À propos de Romain
I work mostly in situations where cybersecurity stops being an IT topic and becomes something that influences valuation, legal exposure or regulatory pressure. The conversations usually start when someone says: “We don’t have time; we need to know what this really means.” That is the space I operate in: deals moving fast, disputes where technical facts decide arguments, and boards trying to choose what actually matters rather than everything that looks important.
A large part of my work is with private-equity teams trying to understand what they’re really buying when technology, operational resilience and legal risk collide. A report never changes a deal; interpretation does. A cyber finding rarely kills a transaction, but it often shifts the price, the integration trajectory or the negotiation balance. That’s the part I focus on: turning uncertainty into decisions.
The same applies to litigation and arbitration. Cases involving cyber incidents are rarely clean — timelines conflict, evidence is incomplete and narratives compete. The job is not to sound technical, but to help build a story that a judge or arbitrator can actually follow without drowning in forensic vocabulary.
More recently, my work with boards has grown around NIS2, DORA and other tightening regulatory regimes across energy, infrastructure and financial services. Most organisations don’t have a security problem; they have a prioritisation problem. The question is not “what are the risks?” but “which two will change the financial or regulatory outcome if we ignore them?”
Before consulting, I worked in defence, intelligence and diplomacy, and later at the OECD supporting governments on information-security obligations tied to international tax exchange. Those environments taught me how decisions get made when information is incomplete and time matters. That discipline shapes everything I do now.
Anglais
Bilingue ou natif
Français
Bilingue ou natif
En télétravail uniquement
Travaille majoritairement à distance
Expériences
- FTI ConsultingSenior Director - CybersecurityCONSEIL & AUDITdécembre 2022 - Aujourd'hui (3 ans et 6 mois)Paris, FranceImpact• • Translate complex technical risk into commercial, legal and governance outcomes• • Enable negotiations and legal arguments grounded in defensible facts rather than speculation• • Help leadership identify the handful of risks that materially change decisions rather than the dozens that only appear important
- OECD - OCDEInformation Security Management - AdvisorSECTEUR PUBLIC & COLLECTIVITÉSseptembre 2020 - décembre 2022 (2 ans et 3 mois)Paris, FranceWork focus• • Review security controls and remediation planning with national authorities worldwide• • Participate in international expert panels assessing ISMS maturity and readiness for OECD requirements• • Translate policy into operational implementation across diverse legal and cultural environments
- Societe Generale Equipment Finance - SGEFDeputy Global head of Information SecurityBANQUE & ASSURANCESoctobre 2019 - septembre 2020 (11 mois)Paris Metropolitan Area, FranceWork focus• • Lead remediation efforts based on audit findings and incident lessons• • Investigate sensitive data-loss events (L2 / L3) and support CISOs on response and recovery• • Advise regional leadership on investment priorities and operational constraints
Recommandations
Soyez le premier à recommander Romain
Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.
Ces profils de freelance correspondent également à vos critères
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formations
- Certified Information Systems Security Professional (CISSP) ISO/IEC 27001 Lead AuditorCertified Information Systems Security Professional (CISSP) ISO/IEC 27001 Lead Auditor
- Master's degreePolytech Grenoble2009Master's degree