Daniel - Consultant RISKMETRICS RISKMANAGER

Since November 2018 Independent Contractor
Audit –Information Security Advisory
Training Companies Certification Audit
Vs ISO27001 & ISO9001

January 201 8 – October 2018 Sr. GRC Consultant
Context : Consultancies inRisk ,
Security & Compliance
Purpose: helping clients in getting a sound view of their major risks; leaning on ISO27K standard, providing action plans to mitigate
their risks; accompanying clients in their GDPR journey; carrying
out their Information Security policies
Team Responsibility: not directly, however acting as a coordinator

September 2015-December 2017 Freelance, Information Security Consultant to
the CISO Bank Context :
information security expertise in a branch (circa 2000 employees) dedicated to IT
Infrastructure of which several datacenters
Purpose :
guiding the Security Governance Department in readiness for maintaining their
ISO27001:2013 certification beyond 2017
Team Responsibility :
not directly, however acting as a coordinator
Environment Servers: WINDOWS; AIX; ZOS workstations : WINDOWS SGBD : ORACLE; SQL/SERVER; DB2
Network: WAN; LAN; WIFI; VPN
Tools: SPLUNK
Standards ISACA standards (ITAF ; COBIT)
ISO standards : ISO27001 27002 27005, 22301 31000 20000
Regulations : BALE ; SOX404 ; PCI/DSS ; GDPR Major tasks :Writing and promoting an efficient Information security policy, i.e.:
Making it readable by everyone,
particularly non -IT personnel
Highlighting the top management engagement towards Information security
Clarifying the scope and the Organization set up for information security
Underlying the necessary commitment of everybody, employee, contractor, provid
or Strengthening the Statement Of Applicability (SoA):
Creating a link between risks level and every set of measures
Declining each requirement into the Organization context
Setting KPI’s to follow up the reality of the risks mitigation
Defining the
SoA as a tool for Security Governance
Recasting the Security Services Level Agreement (SLA):
Simplifying the RACI of roles and responsibilities
Clarifying the existing security measures
Achievements
Information security policy validated by the CEO and pro
moted throughout the Organization
SoA validated and utilized by the Steering Committee. as a global level security compliance
assessment
Security Services Level Agreement Service Agreement validated by the Client of the
Organization

September 2015 –October 2017 Freelance Sr IT Auditor
/ Information Security Consultant
Automotive Industry
Bank Context : audit and risks management
Purpose: two audits, one I.S. audit, one datacenter security audit
Team Responsibility : not directly, however acting as a coordinator
Environment related to the security audit
Servers : WINDOWS; AIX; ZOS
Network : WAN; LAN
Tool related to Forensic Audit : IDEA Standards
ISACA standards (ITAF ; COBIT)
ISO standards : ISO27001 27002 27005, 22301 31000
Other professional standards : project lifecycle and management (AGILE SCRUM ; PRINCE2)
Regulations : BALE ; SOX404 ; PCI/DSS
Major tasks : One forensic Audit (fraud detection) of a Financial Information System

One datacenter security Audit
Achievements Assessments of threats ,
vulnerabilities and risks were
approved by the senior Management, hence
Audit recommendations were taken into account with as a result amitigat
ion of the related risks

January 2009 -August 2015
Internal employee IT Audit Manager
, Automotive Industry (PSA Peugeot -Citroën) Context :
Information Systems audit and risks management related to IT activities and functional
activities in automotive (Research ; Mechanics ; Logistics
; etc.) and Financial areas in Headquarters
and branches worldwide
Purpose :
Information Systems Audits ; Information Security Audits Team Responsibility :
up to 2 Sr IT auditors according to audits depth
Environment related to the security audit
Servers : WINDOWS; AIX; ZOS
Network : WAN; LAN ; WIFI ; VPN
Workstations OS : WINDOWS, UNIX
Databases : ORACLE; SQL/SERVER ; DB2 Tools
/data analytics : IDEA /technical vulnerability analysis : VULNIT Standa rds
ISACA standards (ITAF ; COBIT)
Maturity Measurement Model (CMMI) ISO standards : ISO27001 27002 27005, 22301 31000 Other professional standards : project lifecycle and management (AGILE SCRUM ; PRINCE2)
Regulations : BALE ; SOX404 ; PCI/DSS
Major tasks: Over 40 audit missions had been rolled out (1 mission : average 6 weeks) across IS Audit
spectrum Whole IT function
One or several IT Dpts, e.g. Method, Production, Support, Architecture, etc.
Datacenters
Servers, IT rooms, network components wor
kstations
Suppliers, Subcontractors
Projects Information Security within a sensitive activity (ex : Research)
Etc. Achievements Assessments of threats
, vulnerabilities and risks were approved by the senior
Management , hence Audit recommendations
were taken into account with as a result a mitigation of the related risks