You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Franck GafsouFG

Franck Gafsou

Cybersecurity and Risk Management Expert

500 €/jour
Paris, FR
15 ans et +

Délai de réponse moyen : 1h

À propos de Franck

Highly qualified GRC Expert with years of experience, Franck is a detail-driven professional focused on maximizing security projects’ performance. Through his journey within consulting companies, he gained valuable expertise in people, processes and technologies management. In addition, he is super savvy in designing and implementing security/privacy frameworks and certifications such as ISO, PCI-DSS, NIST CSF, GDPR, CCPA and Public Cloud security.
  • Anglais

    Bilingue ou natif

  • Français

    Bilingue ou natif

En télétravail uniquement
Travaille majoritairement à distance

Expériences

  • Financial Institution
    Cybersecurity and Risk Management expert
    BANQUE & ASSURANCES
    janvier 2022 - Aujourd'hui (4 ans et 7 mois)
    Paris, France
    ● Reporting to the CISO and accountable for providing oversight of the GRC task area and ensure effective management, collaboration, and coordination of several key cybersecurity support areas including the following:
    ○ Performing Internal Security Audits (User Access Reviews and compliance with Policies)
    ○ Managing the IT and Cyber security risk register, controls, gaps, remediation and reporting.
    ○ Developed and maintained KPIs/OKRs to measure security maturity and compliance effectiveness
    ○ Leading yearly certifications (ISO 27001/27017/27018/22301, SOC 2) and risk assessment (NIST CSF)
    ○ Collaborating with the Product team to embed security and privacy by design principles, performing threat modeling
    ○ Co-managing the suppliers security program
    ○ Defining the Business Continuity (including BIA) and Disaster Recovery Plans and leading BC and DR drills
    ○ AI Security gap assessment, using ISO 42001 framework
    ○ Insider threat program definition (user risk dashboard, escalation procedures)
    ○ Acted as GRC point of contact for internal and external stakeholders, supporting due diligence and RFPs
    artificial intelligence Cybersecurity Business continuity Disaster recovery Risk Management
  • AT&T
    Security architect lead, AT&T R&D center
    TÉLÉCOMMUNICATIONS
    novembre 2020 - décembre 2021 (1 an et 1 mois)
    • Acted as a cybersecurity focal point across different teams (architects, development team leaders, product managers)
    • Developed and rolled out Application security process (SSDLC) aligned with Agile best practices
    • Involved in PCI-DSS compliance efforts
    • Managed PoC (Proof of Concept) on API security
    • Conducting Risk assessment and Threat modeling along the product lifecycle
  • Deloitte
    Security project lead
    AGENCE & SSII
    janvier 2016 - janvier 2020 (4 ans)
    Acted as trusted advisor (CISO as a Service) to clients in highly regulated industries (pharma, automotive, financial):
    ● NIST-based cloud Security and PCI-DSS gap assessment of an AWS-based marketing and advertising platform
    ● Lead table-top exercise featuring insider threat and malware spreading scenarios
    ● Product risk assessment and threat modeling, highly-regulated IT and OT environments
    ● Security/Privacy gap analysis and remediation plan
    ● Cyber security strategy assessment, IT and OT environments
    ● Designed a Privacy by design roadmap

Recommandations

Soyez le premier à recommander Franck

Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.

Ces profils de freelance correspondent également à vos critères

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Formations

  • Master of Computer Sciences
    (ESIEA School
    Master of Computer Sciences
  • CISM (Certified Information Security Manager)
    CISM (Certified Information Security Manager)

Compétences

Catégories