Romain - Chef de projet MEHARI
Ref : 170412V001-
14000 (INDIQUEZ AU PRÉALABLE LE CODE POST
-
Chef de projet, Consultant, Consultant cybersécurité (45 ans)
-
Freelance
PROFESSIONAL BACKGROUND
Groupe OnePoint
Consultant Manager – IT Risk Expert From 2014
ENGIE EMT – Information System Security & Risk Management
EMT is in charge of the energy market activities and gas distribution for ENGIE. The information system relies on 3 domains hosting more than 600 applications. It’s operated in an international context by multicultural teams. Information Security services operates in order to guarantee high security requierments (bank regulation).
Security in project – Advisor regarding trading applications (security needs analys and security solution definiton)
Audit coordination and follow-up on IT scope (Internal Audit, CAC, regulator audit, etc.)
Definition and steering of the Segregation of Duties (SoD) management process
Expertise regarding compliance and regulatroy subject (Prestation de Service Essentielle Externalisée, Trading Off Premises, etc.)
MASTER 2i
Entrepreneurship – Custom made IT services for small business Since 2012 to 2014
Master 2i is an agile and custom-made information service management company dedicated to SMEs. From the beginning, Master 2I has built his strenght in understanding that SMEs are heaviliy concentrated on their core businesses. In relying on its capacity of identifying and understanding its client needs and its hability link them to a portfolio of innovative IT solution, Master 2I is able to provide a full range of efficient services to its customers.
Skills acquired: Operational marketing : defining products to answer needs of small business at specific moment (leave, mergers & acquisitions, etc.), Communication & Business development (partnership, relation with prescriber, etc.)
OTC Conseil
IS Security & Operational Risks Consultant Since 2011 to 2012
o Permanent Control System - Audit and compliance with regulation regarding PSEE (AsIs, target)
o Permanent Control System - Internal Control over Financial Reporting (ICFR) assessment regarding externalised prestations (collection of evidence, testing and recommandations)
o Definition of remediation action plan
o Standard and regulation : ISO 2700x, ACPR/AMF
AXA IM - Operational Risk Management (2011-2012)
Team Measurement & Certification assess on Permanent Control System involving the Back Office prestation operated by State Street Bank. These assessments were part of ICFR and SAS70 certification
Crédit Agricole SA – Direction Financière (2011)
Ensuring compliance of Crédit Agricole SA with regulation (ACPR/AMF) of the prestation Market activities operated by Crédit Agricole Corporate and Investment (CA-CIB).
PW Consultants
IS Security & Operational Risks Consultant Since 2007 to 2011
o Facilitating risk groups or committees
o Definition and implementation of security risk assessment methhodology, Information Security Governance (e. Processus, charter)
o Infrastructure Cartography et business process
IT/Opreationel risk assessment, definiton and implementation of compendsatory control
o Standard and regulation : Global Plateform, EMV, ISO 8583, CC, ISO 2700x, ACPR/AMF
LBP Financement / La Banque Postale Group - ISMS conception (2010-2011)
LBP Financement is the joint venture among Société Générale and LBP which offers consumer finances solutions for LBP. The information system is operate by SG. In a context of managed IT services the mission objective was to define and implement the Information Security Management System (compliant with ISO 27001 standard)
Association Européenne Payez Mobile (AEPM) - Facilitating Risk Workgroup (2009 - 2010)
AEPM is an industrial consortium representing principal retail bank and telecom operators. Its goal is to define functional and technical specifications of the SIM Centric mobile payment solution. The objective of the mission was to identify most representative risk (eg. security and fraud) and specify risk management of the solution (eg. CC EAL4+, certification, Fraud management, risk assessment)
CNETI, GCEP Caisse d’Epargne Group – Assistance to CISO / ORO (2007 - 2009)
GIE CNETI and GCE Paiement were respectively the infrasturcture operator and the users electronic payment system platform of Caisse d’Epargne Group. In order to comply with Basel 2 the mission obectives were to perform an infratsructure cartogaphy then a business process cartography in order to identify and to assess IT and operational risks
Groupe Caisse d’Epargne
IS Security Project Chief Since 2004 to 2007
o IS Audit (attached to the Direction Inspection et Audit during 1 year)
o Risk assessment et and IT process optimisation (eg. IAM & Backup)
o Definition and implementation of the maintenance in operational condition of the BCP
o Conception of the fraud detection process for electronic payment at the Front Office level (behavioural analysis)
In relation to the CIO and interface with CISO, I have designed and implemented a set of projects to optimize the IS security management.
EDUCATIONAL BACKGROUND/QUALIFICATIONS
• Informatics engineer specializing in Security and electronic payment (ENSICAEN) - 2007
• Change Management (Orga Consultant) - 2008
• Audit Technics (Groupe Caisse d’Epargne) - 2007
• ISO27001 Lead Auditor (HSC) – 2011
PERSONAL INTERESTS
Family, Sports (e.g. Tennis, horse ridding), Projects (e.g. assembly of a think tank of CISOs and agilists to define an agile approach of the IS security)
FUNCTIONAL SKILLS SYNTHESYS
In financial and energy sectors :
• Risk Management
• Auditing (ISO/IEC 27001 - Lead Auditor certified)
• Project Management
• Facilitating groups or committees
• Management System
TECHNOLOGICAL SKILLS SYNTHESYS
• Information Security Managament System : Definition, implementation and Audit (Compliant ISO27001)
• Information Security Governance design
• Information security awareness and training
• Business Continuity – Crisis management, maintenance processes design
• IT/Operationnal risk analysis
• Permanent control plan defintion
• Expertise in monitoring and implementing standards and regulations : ISO2700x, ACPR/AMF, Mobile Payment, EMV, ISO 8583, Global Plateform
LANGUAGE SKILLS
• French : mother tongue
• English : professional
• Spanish : school level
PROFESSIONAL BACKGROUND
Groupe OnePoint
Consultant Manager – IT Risk Expert From 2014
ENGIE EMT – Information System Security & Risk Management
EMT is in charge of the energy market activities and gas distribution for ENGIE. The information system relies on 3 domains hosting more than 600 applications. It’s operated in an international context by multicultural teams. Information Security services operates in order to guarantee high security requierments (bank regulation).
Security in project – Advisor regarding trading applications (security needs analys and security solution definiton)
Audit coordination and follow-up on IT scope (Internal Audit, CAC, regulator audit, etc.)
Definition and steering of the Segregation of Duties (SoD) management process
Expertise regarding compliance and regulatroy subject (Prestation de Service Essentielle Externalisée, Trading Off Premises, etc.)
MASTER 2i
Entrepreneurship – Custom made IT services for small business Since 2012 to 2014
Master 2i is an agile and custom-made information service management company dedicated to SMEs. From the beginning, Master 2I has built his strenght in understanding that SMEs are heaviliy concentrated on their core businesses. In relying on its capacity of identifying and understanding its client needs and its hability link them to a portfolio of innovative IT solution, Master 2I is able to provide a full range of efficient services to its customers.
Skills acquired: Operational marketing : defining products to answer needs of small business at specific moment (leave, mergers & acquisitions, etc.), Communication & Business development (partnership, relation with prescriber, etc.)
OTC Conseil
IS Security & Operational Risks Consultant Since 2011 to 2012
o Permanent Control System - Audit and compliance with regulation regarding PSEE (AsIs, target)
o Permanent Control System - Internal Control over Financial Reporting (ICFR) assessment regarding externalised prestations (collection of evidence, testing and recommandations)
o Definition of remediation action plan
o Standard and regulation : ISO 2700x, ACPR/AMF
AXA IM - Operational Risk Management (2011-2012)
Team Measurement & Certification assess on Permanent Control System involving the Back Office prestation operated by State Street Bank. These assessments were part of ICFR and SAS70 certification
Crédit Agricole SA – Direction Financière (2011)
Ensuring compliance of Crédit Agricole SA with regulation (ACPR/AMF) of the prestation Market activities operated by Crédit Agricole Corporate and Investment (CA-CIB).
PW Consultants
IS Security & Operational Risks Consultant Since 2007 to 2011
o Facilitating risk groups or committees
o Definition and implementation of security risk assessment methhodology, Information Security Governance (e. Processus, charter)
o Infrastructure Cartography et business process
IT/Opreationel risk assessment, definiton and implementation of compendsatory control
o Standard and regulation : Global Plateform, EMV, ISO 8583, CC, ISO 2700x, ACPR/AMF
LBP Financement / La Banque Postale Group - ISMS conception (2010-2011)
LBP Financement is the joint venture among Société Générale and LBP which offers consumer finances solutions for LBP. The information system is operate by SG. In a context of managed IT services the mission objective was to define and implement the Information Security Management System (compliant with ISO 27001 standard)
Association Européenne Payez Mobile (AEPM) - Facilitating Risk Workgroup (2009 - 2010)
AEPM is an industrial consortium representing principal retail bank and telecom operators. Its goal is to define functional and technical specifications of the SIM Centric mobile payment solution. The objective of the mission was to identify most representative risk (eg. security and fraud) and specify risk management of the solution (eg. CC EAL4+, certification, Fraud management, risk assessment)
CNETI, GCEP Caisse d’Epargne Group – Assistance to CISO / ORO (2007 - 2009)
GIE CNETI and GCE Paiement were respectively the infrasturcture operator and the users electronic payment system platform of Caisse d’Epargne Group. In order to comply with Basel 2 the mission obectives were to perform an infratsructure cartogaphy then a business process cartography in order to identify and to assess IT and operational risks
Groupe Caisse d’Epargne
IS Security Project Chief Since 2004 to 2007
o IS Audit (attached to the Direction Inspection et Audit during 1 year)
o Risk assessment et and IT process optimisation (eg. IAM & Backup)
o Definition and implementation of the maintenance in operational condition of the BCP
o Conception of the fraud detection process for electronic payment at the Front Office level (behavioural analysis)
In relation to the CIO and interface with CISO, I have designed and implemented a set of projects to optimize the IS security management.
EDUCATIONAL BACKGROUND/QUALIFICATIONS
• Informatics engineer specializing in Security and electronic payment (ENSICAEN) - 2007
• Change Management (Orga Consultant) - 2008
• Audit Technics (Groupe Caisse d’Epargne) - 2007
• ISO27001 Lead Auditor (HSC) – 2011
PERSONAL INTERESTS
Family, Sports (e.g. Tennis, horse ridding), Projects (e.g. assembly of a think tank of CISOs and agilists to define an agile approach of the IS security)