Michel - Assistant à maîtrise d'ouvrage MS PROJECT
Ref : 171018K001-
75017 PARIS
-
Assistant à maîtrise d'ouvrage, Consultant fonctionnel, Directeur de projet, Business Analyst (55 ans)
-
Freelance
EXPERIENCES AS A FREELANCE
GRC & CYBERSECURITY CONSULTANT (current)
GROUPAMA Insurance Group
- Intervene as a GRC expert across IT applications projects, business units and operations, turning
business and cyber risks into security and compliance requirements (ISO27000, NIS, PCI-DSS, RGPD)
- Engineering of GRC process for ServiceNow
GRC & CYBER RESILIENCE CONSULTANT
Confidential cie (Cyber Resilience and GRC Management platform)
- Specify, co-design the platform dedicated to the continuous improvement of compliance with strategic
objectives and operational constraints (including regulatory constraints), based on advanced real-time
diagnostic functions, dashboard (KPI/KRI) and actions monitoring
- Supervise the security of applications (Shift Left (Security-by-Design, TDD, DevSecOps...))
CYBERSECURITY TRAINER
EPSI, DAWAN (courses in French and English) 2016 - today
- Courses content: SMSI deployment and audit, Continuous security improvement, Risk management, Standards and certification (NIST, ISO27000, EN 303 645, CyberSecurity Act, ISO31000, GDPR...), Risk Mngt, Attack surfaces and vulnerabilities reduction, Application security, Network security, Cloud security, IoT security, DevSecOps, Penetration Testing, IDS/IPS, Identity & Access Management, Authentication Methods, Encryption, Incident Management, Security and Compliance Audits...
PROJECT MANAGEMENT TRAINER 2016 - today
Air Force, ORSYS, CEGOS, SPARKS…
- Project Portfolio Management and Optimization
- Project Methodologies and frameworks (PMP, SDLC, Kanban, Agile, DevOps...)
- Management of complex projects (technical, geographical, political complexity, etc.)
- Management of different types of projects (transformation, migration, R&D...)
CYBERSECURITY CONSULTANT
NICE 2021
- Evaluate Cybersecurity Cymulates' platform for Penetration Testing and simulation of cyber-attacks
- Analyze and compare competitive platforms (XM Cyber, SafeBreach...)
CYBERSECURITY CONSULTANT
SECURITAS DIRECT 2018 - 2019
- Applications portfolio auditing, map the European IT infra (IoT<>mobile<>servers)
- Identify the attack surface, threats, vulnerabilities and associated risks
- Establish a roadmap for SMSI and Applications Security improvement (ISO27001, DevSecOps)
- Set up steering committee and workshops for monitoring the security roadmap implementation
PROJECT DIRECTOR
SUEZ (Smart City Platform Development Project) 2017 - 2018
- Supervise and prioritize backlogs (AGILE / SCRUM, CA PPM (CLARITY) and Agile Central)
- Contribute to dev/prod platform architecture (Kubernetes/Docker, Kafka, LogStach, storage (InfluxDB, ElasticSearch, MongoDB), visualization (Kibana, Node-Red) and APIs management (Swagger, Kong)
- Secure confidentiality, integrity and availability of information from incoming data flows down to storage and API delivery, with attention to anonymization and GDPR
CYBERSECURITY & R&D CONSULTANT (co-founder)
EGGOZ (IoT) 2016-2019
Coach the design and deployment of the SMSI (policy / ISO27000)
Contribute to the design of IoT devices and Web Server from a Security standpoint
Validate the distributed architecture of the platform (local and web) and support patent filings
INFORMATION SECURITY MANAGER
GREENTM (Regulation & Conformity Audit Platform) 2016 - 2017
- Specify the functions of the platform and compare with existing security audit solutions
- Automation of GDPR and IT security audits (ISO27001) and follow-up of recommendations
- Design algorithms for analysis and scoring of audit results, and associated dashboards
PREVIOUS EXPERIENCES
CTO (Co-Founder) / B2B SaaS platform
WITME - 2011-2016
- Monitor projects budget, respond to calls for tenders, Deal with techno subcontractors and partners
- Manage and monitor the application developments (AGILE/SCRUM, CI/CD)
- Identify-analyze-prioritize-mitigate operational risks, Prepare and test the Disaster Recovery Plan
- Define the security procedures for the development and production platforms (/ ISO27000)
PROGRAM DIRECTOR / Deployment Management (VOIP infrastructure)
SIEMENS ENTERPRISE COMMUNICATIONS - 2009-2011
- Industrialize the VOIP deployment (4000 sites) and set process and tools for project risk management
- Review the sites architectures in consideration of threats and vulnerabilities (Security-by-Design)
- Review the architecture of the European Datacenter (collection/ aggregation of asset manag. data…)
- Design the methods and tools for automatic KPI and SLA aggregation at national and global level
PROGRAM DIRECTOR / Deployment Management (Satellite infrastructure)
ELYON - Ivory Coast, 2008-2009
- Launch and lead the African program (portfolio of 40,000 VSAT station sub-projects, OSS, BSS)
- Validate the Datacenter IT architecture for resilience, stability and scalability
- Define and deploy the Security Policy in accordance with ISO27000
- Identify threats, Study potential vulnerabilities, Define and implement security controls (segmentation and security of internal and external networks, burial of datacenter, Setting of access controls…)
PROGRAM MANAGER / IT TRANSFORMATION
BNP-PARIBAS - United Kingdom, 2006-2008
- Set-up steering committee and workshops for ITIL, COBIT and CMMi deployments
- Align IT on operations (COBIT) for the trading floor (1000 in traders + back office)
- Review and approve the IT Security Plan according to ISO 27000 and bank security policy
- Identify the scope, Key Risks Indicators and Criticity of primordial and IT assets
CTO, Co-Founder / Straight-Through Data Processing (Finance)
DECISIONX TRADING PLATFORM - France, 2003-2006
- Design platform architecture for real-time data feeds processing and data mining
- Ensure continuous network connectivity and access to trading platforms for placing the orders
- Implement of financial data analysis (predictive analysis, moving averages, technical indicators…)
- Modelling of Front-Middle-Back office processes:
PREVIOUS EXPERIENCES IN THE FIELD OF TELECOM AND DEFENSE
SPY SATELITTE, SECURED NETWORKS, ENCRYPTION, WEAPON SYSTEMS
Initial Training and Accreditations
- Physic and Chemistry first grade at Pierre & Marie Curie University, Paris
- Computer engineering master at Pierre & Marie Curie University, Paris
- Former ISO 9000 Auditor
FORMATION INITIALE
DPE Informatique - Université Pierre et Marie Curie - Jussieu Paris VI
Précédemment Auditeur ISO9000
LANGUES
Français (langue maternelle), Anglais courant, Espagnol (basique)
Spécialiste IT, R&D et Numérique, Directeur de Projet
Cybersécurité, Architecture, SaaS, B.I., Big Data
SUMMARY OF SKILLS
Cybersecurity
SMSI and SOC Deployment (ISO27000), Network security (routing, firewalls, VPNs, Proxies, network segmentation…), Application Security (DevSecOps, Security-by-design, microservices…), Authentication (PKI Services, Identity and Access Mngt…), Incident Mngt, Penetration Testing/Detection/Prevention, Regulations (GDPR, DSP2, LPM, Cyber Security Act, NIS, ENISA…)
Risk & Crisis Management
ISO27005, ISO31000, EBIOS, RAID, AMDEC, ROAM, Business Continuity, Disaster recovery
Project and Product Management
Animation of Steering Committees and Workshops, Project Portfolio Mngt (PPM), Methodologies (ITIL, PMP, DEVOPS, AGILE…), Decision making (SWOT, Pareto, Decision trees, Ishikawa, 5W…)
Business Support and Alignment
IT Business alignment, Product roadmap, Process Engineering and Optimization (Cycle time reduction, JIT, RACI…), SLA/KPI/KRI definition and processing, Contracting (Fixed Price, T&M, FPIF, CPxx)
Audit Planning and Management
Compliance Audits (ISO9000, ISO27000, GDPR…), Maturity Audits (COBIT, CMMi, RISK Mngt), Organization Audits (IT Process, Business Process), Internal/External Audit technics
Office, Project and Collaborative Tools
Excel VBA, Visio, PowerPoint, Ms-Project, collaboration (Jira, MSP, Trello), Visio-conf. (Teams, Zoom…)
SUMMARY OF SKILLS
Governance, Process Engineering, Business Alignment
Enterprise Architecture, Process Engineering (Cycle time reduction, JIT, RACI…), IT alignment (ITIL,
COBIT, CMMi V2.0), Product roadmap, SLA/KPI/KRI definition and processing
Risk & Crisis Management
ISO27005, ISO31000, EBIOS, COSO, Business Continuity Planning, Disaster Recovery Planning
Cybersecurity
SMSI and SOC Deployment (ISO27000), Network security (routing, firewalls, VPNs, Proxies…), Cloud
security (DIE, load balancing…), Application Security (Security-by-Design, OWASP, CVE,
microservices…), Authentication (PKI Services, Identity and Access Mngt…), Incident Mngt, Penetration
Testing/Detection/Prevention
Compliance, Auditing
Compliance Audits (ISO9000, ISO27000, GDPR, Cyber Security Act, DSP2, NIS, ENISA…), Maturity
Audits (COBIT, CMMi, RISK Mngt), Organization Audits (IT Process, Business Process)
Project and Product Management
Animation of Steering Committees and Workshops, Projects Portfolio (PPM), Met