Antoine Grellier

Managing and continuous improvement of the information systems security policy for HEC Paris and HEC Qatar. Cyber risk analysis Implementation of an outsourced Security Operations Center (SOC) and deployment of an advanced antimalware solution (XDR) Security incident response lead with the SOC (threat hunting) Patch management and monitoring (Cyberwatch) Managing security audits (penetration testing, configuration audits) Implementation and monitoring of remediation plans (following audits / incidents). Managing user training and awareness through live sessions, online courses and phishing tests Creation and implementation of a medium/long-term cybersecurity roadmap. Security lead for client audits

Creation and implementation of an Healthcare specific Information Systems Security Policy Implementation of the public sector specific 'France Relance' program launched and supported by the French cybersecurity agency (ANSSI), consisting of multiple organizational and technical audits leading to a formalized 3-year security plan. Ensuring and enforcing compliance with the European NIS directive Monitoring and implementation of remediation following internal/external audits and penetration tests. Responsible for SOC relations and threat hunting. Deployment of a Bastion-type Privileged Access Management (PAM) solution securing all internal and external privileged access. Integration of security risk management into the implementation steps of any new IT project Implementation of a new unified password policy across the entire group.

In charge of permanent controls for compliance with the information systems security policy, consisting of a series of operational security controls performed on a recurring basis, in accordance with PCI-DSS requirements In charge of developing and monitoring remediation plans for vulnerabilities identified by permanent controls, NESSUS vulnerability scans, and penetration tests Responsible for organizing and supervising key ceremonies for the Hardware Security Modules (HSM) based PKI infrastructures of the banks IT risk mapping and drafting of business risk scenarios. Training and support for local CISOs at banks in IT risk management according to the group's risk management framework