Dispense des formations ISO 27005 Risk Manager, EBIOS Risk Manager, ISO 27001 Lead Implementer et Lead Auditor.
Mission pour une société d'assurance multinationale:
• Supervision de l’intégration de la sécurité dans les projets pour l’Europe, Amérique Latine, Moyen Orient et Afrique.
• Appréciations des risques pour faciliter les arbitrages sécurité.
• Analyse d’architectures applicatives et réseaux hébergées en interne ou dans le Cloud (IaaS, PaaS, SaaS).
• Audits ISO 27001 pour établir la maturité des entités.
• Leader technique sur la gestion des risques et les normes ISO.
• Audits de sécurité (NIST SP 800-53 & CSF Framework).
• Révision des processus de gestion des incidents de sécurité.
HSC is a 27-year-old security consultancy and the leader in providing security training courses in France (SANS and ISO 27000-series). Deloitte France acquired HSC in December 2014 (30 employees).
IT and Cloud service providers, Telecom industry, Energy, Oil & Gas, Defence, Healthcare, Manufacturing, Finance, Asset management, Transportation, Aeronautical and Aerospace.
● Pre-sales visits to present our service offers and define tailored assistances aligned with client needs.
● Provided security training courses to external clients in: PCI DSS, ISO 27001 Lead Auditor and Lead Implementer, ISO 22301 Lead Auditor and Lead Implementer, ISO 31000, ISO 27005 Risk Manager, EBIOS Risk Manager (French NSA), CISSP units, Incident Security (ISO 27035) and IT crisis management.
● Assisted a diverse portfolio of clients in Information security, such as policy developments, ISO 27001 implementations, network and security audits, risk assessments, security control effectiveness reviews, PCI DSS assistances, …
● Represented the company in associations and public bodies in order to share and foster our perspective regarding French and international security standards.
Information Security Consultant at Altran - Secondment at the French National Railway Company (SNCF)
I assisted the CISO and liaised closely with IT departments, project managers and Business stakeholders (260 000 employees, 100 000 servers, 350 IT projects per year).
● Enforced the security policy on the CISO’s behalf to business and IT stakeholders, desktop users and external third parties.
● Led and oversaw the security SDLC program implementation for 5 business departments aiming to embed the security into IT governance and IT project lifecycle phases.
● Developed and continuously retrofitted security risk assessment frameworks.
● Performed over 50 security risk assessments on business projects, IT infrastructures, Cloud service providers and SCADA industrial systems.
● Assisted IT stakeholders to identify vulnerabilities, design secure architectures and define security controls to mitigate cyber risks.
● Coordinated with internal security teams and SOC for incident responses.