Description

Experienced IT security operations manager with 20 years in IT management, including 8 years

specializing in operational security within banking, insurance, and technology sectors, encompassing cloud and non-cloud infrastructure, and aligning them with the companies' security postures. Expert in overseeing vulnerability management, conducting risk assessments, driving remediation efforts, and ensuring governance compliance, with hands-on proficiency in scanning tools, threat detection, backlog prioritization, and stakeholder reporting through KPIs and dashboards.

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 15km)

Société Générale
IT Security Operations Manager
BANKING AND INSURANCE
May 2023 - July 2025 (2 years and 2 months)
Paris, France
Managed IT infrastructure security operations in a cloud environment (e.g.,
Load Balancers, DNS, Virtualization, Messaging Middleware, Bastions),
auditing and certifying cloud services according to internal security standards
based on security controls defined by NIST 800-53, and contributing to the
Information Security Management System.
• Performed architecture reviews to check for the absence of security
flaws and provided recommendations to improve security.
• Performed risk analyses and proposed risk mitigations aligned with risk
appetite, security policies, and regulatory requirements.
• Supported product owners in defining alerting scenarios for the SIEM.
• Ensured GDPR compliance in collaboration with the Compliance
Manager.
• Managed server vulnerabilities using Qualys for scanning and ensuring
corrections in timelines compliant with security policies.
• Ensured administrator accesses were controlled by a Privileged Access
Management solution like CyberArk by analyzing the architecture to
identify and eliminate gaps in PAM coverage.
• Controlled the segregation of environments (DEV/UAT/PRD).
• Confirmed that backups were operational and that tests were properly
conducted.
• Verified that all network communications were properly encrypted.
• Confirmed that all generated certificates used the internal PKI and were
not self-signed.
• Organized and supervised penetration tests, adjusted the scope if
necessary, analyzed reports, and proposed remediation strategies to
development teams.
• Validated that hardening rules were respected on all servers, that they
were based on the CIS Benchmark, and validated exceptions while
maintaining a compliant security level.
• Verified the performance and acceptability of disaster recovery (DR)
tests, and confirmed the business continuity plan (BCP) was in place.
Cybersécurité Gestion de projet technique Analyse de risques Gestion des vulnérabilités Governance, Risk and Compliance
BNP Paribas
IT Security Project Manager
BANKING AND INSURANCE
January 2020 - April 2023 (3 years and 4 months)
Paris, France
Member of the cybersecurity team focused on analyzing, hardening, testing,
and remediating infrastructure components.
• Led infrastructure security projects on components (e.g., backup, SIEM,
WiFi, telephony, VPN gateways, Hypervisors,…) through coordinated
penetration testing campaigns and risk assessments; guided asset
owners to policy compliance, monitored risks, ensured remediation
within delays, and established reports with corrective measures.
• Authored the security standards for the messaging IBM MQ series
middleware, including in-depth risk analyses; defined and piloted the
implementation and the monitoring of the targeted controls to mitigate
identified threats, ensuring alignment with governance requirements.
• Escalated deviations and risks, while assisting IT teams in aligning with
security policies and promoting awareness of threat landscapes.
Cybersécurité Gestion de projet technique Analyse de risques Governance, Risk and Compliance PenTest
AXA
IT Security project manager
BANKING AND INSURANCE
January 2017 - December 2019 (3 years)
Paris, France
Directed IT infrastructure remediation across EMEA, AMER, and APAC,
addressing security weaknesses and ensuring policy compliance.
• Coached security teams on vulnerability assessments and remediation,
defining action plans based on infrastructure maturity.
• Developed operational procedures, guidelines, and security standards
to support vulnerability management and IT security operations.
• Tracked implementation of security controls, managed backlogs, and
facilitated upgrades/fixes while escalating risks.
• Provided governance for vulnerability processes, generating
dashboards and KPIs for reporting to IT steering committees and CISO.
Cybersécurité Gestion de projet technique Coaching Reporting Access Control