Championing a revolution in GRC!

- Completed a security compliance certification cycle from scratch that was started over 18 months prior in only 2 months, enabling over 20 million in revenue- Obtained the TISAX certification for 3 locations, 3 products in only 2 months, gathering over 350 pieces of evidence internally- Managed expectations and did regular status updates with Senior VPs and above (up to regional CEO) during the first phase of the program- Created an internal site hosting weekly status reports for the EMEA-wide GRC team- Drove the project from both an operational perspective and from a management perspective- Created a Slack-driven workflow for the audit to manage the relationship with auditors and evidence analysis- Built a relationship with the program manager of the TISAX certification body- Delivered the project on time, on budget and kept every business stakeholders informed with the adequate level of depth on a need-to-know basis

- Managed incoming requests from Sales team, including answering security questionnaires and engaging with customer supplier assurance audits- Led the Security Awareness Program, delivering sessions and writing internal and external security communications- Uplifted the ISMS program and successfully underwent the full ISO 27001 audit- Handled our IT risk management process and conduct regular risk interviews with internal stakeholders- Maintained Cyber Essentials and achieving the Cyber Essentials Plus certifications- Leveraged internal security expertise to improve our own security posture and processes- Participated in the Security Vulnerability Management process with Application Security Lead, Penetration Testers and Software Engineers using CVSS- Led a monthly Security Governance meeting for Engineering, Infrastructure, QA, IT Support, Product Managers and Development

𝐒𝐭𝐚𝐭𝐞-𝐨𝐰𝐧𝐞𝐝 𝐂𝐨𝐦𝐩𝐚𝐧𝐲:- Built Security Dashboards for the CISO of a 60,000-employee company with 20 KPIs and assessed its security posture- Crafted 4 detailed risk scenarios based on Qualys vulnerability extracts using ISO 27005's risk assessment framework- Designed an information security roadmap for 2020 based on the dashboard KPIs with 6 axes- Produced a strategy for NIS Regulations compliance in 2021 spanning over 23 domains and 137 key controls𝐀𝐟𝐫𝐢𝐜𝐚𝐧 𝐎𝐢𝐥 & 𝐆𝐚𝐬 𝐂𝐨𝐦𝐩𝐚𝐧𝐲:- Drafted a Data Classification Policy for a 20,000-employee company accounting for its risk appetite and GDPR compliance- Built a Cloud Eligibility tool prompting Product Owners to perform a CIA and data privacy impact assessment and outputting Public Cloud storage eligibility𝐅𝐫𝐞𝐧𝐜𝐡 𝐆𝐥𝐨𝐛𝐚𝐥 𝐑𝐞𝐭𝐚𝐢𝐥 𝐆𝐫𝐨𝐮𝐩:- Performed a GDPR maturity assessment for a 220,000-employee retail company; analyzed over 30 documents and conducted 4 workshops𝐄𝐘:- Managed 2 interns when building the Cyber Threat Intelligence capability, proofread and reviewed their work- Released 20 weekly threat reports sent to the CISOs of 3 companies in the Oil & Gas, Construction, and FMCG sectors

- Auditing the Information Security Systems Policies using the ISO 27002's 114 controls.- Completed the first translation of their information security policies in English- Worked on an internal awareness cybersecurity questionnaire directed to fellow consultants in other service lines