Thomas L.

consultant en sécurité de l'information

Remote from Paris

  • 48.8546
  • 2.34771
  • Indicative rate €800 / day
  • Experience 7+ years
  • Response rate 100%
  • Response time 24h
Propose a project The project will only begin when you accept Thomas's quote.

Availability not confirmed

Part time, 1 day a week

Propose a project The project will only begin when you accept Thomas's quote.

Location and geographical scope

Location
Paris, France
Remote only
Works remotely most of the time

Preferences

Project length
  • ≤ 1 month
  • Between 1-3 months
  • Between 3-6 months
  • ≥ 6 months
Company size
  • 50 - 249 people
  • 250 - 999 people
  • 1000 - 4999 people
  • ≥ 5000 people

Verifications

Languages

  • Anglais

    Full professional proficiency

  • Français

    Native or bilingual

  • Espagnol

    Full professional proficiency

Skills (14)

Thomas in a few words

J'assiste depuis plus de 10 ans des clients de secteurs d'activité variés en sécurité de l'information, réalisant des audits de sécurité, appréciations des risques, revues d'architectures, implémentations et audits SMSI ISO 27001, assistances PCI DSS, etc.

J'ai eu l'opportunité de travailler dans des environnements multiculturels en France, Australie et Espagne.

J'ai été également formateur pour HSC, aujourd'hui HS2, sur les thématiques suivantes:
• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• Ebios Risk Manager
• Advanced Security risk management techniques
• ISO 22301 Lead Implementer
• ISO 22301 Lead Auditor
• PCI-DSS Audit and Implementation

Experience

BANK

Banking & Insurance

Consultant Sécurité Cloud Public

Paris, France

December 2019 - Today

Appréciations des risques sur les infrastructures Cloud Public et services managés Amazon AWS et Microsoft Azure pour un groupe bancaire.

Hervé Schauer Sécurité (HS2)

Education & E-learning

Formateur en Sécurité de l'Information

Paris, France

December 2018 - Today

Dispense des formations ISO 27005 Risk Manager, EBIOS Risk Manager, ISO 27001 Lead Implementer et Lead Auditor.

Mnemo

Banking & Insurance

Consultant en Sécurité de l'Information

Madrid, Espagne

August 2018 - December 2019

Mission pour une société d'assurance multinationale:
• Supervision de l’intégration de la sécurité dans les projets pour l’Europe, Amérique Latine, Moyen Orient et Afrique.
• Appréciations des risques pour faciliter les arbitrages sécurité.
• Analyse d’architectures applicatives et réseaux hébergées en interne ou dans le Cloud (IaaS, PaaS, SaaS).
• Audits ISO 27001 pour établir la maturité des entités.

PwC Australia - PwC Organisation

Consulting & Auditing

Auditeur de Sécurité de l'Information

Melbourne, Australie

October 2016 - November 2017

• Leader technique sur la gestion des risques et les normes ISO.
• Audits de sécurité (NIST SP 800-53 & CSF Framework).
• Révision des processus de gestion des incidents de sécurité.

HSC

Consulting & Auditing

Information Security Consultant

Paris, France

January 2012 - July 2015

HSC is a 27-year-old security consultancy and the leader in providing security training courses in France (SANS and ISO 27000-series). Deloitte France acquired HSC in December 2014 (30 employees).

Client sectors:
IT and Cloud service providers, Telecom industry, Energy, Oil & Gas, Defence, Healthcare, Manufacturing, Finance, Asset management, Transportation, Aeronautical and Aerospace.

● Pre-sales visits to present our service offers and define tailored assistances aligned with client needs.
● Provided security training courses to external clients in: PCI DSS, ISO 27001 Lead Auditor and Lead Implementer, ISO 22301 Lead Auditor and Lead Implementer, ISO 31000, ISO 27005 Risk Manager, EBIOS Risk Manager (French NSA), CISSP units, Incident Security (ISO 27035) and IT crisis management.
● Assisted a diverse portfolio of clients in Information security, such as policy developments, ISO 27001 implementations, network and security audits, risk assessments, security control effectiveness reviews, PCI DSS assistances, …
● Represented the company in associations and public bodies in order to share and foster our perspective regarding French and international security standards.

SNCF - SNCF

Transportation

Information Security Consultant

Paris, France

March 2009 - December 2011

Information Security Consultant at Altran - Secondment at the French National Railway Company (SNCF)

I assisted the CISO and liaised closely with IT departments, project managers and Business stakeholders (260 000 employees, 100 000 servers, 350 IT projects per year).

● Enforced the security policy on the CISO’s behalf to business and IT stakeholders, desktop users and external third parties.
● Led and oversaw the security SDLC program implementation for 5 business departments aiming to embed the security into IT governance and IT project lifecycle phases.
● Developed and continuously retrofitted security risk assessment frameworks.
● Performed over 50 security risk assessments on business projects, IT infrastructures, Cloud service providers and SCADA industrial systems.
● Assisted IT stakeholders to identify vulnerabilities, design secure architectures and define security controls to mitigate cyber risks.
● Coordinated with internal security teams and SOC for incident responses.

Education

Certifications

charter modal image

Success is a team effort

Contribute to this success and the community's professionalism by signing the Freelancer Code of conduct

Sign the code