CV ISO 2700x : Recevez gratuitement les profils qui vous intéressent

Résumé des missions de Romain,
freelance ISO 2700X résidant dans le Calvados (14)

• Consultant Manager – IT Risk Expert

  Groupe OnePoint
  2014 - aujourd'hui

  ENGIE EMT – Information System Security & Risk Management
  EMT is in charge of the energy market activities and gas distribution for ENGIE. The information system relies on 3 domains hosting more than 600 applications. It’s operated in an international context by multicultural teams. Information Security services operates in order to guarantee high security requierments (bank regulation).
   Security in project – Advisor regarding trading applications (security needs analys and security solution definiton)
   Audit coordination and follow-up on IT scope (Internal Audit, CAC, regulator audit, etc.)
   Definition and steering of the Segregation of Duties (SoD) management process
   Expertise regarding compliance and regulatroy subject (Prestation de Service Essentielle Externalisée, Trading Off Premises, etc.)
  MASTER 2i

• Entrepreneurship

  Custom made IT services for small business
  2012 - 2014

  Master 2i is an agile and custom-made information service management company dedicated to SMEs. From the beginning, Master 2I has built his strenght in understanding that SMEs are heaviliy concentrated on their core businesses. In relying on its capacity of identifying and understanding its client needs and its hability link them to a portfolio of innovative IT solution, Master 2I is able to provide a full range of efficient services to its customers.
  Skills acquired: Operational marketing : defining products to answer needs of small business at specific moment (leave, mergers & acquisitions, etc.), Communication & Business development (partnership, relation with prescriber, etc.)
  OTC Conseil
  IS Security & Operational Risks Consultant Since 2011 to 2012
  o Permanent Control System - Audit and compliance with regulation regarding PSEE (AsIs, target)
  o Permanent Control System - Internal Control over Financial Reporting (ICFR) assessment regarding externalised prestations (collection of evidence, testing and recommandations)
  o Definition of remediation action plan
  o Standard and regulation : ISO 2700x, ACPR/AMF

• Operational Risk Management

  AXA IM
  2011 - 2012

  Team Measurement & Certification assess on Permanent Control System involving the Back Office prestation operated by State Street Bank. These assessments were part of ICFR and SAS70 certification

• Crédit Agricole SA – Direction Financière
  2011 - aujourd'hui

  Ensuring compliance of Crédit Agricole SA with regulation (ACPR/AMF) of the prestation Market activities operated by Crédit Agricole Corporate and Investment (CA-CIB).
  PW Consultants

• LBP Financement / La Banque Postale Group - ISMS conception
  2010 - 2011

  LBP Financement is the joint venture among Société Générale and LBP which offers consumer finances solutions for LBP. The information system is operate by SG. In a context of managed IT services the mission objective was to define and implement the Information Security Management System (compliant with ISO 27001 standard)

• Association Européenne Payez Mobile (AEPM) - Facilitating Risk Workgroup
  2009 - 2010

  AEPM is an industrial consortium representing principal retail bank and telecom operators. Its goal is to define functional and technical specifications of the SIM Centric mobile payment solution. The objective of the mission was to identify most representative risk (eg. security and fraud) and specify risk management of the solution (eg. CC EAL4+, certification, Fraud management, risk assessment)

• IS Security & Operational Risks Consultant

  2007 - 2011

  o Facilitating risk groups or committees
  o Definition and implementation of security risk assessment methhodology, Information Security Governance (e. Processus, charter)
  o Infrastructure Cartography et business process
  IT/Opreationel risk assessment, definiton and implementation of compendsatory control
  o Standard and regulation : Global Plateform, EMV, ISO 8583, CC, ISO 2700x, ACPR/AMF

• Assistance to CISO / ORO

  CNETI, GCEP Caisse d’Epargne Group
  2007 - 2009

  GIE CNETI and GCE Paiement were respectively the infrasturcture operator and the users electronic payment system platform of Caisse d’Epargne Group. In order to comply with Basel 2 the mission obectives were to perform an infratsructure cartogaphy then a business process cartography in order to identify and to assess IT and operational risks
  Groupe Caisse d’Epargne

• Informatics engineer specializing in Security and electronic payment

  (ENSICAEN)
  2007 - aujourd'hui

• IS Security Project Chief

  2004 - 2007

  o IS Audit (attached to the Direction Inspection et Audit during 1 year)
  o Risk assessment et and IT process optimisation (eg. IAM & Backup)
  o Definition and implementation of the maintenance in operational condition of the BCP
  o Conception of the fraud detection process for electronic payment at the Front Office level (behavioural analysis)
  In relation to the CIO and interface with CISO, I have designed and implemented a set of projects to optimize the IS security management.
   EDUCATIONAL BACKGROUND/QUALIFICATIONS