Description

Highly qualified GRC Expert with years of experience, Franck is a detail-driven professional focused on maximizing security projects’ performance. Through his journey within consulting companies, he gained valuable expertise in people, processes and technologies management. In addition, he is super savvy in designing and implementing security/privacy frameworks and certifications such as ISO, PCI-DSS, NIST CSF, GDPR, CCPA and Public Cloud security.

Industry field of expertise

Languages

English
Native or bilingual
French
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

Financial Institution
Cybersecurity and Risk Management expert
BANKING AND INSURANCE
January 2022 - Today (4 years and 6 months)
Paris, France
● Reporting to the CISO and accountable for providing oversight of the GRC task area and ensure effective management, collaboration, and coordination of several key cybersecurity support areas including the following:
○ Performing Internal Security Audits (User Access Reviews and compliance with Policies)
○ Managing the IT and Cyber security risk register, controls, gaps, remediation and reporting.
○ Developed and maintained KPIs/OKRs to measure security maturity and compliance effectiveness
○ Leading yearly certifications (ISO 27001/27017/27018/22301, SOC 2) and risk assessment (NIST CSF)
○ Collaborating with the Product team to embed security and privacy by design principles, performing threat modeling
○ Co-managing the suppliers security program
○ Defining the Business Continuity (including BIA) and Disaster Recovery Plans and leading BC and DR drills
○ AI Security gap assessment, using ISO 42001 framework
○ Insider threat program definition (user risk dashboard, escalation procedures)
○ Acted as GRC point of contact for internal and external stakeholders, supporting due diligence and RFPs
artificial intelligence Cybersecurity Business continuity Disaster recovery Risk Management
AT&T
Security architect lead, AT&T R&D center
TELECOMMUNICATIONS
November 2020 - December 2021 (1 year and 1 month)
Acted as a cybersecurity focal point across different teams (architects, development team leaders, product managers)
Developed and rolled out Application security process (SSDLC) aligned with Agile best practices
Involved in PCI-DSS compliance efforts
Managed PoC (Proof of Concept) on API security
Conducting Risk assessment and Threat modeling along the product lifecycle
Deloitte
Security project lead
DIGITAL AND IT
January 2016 - January 2020 (4 years)
Acted as trusted advisor (CISO as a Service) to clients in highly regulated industries (pharma, automotive, financial):
● NIST-based cloud Security and PCI-DSS gap assessment of an AWS-based marketing and advertising platform
● Lead table-top exercise featuring insider threat and malware spreading scenarios
● Product risk assessment and threat modeling, highly-regulated IT and OT environments
● Security/Privacy gap analysis and remediation plan
● Cyber security strategy assessment, IT and OT environments
● Designed a Privacy by design roadmap

Check out Franck's experience

Be the first to recommend Franck

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master of Computer Sciences
(ESIEA School
Master of Computer Sciences
CISM (Certified Information Security Manager)
CISM (Certified Information Security Manager)

Check out Franck's education

Cybersecurity Expert

Franck Gafsou

Cybersecurity and Risk Management Expert

About Franck

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Skill set

Categories