Description

Experienced professional specializing in IT and cyber security governance and risk management. Skilled in developing strategies to safeguard critical information assets and ensuring regulatory compliance. Collaborates with cross-functional teams to enhance organizational security posture.

Key Competencies:

IT & Cyber Risk Management: Identify, assess, and mitigate cyber risks.

Governance Framework Development/Improvement and monitoring : Create and enforce effective cyber security policies, procedures, standards, guidelines, methodologies and key indicators.

Compliance Oversight: Ensure adherence to industry standards and regulations.

Stakeholder Communication: Collaborate with executives, IT teams, and auditors.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent
Arabic
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

BNP Paribas
IT/cyber risk governance consultant
BANKING AND INSURANCE
March 2022 - Today (4 years and 4 months)
Paris, France
Project Manager for IT/Cyber Risk Management Framework Restructuring and Review at the Group Level, involving:

Framework Analysis:
Reviewing the current framework used by the GROUP for managing IT risks.
Familiarizing oneself with key components of the framework, such as policies, procedures, standards, best practices, and various guidelines.

Relevance Assessment:
Evaluating the relevance of the framework in relation to the GROUP’s specific needs through workshops with different entities.
Verifying whether the framework covers all essential aspects of IT risk management.

Process Examination:
Reviewing processes related to risk identification, assessment, treatment, and monitoring.
Ensuring alignment of these processes with the GROUP’s strategic objectives and operational applicability.

Implementation:
Examining how the framework is being implemented within the organization.
Monitoring and providing training to operational teams on the new framework.
Verifying adherence to framework guidelines and ensuring access to necessary resources.
Gestion des risques IT gestion de projets Team Leadership EBIOS RM IRAM ISO 27005 NIST CSF
EY Services France
cyber risk consultant
CONSULTING AND AUDITS
September 2017 - January 2022 (4 years and 5 months)
Paris, France
As an experienced IT/Cyber strategy consultant at EY, I have successfully worked with various clients across different sectors, including financial institutions, public organizations, and industries. My expertise lies in developing governance documents, implementing robust security processes, managing risks, and providing valuable insights on cyber threats. Here's a summary of my activities:

1 - Governance and Security Processes:
a - Drafting governance documents (security policies, operational procedures).
b - Implementing information security processes based on recognized standards (ISO 27k and NIST).

2 - Risk Management and Information Protection:
a - Classifying information assets of major business lines.
b - Identifying and analyzing risk scenarios related to information assets (based on IRAM v2).
c - Evaluating existing measures for information protection .

3 - Change Management and awareness:
a - Selecting, implementing, and using technology solutions (i.e data protection...).
b - Developing awareness materials and providing technical and functional training.
Project Management (PMO) Employee Training IT risk management Cybersecurity governance Réponse à appel d'offre Proposal Management