Description

Fort d’une solide expérience en cybersécurité, gestion des risques IT et conformité réglementaire, je souhaite mettre mon expertise des entreprises.

Avec plus de 15 ans d’expérience dans des environnements bancaires et financiers exigeants (BNP Paribas), j’ai piloté des programmes de mise en conformité réglementaire (DORA, NIST, ISO 27001,), accompagné les équipes IT et métiers dans l’intégration de la sécurité dans les projets (ISP, Secure Desing, DevSecOps, Application Security) et assuré le suivi des audits internes et externes en lien avec les autorités de contrôle.

Au sein de BNP Paribas, j’ai été un acteur clé de la conformité IT, en réalisant des évaluations des risques, en mettant en place des processus de contrôle permanent et en assurant le suivi des plans d’action suite aux audits. J’ai également mené des analyses d’impact des réglementations européennes (DORA) et conçu des stratégies d’adaptation pour les filiales internationales (Madrid, Bucarest).

Actuellement, en tant qu’Expert Cybersécurité au ministère de la santé, je définis la stratégie de sécurisation du SI, j’encadre la mise en œuvre des contrôles de sécurité dans les projets IT et je forme les équipes sur les meilleures pratiques de sécurité et de gestion des risques.

Langues

Anglais
Capacité professionnelle complète
Français
Bilingue ou natif

Préférences en matière de lieu de travail

Accepte de travailler sur site

Paris (jusqu’à 30 km)

Haute Autorité de Santé
Expert Cybersécurité/GRC/Risk management
SANTÉ & BIEN-ÊTRE
octobre 2024 - Aujourd'hui (1 an et 8 mois)
Saint-Denis, France
Designed security strategy aligned with the IT/business for 2024/2025
- Identify the features to be developed for 2024/2025,
- Analyze the security needs of each feature,
- Plan the secure design (Threat modeling and Security assessment) workshops with the business and the IT,
- Perform the secure design: Threat modeling (STRIDE) and Security assessment,
- Identify the non-compliance and initiate the risk form with remediation plan
- Security requirements identification to implement during the development,

Control the security requirement implementation with the IT team and Business during the SDLC
- Workshop with the IT team to identify which security measures should be implemented during the sprints
- Define the security gates and the rules
- Plan periodically meeting with the IT team to control the implementation of security requirements during the development
- Risk management performed on the non-compliance

Writing procedural documents on :
- Habilitation procedure
- Incident management
- Integration Security in the project procedure
- Risk management procedure

Perform ISP (integration of security in the project) :
- Perform an assessment of securtiy for the new project
- Perform thrid party assessment for outsourced developement
- Identify the non-compliance and initiate a risk form
- Follow the risk form and the implementation of remediation plan

Report the posture of security to the management (reporting of metric and KPI)

Train the business on the following topics :
- Risk management
- Secure design
- Security best practices
- Agility Vs Security
- Data classification process

Participate of Disaster recovry test and make a Retex to improve the process
Conformité Risk Management Cartographie des risques Secure design Security assessment Analyse sécurité des projets NIST CSF RGPD Analyse de la classification des données Control permanent Analyse et gestion des risques Priorisation des risques Intégration de la sécurité dans les projets Agile Methode ISO 27001 Lead Implementer NIS V2 Third party audit Gestion des tiers EBIOS RM
BNP Paribas Personal Finance
Expert security/DORA auditor
BANQUE & ASSURANCES
février 2023 - octobre 2024 (1 an et 8 mois)
Paris, France
- Audit DORA
• Analyze framework Dora for ICT Risk management, Digital resilience test and ICT related incident.
• Assessment to identify gap analysis between DORA regulation and the cyber requirements implemented.
• Design Application Security process to address all mandatory security requirements for Digital resilience Test during the development (Agile).
• Drafting training course on Application Security and DORA topic for developers and TechLead to acculturate them.
• Support local IT Risk team to understand what it expected for the DORA pilar « Digital resilience test » and « ICT related incident »
• Design a Security Test strategy to help team to be compliance with the Security requirement
• Train IT team/Product Owner in different location (Bucarest, Madrid, Munich and Milan)
 Application Security and DORA
 Security Champion role
 Security test strategy
 Vulnerability management
 ISP : Integration security in the project
 Agile Vs Security

• Control the compliance with the DORA/GDPR/NIST/ISO 27001 framework
 Control periodically the procedural and identify the non-compliance
 Perform security review on the application and system.
 Perform scan on the application and system to identify the vulnerabilities
 Report the result with the non-compliance
 Create risk-form baes on the non-compliance
 Help the IT team to define and implement the remediation plan
 Follow the remediation plan achievement and the risk form
Cybersecurity Risk Management DevSecOps Formateur threat modeling vulnerability management Security audit DORA Conformité à DORA Analyse et gestion des risques Audit DORA Accompagnement des équipes IT sur DORA Agile Methode ISO 27001 Lead Implementer NIST CSF EBIOS RM ISO27005 Third Party Risk Management
BNP Paribas Personal Finance
Expert cybersecurity ISP/Third party
BANQUE & ASSURANCES
février 2022 - février 2023 (1 an)
Levallois-Perret, France
- Implement security in the project: ISP
• Integration security in the project Procedure drafting
• Coaching Tribe leader and Security champion on Risk management procedure and good practices
• Perform with business the secure design (implement Threat modeling methodology) to identify the possible case of fraud or non-compliance on use cases
• Perform Security Assessment for all new project and take care are compliance with DORA/NIST/PCI-DSS
• Workshop with the IT team to identify which security measures should be implemented during the sprints
• Define the security gates and the rules
• Plan periodically meeting with the IT team to control the implementation of security requirements during the development

- Third party audit when the product is outsourced
- Analyse the thrid party questionnaire
Secure design Security assessment Analyse sécurité des projets Analyse et gestion des risques Priorisation des risques Classification de la données Analyse du contexte du projet Reporting des risques cyber Collecte des KPI/Metric Rédaction de procédures EBIOS RM ISO 27005 NIST CSF gestion des tiers third party audit Third Party Risk Management

Consulter toutes les expériences de Houfani

Soyez le premier à recommander Houfani

Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

S’inscrire pour les voir

Master of Science in Cyber Security
University of Technology of Troyes (UTT)
2020
Master in Forensics and Cyber security
Master in New Technology and E-business
School of Management - Business School (ESG)
2005
Master in New Technology and E-business

Consultez la formation qu'a suivie Houfani

ISO27001 Lead implementor
PECB
2021
ISO27001
ISO27001 Lead auditor
PECB
2021
ISO 27001 Lead Auditor

Les certifications de Houfani sont accessibles uniquement aux membres Malt

Expert en cyber sécurité

Houfani Sélim

Expert Cybersécurité/ISP/Secure design/Conformité

À propos de Houfani

Expériences

Recommandations

Ces profils de freelance correspondent également à vos critères

Formations

Certifications

Compétences (62)

Catégories