive committees, working closely with legal, compliance, and technical teams, adhering to ISO 27001, GDPR, PCI DSS, and DORA standards.

My conviction: effective information security relies on a coherent architecture, designed for the long term to support, rather than constrain, the business.

Industry field of expertise

Languages

French
Native or bilingual
English
Native or bilingual

Workplace preferences

Can work on-site

Paris (up to 50km)

LCL
Senior Cyber Risk Consultant
BANKING AND INSURANCE
May 2023 - Today (3 years and 1 month)
Paris, France
As a Senior Cyber Risk Consultant within LCL's Cyber Risk team, I led and conducted risk analyses on numerous IT and business projects, defined and monitored the implementation of security measures (within the framework of DORA compliance as well as on topics related to PCI DSS and Cloud), while ensuring regular reporting to the CISO team.

Risk & Compliance:
• Drafting security deliverables, including risk analyses based on Mesari, public Cloud documentation, and business requirements
• Design and evolution of system security architectures, with oversight of architecture reviews as part of risk analyses
• Guiding technical security choices during the deployment of a new solution
• Contribution to the definition of remediation plans and security measures

Third-Party Risk Management, DORA & Regulatory Compliance:
• Implementation and strengthening of the TPRM (Third-Party Risk Management) program in alignment with ACPR requirements and the DORA regulation: outsourcing policies, reversibility, due diligence, SLAs, internal controls, risk appetite.
• Conducting risk analyses on ICT third parties: classification of third parties (risk, criticality, dependencies, business impacts).
• Conducting due diligence for IT vendors, Cloud providers, and critical subcontractors; assessing security maturity, resilience, DRP/BCP capabilities, access controls, encryption, and SOC through questionnaires.
• Executing gap analyses between existing practices and DORA ICT Risk Management requirements; contributing to the steering of DORA remediation activities and oversight of critical vendors.
• Updating and maintaining the DORA register / outsourcing register, preparing regulatory filings (impact analyses, annual reviews), and supporting internal/external/regulatory audits (ACPR).
BCP/DRP Reporting Risk Analysis Third Party Risk Management Cloud Security
Amer Sports
Senior Security Audit and Cyber Risk Consultant
RETAIL (SMALL BUSINESS)
May 2023 - May 2025 (2 years)
Annecy, France
Led ISO 27005 risk analyses, DLP operations, and vulnerability management, ensuring ISO 27001, GDPR, and PCI DSS compliance, reducing regulatory exposure by 30%, blocking over 20 exfiltration attempts, and increasing detection coverage to 95%.

Risk, Compliance, and Change Management:
• Performed 30+ ISO 27005 risk analyses and mapped 100% of customer data flows, reducing regulatory exposure by 30% and lateral movement risk by 50%.
• Simulated insider threat scenarios and extended DLP coverage by 25%, reducing data exfiltration risks.
• Managed architecture reviews and their evolution.

Third Party & Vulnerability Management:
• Monitored vendor remediation plans, coordinating with Security, IT Risk, Procurement, Legal, and Compliance teams; continuous monitoring of compliance, cyber alerts, incidents, and vendor performance.
• Built dashboards and key indicators (KRIs, KPIs) consolidating overall third-party risk exposure; participated in strengthening internal controls L1/L2/L3.
• Communicated findings, recommendations, and risk levels to internal stakeholders, including senior management, Legal, Compliance, and IT.

Data Loss Prevention (DLP):
Deployed and managed Purview and Varonis for 200+ users, automating detection to reduce review time by 50%, decrease false negatives by 35%, and block over 20 exfiltration attempts.

Cloud Security:
• Integrated cybersecurity requirements from the design phase of group-wide IT projects.
• Challenged and supported technical and business teams to ensure secure design choices.
• Designed secure Cloud architectures on Azure, produced HLD and DAT for security components.
ISO 27005 Change Management Risk Analysis Audit & Compliance: ITGC, SOX, HIPAA, PCI-DSS, GDPR, NIST 800-53, IRS, Basel III ISP
Société Générale Private Banking
Cybersecurity consultant
BANKING AND INSURANCE
February 2023 - April 2023 (2 months)
Genève, Switzerland
Compliance & Cross-Team Coordination:
• Collaborated with Legal, Compliance, HR, and business teams to align DLP and IAM controls with GDPR and FINMA Circulars.
• Drafted and implemented local procedures for data loss incidents, ensuring regulatory compliance and improved responsiveness.
• Raised awareness and supported key stakeholders on security best practices, enhancing overall vigilance against risks.

Operational Security & IAM:
• Strengthened IAM and RBAC controls in accordance with FINMA standards, reducing risks associated with excessive access.
• Conducted privileged access reviews with CyberArk, removed dormant accounts, and applied the principle of least privilege.
• Managed DLP and SIEM incidents, analyzed email traffic to detect leaks, and coordinated remediation of critical vulnerabilities.

Data Loss Prevention for Client Identifying Data (CID):
• Varonis for Unstructured Data Protection: Used Varonis to analyze and apply encryption to shared sensitive folders (HR & Finance), detecting over 100 overexposed files and ensuring 100% policy compliance.
• Forcepoint DLP: Deployed and fine-tuned Forcepoint DLP rules to secure PII (personally identifiable information), automated remediation, and managed 200+ incidents per month with a 50% reduction in manual review time.
• Symantec DLP & Fireglass (Web Isolation): Monitored email content and isolated malicious URLs, resolving 200+ monthly incidents and reducing phishing risks by 10% for over 100 users.

Vulnerability Analysis & Incident Management (RUN):
• Participated in incident response (phishing, DLP, web attacks), after confirmation and qualification via the LogRhythm SIEM.
DLP IAM Incident Management PAM

Check out Yen's experience

Be the first to recommend Yen

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Network Architecture and Information Systems Security.
Engineering School ESIGELEC
2018
Architecture des réseaux et Sécurité des systèmes d'information.
Baccalaureate
LIBERMANN
2013
Baccalauréat

Check out Yen's education

CISSP
ISC2
2026
Security Architecture and Engineering Asset Security Communication and Network Security Software Development Security Security and Risk Management Security Assessment and Testing Security Operations Identity and Access Management (IAM)

Cybersecurity Expert

Yen Tonzeu

CISSP Senior Cyber Risk and Audit Consultant

About Yen

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories