SPARTIS is a consulting firm with a dual expertise in both IT security and project management. Thanks to many years of experience in the various fields of insurance, finance, government and public administration, SPARTIS provides clients (CISO, CIO/CTO) with expert advice and ongoing support to achieve their security and/or IT transformation projects on scope, on time and on budget.Last years main experiences were the following:> Crédit Agricole SA : PKI Senior Consultant > La Banque Postale : IAM Senior Consultant > AXA GIE : CyberSecurity Program Manager> Allianz Informatique : Strong Authentication Senior Consultant> BNP CIB : Strong Authentication Senior Consultant > AXA Group Solutions : CyberSecurity Program Manager> AXA Partners : CyberSecurity Program Manager> Solvay : CyberSecurity Program Manager> Hôpitaux Universitaires de Genève : IAM Senior Consultant > BNP Paribas : CyberSecurity Project Director

** ITGP :> IAM Redesign: Leading the highly visible project of migrating the Technical Account Management solution (CA Broadcom SiteMinder to SailPoint IIQ) - Project team: 1 project director; 2 project managers; 5 technical-functional contributors; 1 integrator team - Actions: definition of strategy, governance, budget, planning, staffing, presentation to top management for validation; RFP steering for target solution integrator; daily tracking of actions and schedule in JIRA - Governance: monthly steering committee; weekly operational committee; daily operational meetings; weekly progress report to Group CIO and Group CISO> Privileged access: management of the campaign to clean up orphaned/illegitimate accounts (OS and Middleware) – communication and on-boarding of the 17 user entities; weekly reporting to the Group's top management (G-CIO, G-CISO, G-CTO)** BP²I Operational Security:- Cybersecurity Program manager: Design of the security project portfolio and the implementation roadmap. Creation of tools for program management and communication with internal customers. - Offering manager: Update of the security service offer (service catalog, costs, billing methods, pre-sales coordination) - Risk manager: Implementation of the follow-up of security audits and associated risk sheets and remediation plans; reporting and negotiation with internal audit.- Project manager: Management of the organizational changeover of the Operational Security teams from BP²I to ITGP/ProdSec (200 people): internal and external resources, budgets, licenses, service contracts, tools, logical and physical accesses, representation before employee representative bodies

Preparation of editor RFI/RFP to replace their identity management solutionStudy of IAM solutions: SailPoint, Oracle, Evidian, UserCube, Enovacom

- Creation of the projects portfolio and the implementation roadmap based on the NIST framework (governance, data protection, vulnerability and alert mgt, IAM, Cloud security, applications security, Incident response, awareness): scoping of each project, identification of stakeholders, implementation of governance, gap analysis of security needs/technical-functional solution chosen, change management, planning, budget- Definition of dashboards and management indicators- Program governance setup

- Management of the Global Solutions cyber project portfolio for AXA Partners (IAM, SOC, SIEM, vulnerability mgt, DLP)- Definition of reporting formats for the entire program- Deployment of the SOC/SIEM (Splunk tool) for the different subsidiaries (use-cases identification, coordination of technical workshops, definition and implementation of L1-L2-L3 processes and organizations for the SOC, change management, definition of management reports, etc.)- Design and implementation of the user account recertification campaign

- Management of the Security project portfolio for AXA Group Solutions- Comparative study of different IAM solutions (market vs. Group solution)- Preparation and implementation of the user account recertification campaign for all AXA GS systems and applications - Study and realization of proof of concept of innovative strong authentication solutions (Yubico, Logmote)- Design of SSDLC service offerings (SAST, DAST)- Preparation, implementation and follow-up of remediation plans for audit recommendations

Study of the use cases and evolution scenarios of the "SmartPass" offer, a single badge solution for both physical and logical access

Comparative study of existing solutions (smart card, hard/soft token, biometrics, Bluetooth, etc.) with regard to use cases (fixed users, nomads, physical access control, tablets, smartphones, etc.)

**AXA GIE**- Design of the 2015-2016 cyber project portfolio (DLP, application remediation, NAC study, recertification of user accounts, user awareness, etc.); Management of security project managers, project management coordination- Management of the DLP project for AXA GIE (Digital Guardian)- Monitoring of the implementation of Group requirements and reporting- Follow-up of audit recommendations (internal audits, PCI-DSS, etc.), definition of action plans

- Scoping study for the redesign of authorizations management- Analysis of current system for authorizations management (business roles, profiles, associated rights, etc.), elaboration of the specifications for an editor RFI

Opportunity study on the evolution/replacement of the Group PKI in a data protection context

In charge of delivering SGCIB worlwide Information Security program consisting of 13 projects among which:- Technical accounts recertification and deployment of tools allowing control of IT accesses- Implementation of Network Access Control- Enhancement of existing remote access platform- Strong authentication rollout in Regions- Implementation of email profiling for data protection

Strong Authentication Project Manager in charge of specifying and deploying within SG CIB a single badge for both accesses to premises and information system thanks to a digital certificate stored onto the smart card and protected by a PIN code; Single Sign On covering a broad scope of applications for users’ daily experience enhancement. Specifications of the technical and functional evolutions (clusters and delegations management) required for the solution to best fit investment banking needs (multiple workstations per users, activity handover, traveling and remote working) and constraints (high availability, no impact on workstation performances)Specifications and setup out of a service in charge of enrolling and making available to end users more than 500 business applicationsSpecifications and setup of organization and processes needed to handle badges lifecycle managementCreation of all materials related to change management (communication, training and troubleshooting) : leaflets, user guides, information mailing, website, billboards, video clip Organization and coordination of the migration period (11,000 users in Paris migrated in 5 months)Global project manager for worldwide deployment (London, New-York, Hong-Kong, Singapore, etc.): 5,000 users