Antoine B.

• Cybersecurity:

Support to digital product teams in IT security, safety, and personal data protection

Integration of cybersecurity requirements into IT projects in line with business and regulatory constraints

• Cybersecurity risk analysis:

Led and facilitated EBIOS RM risk analyses

Definition of appropriate security measures and advisory support to architects and project managers

Supervision of compliance controls and maintenance of an up-to-date risk and action plan view

• Governance:

Coordination and facilitation of the Security Champions network within product teams

Contribution to the cybersecurity strategy

Participation in the evolution of cybersecurity frameworks and definition of technical requirements

Participation in cyber crisis management and IT operations continuity

• Project Management: Designed cybersecurity solutions (security architectures, additional controls) tailored to the railway sector. Drafted and updated technical procedures and reports to ensure continuous tracking of security requirements throughout the development lifecycle.

• Risk Management: Assessed cybersecurity risks using the EBIOS RM methodology to identify, analyze, and prioritize threats specific to the railway environment. Conducted cybersecurity assessments and contributed to compliance audits with relevant standards (e.g., IEC 62443).

• Third-Party Management: Managed cybersecurity interactions with third parties by establishing a compliance framework based on applicable standards. Ensured alignment of partners and suppliers with project security requirements.

•Managerial: Provided close team management by supervising and supporting around ten consultants assigned to client projects. Prepared and led steering committees with the client and the Service Delivery Manager.

•Firewall: Implemented and reviewed firewall rules, ensuring the pertinence and effectiveness of submitted and existing rules, while federating efforts across 20+ teams for consistent security practices.

•Security Policy (ISMS): Constructed and documented the audit process and component of the global security policy, ensuring rigorous compliance and security standards for all connected entities (20+).

•Domain names: Led securitization of a large domain portfolio (16.000+), configuring SPF, DKIM, and DMARC for all domains, reducing phishing and email fraud incidents.