À propos de Anwar
I help organizations quickly identify security gaps, strengthen their control framework, and achieve compliance with ISO 27001 and NIST CSF. With a strong mix of audit rigor and technical expertise. I deliver practical, risk-driven recommendations that teams can implement efficiently.
Français
Bilingue ou natif
Anglais
Capacité professionnelle complète
Allemand
Notions
Accepte de travailler sur site
Neuchâtel (jusqu’à 50 km)
Expériences
- Expert SuisseIT Instructor & Data Analysisjuin 2025 - Aujourd'hui (1 an)Teach IT risk assessment methodologies and controls for financial data to ensure integrity, confidentiality and availability.
- Cantonal Audit Office of NeuchâtelSenior IT Auditorjanvier 2024 - Aujourd'hui (2 ans et 5 mois)• • Cybersecurity maturity assessment (NIST CSF): action plan definition and remediation tracking with IT teams.• • Security architecture and control review against ISO 27001 / ISO 27002 (requirements, gaps, remediation).• • Detection/logging review: Splunk / ELK configuration (rules, dashboards, reports, retention, integrity, time sync).• • Vulnerability management review: Nessus program (configuration, scan cadence, reporting) and post-fix verification.• • Penetration test oversight for Internet-exposed internal applications; OWASP-aligned remediation follow-up.• • Active Directory security reviews (PingCastle, Purple Knight, ADRecon): password policies, identity lifecycle, privileges, service accounts, Kerberos risks, hardening, PKI/trusts and tiering.• • Network security review: Fortinet NGFW, firewall rules, IPS/IDS policies, segmentation and hardening recommendations.• • Secure SDLC review: development practices and configuration of Snyk and SonarQube; findings prioritized and fixed pre-production.• • SAP security configuration review (authorizations, auditability, security parameters).
- KPMG ParisIT Risk Consultantavril 2022 - janvier 2024 (1 an et 9 mois)• • Security control assessments: scoping, workshops, reporting, and action plan follow-up with IT and business stakeholders.• • Gap analyses and recommendations aligned with standards (including NIST where applicable); remediation roadmap and prioritization.• • Cloud security reviews (Azure, GCP, AWS): governance (policies/procedures, HLD/LLD, RACI, KPIs) and best practice alignment.• • Cloud architecture controls: segmentation/filtering, WAF, public/private zones, NSG rules, hardening and compliance requirements.• • Cloud IAM: RBAC, MFA/conditional access, secret rotation, just-in-time access, PAM/PIM and periodic access reviews.• • Logging/monitoring/detection: sensitive log collection, retention, secure storage, SIEM forwarding, SOC use cases alignment.• • Vulnerability/patch management in cloud: coverage, target definition via ITAM/CMDB, scan frequency, remediation governance and tracking.• • Resilience review: DR/BCP (RTO/RPO), redundancy, backup strategy and restore testing requirements.• • CRM security review: risk analysis, access control, audit logging, security requirements and action plan.• • IT Asset Management / CMDB review: data quality (ownership, criticality, traceability) and impact on vuln/access/patching.• • Designed and delivered NIST-based cybersecurity training for KPMG consultants.
Recommandations
Soyez le premier à recommander Anwar
Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.
Ces profils de freelance correspondent également à vos critères
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formations
- Specialized Master's in Information Systems ManagementCentraleSupélec –2022Specialized Master's in Information Systems Management
- Engineering DegreeECAM LaSalle2021Engineering Degree