Description

Is your organization navigating DORA, NIS 2, the EU AI Act, or FINMA compliance while trying to build a resilient security architecture?

I help CISOs, CIOs, and executive teams turn complex regulatory pressure into structured, actionable security programs.

With 15 years of cybersecurity leadership across financial services, energy, and management consulting — including 5 years as Senior Manager at PwC France — I bring a rare hybrid expertise that combines three capabilities most consultants deliver separately: strategic GRC leadership, hands-on security architecture, and end-to-end project delivery.

What sets me apart is my depth in AI Security: I design LLM governance frameworks aligned with NIST AI RMF and EU AI Act, and I conduct adversarial testing of AI systems — a niche few senior profiles can offer.

Typical engagements include: fractional/virtual CISO missions, Zero Trust & cloud security architecture (AWS, Azure, GCP), large-scale TPRM programs (1,400+ vendor assessments/year at PwC), DORA/FINMA/NIS 2 compliance roadmaps, SOC design and deployment (IT & OT/ICS), and C-suite security reporting via Power BI dashboards.

Advanced training completed: CISSP · CISM · CISA · CRISC · CCSP · TOGAF · CEH · CARP · CAISP · AIGP · OSCP

Based in Gaillard (74), 15 min from Geneva — available for Swiss, French, and international remote contracts

Langues

Français
Bilingue ou natif
Anglais
Bilingue ou natif
Espagnol
Capacité professionnelle limitée

Préférences en matière de lieu de travail

Accepte de travailler sur site

Lausanne (jusqu’à 50 km)

PwC
Senior Manager GRC, TPRM & Security Architect
CONSEIL & AUDIT
janvier 2020 - septembre 2025 (5 ans et 8 mois)
France
▸ GRC Leadership — Supervised GRC programs: third-party risk, internal controls, audits, regulatory compliance (ISO 27001, NIST CSF, GDPR, DORA, EBA).
▸ TPRM at Scale — Managed 1,400+ annual vendor security assessments end-to-end: scope, questionnaires, evidence collection, scoring, risk committees, go/no-go decisions. KYS due diligence and contractual security requirements (MSA, SLA, OLA).
▸ Cloud Security — Validated 300+ architectures/yr. Secure GCP→M365 migration. Azure Key Vault + GCP KMS on 100% of critical workloads. 70% reduction in critical cloud vulnerabilities via Prisma Cloud CSPM.
▸ AI Governance — Built LLM governance framework (EU AI Act, NIST AI RMF). Adversarial testing with Garak, Counterfit, Cranium, HiddenLayer.
▸ Team Management — Managed 2 teams (8 experts): SOC + vulnerability management. Monthly COMEX reporting via Power BI. 40% vulnerability reduction KPI.
Architecture IT GRC (gouvernance, risques et conformité) Protection des données (RGPD, CCPA) Gestion des incidents de cybersécurité Analyse de risques
Inetum → ESP Bank
Cybersecurity Architect & Project Manager
BANQUE & ASSURANCES
juin 2019 - décembre 2019 (6 mois)
Paris, France
▸ TOGAF ADM architecture design integrating SentinelOne, Cisco NAC, Wallix Bastion — HLD/DAT documentation.
▸ Security audit of existing architectures: network flow correction, firewall optimization for GDPR compliance.
▸ Digital transformation & change management: process modernization and post-deployment impact validation.

🗂 PM: End-to-end project management of OOdrive migration and RSA deployment
• · KPI dashboards for steering committees
◦ · Deliverable planning (ITIL).

Tech: Windows 10/7, RSA, Wallix Bastion, SentinelOne, Cisco NAC, Citrix, Change Auditor
Gestion de projet Audit de sécurité Architecture IT Cybersecurity GRC
Inetum → LCL Bank (Crédit Agricole Group)
Cybersecurity Architect & Security Project Manager
BANQUE & ASSURANCES
septembre 2016 - juin 2019 (2 ans et 9 mois)
Paris, France
Nearly 3-year engagement at LCL, a major French retail bank within the Crédit Agricole Group. Dual role as Security Architect and Project Manager, responsible for the Windows 10 migration program, endpoint security modernization, and security governance reinforcement across the bank's entire IT estate.
▶ Migration & Security Modernization▸ Windows 10 Migration Piloted the full technical migration from Windows 7 to Windows 10 across the entire workstation fleet, with SCCM deployment for centralized patch and configuration management.▸ Endpoint Security Reinforcement Integrated SentinelOne (EDR) and Symantec Endpoint Protection v14.2 for advanced protection of workstations and servers.▸ Privileged Access Management Deployed CyberArk for administrator identity and secrets management aligned with Crédit Agricole Group policies.▸ Network Access Control Deployed Cisco NAC for network segmentation and policy-based access restriction across the bank's infrastructure.
Analyse de risques Gestion des incidents de cybersécurité Audit de sécurité Gestion de projet Cybersécurité