Daniel GNANA


En résumé

Experience in IT audit since January 2009.
Auditing regulatory compliance, infrastructure security, lifecycle management; governance, organization sturdiness.
Audit assignments focused on major risks : failure against national regulations, confidential data disclosure, IS breakdown or ineffectiveness, non-conformity to customers’ needs, drifting in project duration & cost.
Over 20 years experience in IT with as a result a sound background in team management (up to 35 people) i.e planning the audit missions, scheduling and monitoring the tasks, ensuring the audit results to be delivered in a timely manner.
Utilizes strong skills in communication to gain comprehension from auditees (executives, managers, developers, etc…) about the existing risks and the related necessity to build actions plans related to audit recommendations.
Encourages collaborative working and inspires trust and confidence in clients and colleagues.
Keeps abreast of new IT audit areas (e.g. cloud computing, BYOD).

Mes compétences :
Direction de projet
Sécurité informatique
Data mining
Loi Sarbanes-Oxley



    2009 - maintenant Successfully carried out over 20 IT audit assignments in several areas (Banking, Automotive, Accounting, HR, Logistics):
    - Leaning on COBIT, have scanned many organizations in terms of team follow-up, management of the competences, of the third parties, of the projects, budget monitoring, etc… to mitigate the risks mainly of suppliers failure, key-man loss, financial loss, IS breakdown, non-conformity to the law or to the customers’ needs; concerned organizations are
    o central Dpts such as the “PSA core data center”
    o subsidiaries across the world including Europe, Russia, China, South America
    - Concerning data center, have scrutinized the processes (change management, service level management, incident management, security management, etc…) by leaning on ITIL standard
    - Leaning on CMMI, have inspected around 30 IS in terms of lifecycle mastery (planning, budget, time management, milestones, deliverables, deadline, etc…), customers’ needs conformity, regulatory compliance, quality, efficiency and security of the code;
    - Leaning on ISO27K, carried out a security audit (risk analysis; security policy; assets management; security of the personal; telecommunications, accesses control; maintenance; regulatory compliance), throughout the PSA organization.
    - Regarding protection against intrusion, have conducted vulnerability testing on several PSA servers and local area networks
    - Regarding protection against fraud, have performed multiple controls upstream the lifecycle by checking the SOD (segregation of duties) via business rights matrixes; and downstream by ensuring rights reviews practices and also using CAAT (computer associated audit tool) like IDEA; e.g to detect any probable default or malevolence inside financial flows.
    - IT audit missions covers not only IT Dpts, but also business Dpts; hereafter 2 real-life examples :
    o whilst auditing confidential data protection regarding car design schemas, desktop and laptops of the designers are checked
    o checking DRP (disaster recovery plans) leads unfailingly to the study of BCP (business continuity plan) and the necessity to interview the managers of the concerned business Dpt.
  • PSA Peugeot Citroën - Responsable de projets

    Rueil Malmaison 1995 - 2008 Carried out several projects in logistics area, within which
    - a 2000 men/days project (named “NRE”) to thoroughly transmit the reference of European Community compliance from the National authorities to the car registration document and down to the engine itself
    - some major enhancements to the supply chain I.S, in order to streamline and optimize the manufacturing flow along the assembly line and down to vehicle transportation
    Provided business analysis for the maintenance of 15 supply chain applications related to eleven plants located in France, Spain, Portugal, UK, Italy
  • PSA Peugeot Citroën - Consultant en méthodologie informatique

    Rueil Malmaison 1991 - 1994 Provided expertise for a a large team of IT managers to support the lifecycle of projects currently being undertaken in terms of planning, design, team leading, tests and drifting into Production
    Implemented methodology and tools (e.g. IEM/IEF) to enhance productivity in the lifecycle
  • PBA - Directeur de projets

    1989 - 1991 Successfully carried out the migration of a data center from one region to another, which included a technological change of the operating system and about a hundred applications maintained by a team of 35 analysts and developers