Description

Directeur orienté résultats, avec plus de 15 ans d'expérience dans la gouvernance de la cybersécurité, la gestion des risques et la protection des infrastructures critiques.

Spécialiste de l’alignement des initiatives de sécurité avec les objectifs stratégiques de l’entreprise, et expert dans la gestion de crises complexes. Capable de diriger des équipes pluridisciplinaires et de piloter des transformations globales en matière de cybersécurité

tout en assurant la conformité réglementaire et la gestion proactive des risques.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

CGI
Director Cybersecurity
January 2021 - Today (5 years and 6 months)
Montreal, QC, Canada
Governance, Risk, and Compliance

• Supervise compliance with ISO 27001 and NIST standards in the design of secure architectures.

• Establish compliance programs aligned with PCI-DSS, GDPR, and other regulations.
• Define risk management policies and security controls for critical infrastructures.
• Advise executive committees on risk management strategy and security governance.
• Develop cybersecurity roadmaps to enhance security maturity and meet compliance requirements.
• Develop and implement training and awareness programs to promote a culture of cyber resilience

Threat Management
• Oversee SOC operations to detect and respond to threats in real-time.•
Manage cybersecurity incidents, including ransomware attacks and critical vulnerabilities.
• Develop and implement vulnerability management and mitigation plans tailored to the organizational context.
• Monitor security performance indicators to assess the effectiveness of controls and enhance threat detection.
• Develop incident response procedures to mitigate impacts and reduce recovery time.

Cybersecurity Architecture and Transformation
• Define and validate security architectures in compliance with ISO 27001 and NIST standards.
• Develop cybersecurity transformation strategies aligned with business objectives and risk management.
• Collaborate with executives to integrate cybersecurity into digital transformation projects.
• Implement security controls for critical projects and sensitive infrastructures.

Resilience and Recovery
• Develop and oversee continuity plans to ensure the resilience of critical systems.
• Manage post-incident recovery in response to cyberattacks to restore operations.
• Optimize recovery processes to reduce the resolution time of security incidents.
• Regularly test and adjust resilience plans to maintain business continuity during a crisis.

Team Management and Leadership
• Lead and supervise cybersecurity teams of 20 experts.
Cybersecurity Incident Management Threat Intelligence NIST CISSP GSCP
Ministry of the French Armed Forces
Cybersecurity consultant
July 2016 - November 2020 (4 years and 4 months)
Paris, France
• Orchestrated the design and implementation of a high-availability Operational Security Platform (SOC).
• Conducted thorough evaluations of firewalls, servers, routers, VPNs, and IDS security configurations, ensuring alignment with internal policies, industry best practices, and vendor recommendations.
• Coordinated system vulnerability assessments and collaborated with stakeholders to mitigate identified risks effectively.
• Worked closely with compliance to achieve the objectives of complaince with the French military programming law (LPM).
• Designed and supported the implementation of a public key management infrastructure (PKI) including an HSM and Radius for network access control via 802.1x authentication.
• Offered expert guidance on technical security measures to uphold data confidentiality, integrity, and availability, thereby preventing potential data loss.
• Contributed significantly to the development, testing, and documentation of robust disaster recovery plans, ensuring organizational continuity and resilience during times of crisis.
Axa Investment Manager
System Engineer and Team Lead
May 2013 - June 2016 (3 years and 1 month)
Paris, France
• Coordinated project activities within the agreed budget, time, and scope.
• Activities included: collecting product specifications from stakeholders, drafting the call for proposals, management of the POC, and implementation of the solution.
• Reduced the number of major incidents by 25% thanks to problem management.
• Actively participated in business continuity and recovery exercises to ensure documented plans operated as intended and met compliance requirements.
• Automated daily tasks and software migration via KSH and Python scripts.
• Installed, configured, and maintained operating systems, applications, and system management tools.