-
Holiseum
- Co-Founder
2018 - maintenant
From governance to operations, Holiseum offers a holistic approach of cybersecurity, aiming notably to secure critical infrastructures (IT, OT, IoT), which has proved its efficiency during our incubation period (3 years) within a large industrial company from the french CAC40. We were able to contribute to demystifying industrial Cybersecurity and its handling with several BUs and dozens of industrial sites in France and worldwide. Thus, with our methodological expertise in engineering service offers, and technical expertise, we can give industrial companies the means to materialize at scale their velleity in terms of Cybersecurity.
-
ENGIE
- Deputy Head of ICS Cybersecurity Services // CISO
COURBEVOIE
2016 - 2018
Within Global Business Support / CITI / Cybersecurity Services department:
Building and managing (intrapreneurship) a Shared Service Center in Cybersecurity (up to 40 people), addressing the whole ENGIE Group expanse (24 BUs), with a holistic approach from governance to operations, and covering both IT and OT, with a deep specialization in Industrial Control Systems.
--- Deputy Head of CITI Cybersecurity Services, acting as Chief Operating Officer (COO) ---
• Contributing to the Service Center strategy, and defining/building the service offering, according to the BU needs, Group Cybersecurity governance, and market/threat trends
• Federating the team around the “why” and the Service Center strategy
• Designing and implementing the Service Center operating model, in agile mode to be responsive, adaptable and efficient (through process and ITSM tool)
• Monitoring and steering the internal operations to ensure that objectives and commitments are achieved, in line with the Service Center strategy
• Establishment of means for capturing and capitalizing values for service offering enforcement and development
• Identification of key resources and competences with establishment of a recruitment plan
• Definition of marketing and communication means to enhance the service offering visibility and business development
• Budget management with follow-up of the P&L and commercial performance
• Team management (objectives, performance reviews, internal mobility, appointment diversification, training plans, etc.)
--- Operational and delivery activities ---
• Chief Information Security Officer (CISO) for Business Units
• Leading and supporting cybersecurity regulation compliance program (Loi de Programmation Militaire, GDPR)
• Leading and performing cybersecurity audits (organizational, technical and human factor) on industrial plants
• Conducting cybersecurity-by-design risk analysis and recommendations in IT/OT projects
-
ENGIE
- IS Security & Risk Manager
COURBEVOIE
2012 - 2016
Among Energy Management Trading business unit :
-- IS Security and Risk Management --------
• Designing and implementing an IS Security Risk Management framework, compliant with Operational Risk and Internal Control
• Risk reporting to the management and business so they understand the most significant risks, effectiveness of risk mitigation initiatives proposal and have them arbitrated and treated
• Conducting an informational assets cartography/classification project in order to assess the confidentiality risk
• Designing and implementing a methodology for assessing Industrial Control System risk (SCADA)
• Conducting security in project methodology in IS delivery projects
• Conducting analysis on the Identity and Access Management system on process and tool level (applicative permissions, SoD process, control system)
-- Business Continuity Management --------
• BCP governance design, BCP Management for 2 user backup sites (Paris & Brussels), DRP Management for 4 Datacenters with different levels of technical solutions and maturity, crisis management policy
• Conducting a Business Impact Analysis project on 120 business processes among a large diversity of business activities
• Design and implementation of steering tools for managing the business continuity management activity on the overall scope
-
ENGIE
- Business Continuity Manager
COURBEVOIE
2010 - 2012
Among Global Gas & LNG Business Line / IS Division / IS Security Department :
-- Business Continuity Plan Management --------
Continuous business continuity needs assessment, external user backup site (IBM) operability maintenance, BCP tests strategy and coordination, designing and implementing business continuity risk analysis in IS project management process, business continuity awareness and change management.
-- Disaster Recovery Plan Management --------
Designing a DRP management methodology and framework to conduct a gap analysis between existing solutions and business recovery needs, in order to identify corrective and enhancement action plan. Coordinating DRP tests for critical applications.
-
Devoteam Consulting
- IS Security & Risk Consultant
Levallois-Perret
2007 - 2010
Among IS Security Risk and Organization Management practice :
-- Business Continuity Officer in energy industry sector (energy management) --------
User backup site request for proposal management (IBM/Sungard), business continuity plan settlement project, tests coordination, operability maintenance, crisis management test.
-- Business Continuity & Risk Analyst in banking sector (investment, retail and asset management banking) --------
Business Impact Analysis (BIA), IS risk analysis, business continuity needs interviews, business continuity strategy definition.
-
Bouygues Telecom
- Quality of Service monitoring officer
Meudon
2005 - 2006
Among GPRS & EDGE networks QoS and Support team :
• QoS probes network optimization project
• Key Performance Indicators definition and follow-up based on monitoring probes data delivery