Description

Is your organization navigating DORA, NIS 2, the EU AI Act, or FINMA compliance while trying to build a resilient security architecture?

I help CISOs, CIOs, and executive teams turn complex regulatory pressure into structured, actionable security programs.

With 15 years of cybersecurity leadership across financial services, energy, and management consulting — including 5 years as Senior Manager at PwC France — I bring a rare hybrid expertise that combines three capabilities most consultants deliver separately: strategic GRC leadership, hands-on security architecture, and end-to-end project delivery.

What sets me apart is my depth in AI Security: I design LLM governance frameworks aligned with NIST AI RMF and EU AI Act, and I conduct adversarial testing of AI systems — a niche few senior profiles can offer.

Typical engagements include: fractional/virtual CISO missions, Zero Trust & cloud security architecture (AWS, Azure, GCP), large-scale TPRM programs (1,400+ vendor assessments/year at PwC), DORA/FINMA/NIS 2 compliance roadmaps, SOC design and deployment (IT & OT/ICS), and C-suite security reporting via Power BI dashboards.

Advanced training completed: CISSP · CISM · CISA · CRISC · CCSP · TOGAF · CEH · CARP · CAISP · AIGP · OSCP

Based in Gaillard (74), 15 min from Geneva — available for Swiss, French, and international remote contracts

Languages

French
Native or bilingual
English
Native or bilingual
Spanish
Conversational

Workplace preferences

Can work on-site

Lausanne (up to 50km)

PwC
Senior Manager GRC, TPRM & Security Architect
CONSULTING AND AUDITS
January 2020 - September 2025 (5 years and 8 months)
France
▸ GRC Leadership — Supervised GRC programs: third-party risk, internal controls, audits, regulatory compliance (ISO 27001, NIST CSF, GDPR, DORA, EBA).
▸ TPRM at Scale — Managed 1,400+ annual vendor security assessments end-to-end: scope, questionnaires, evidence collection, scoring, risk committees, go/no-go decisions. KYS due diligence and contractual security requirements (MSA, SLA, OLA).
▸ Cloud Security — Validated 300+ architectures/yr. Secure GCP→M365 migration. Azure Key Vault + GCP KMS on 100% of critical workloads. 70% reduction in critical cloud vulnerabilities via Prisma Cloud CSPM.
▸ AI Governance — Built LLM governance framework (EU AI Act, NIST AI RMF). Adversarial testing with Garak, Counterfit, Cranium, HiddenLayer.
▸ Team Management — Managed 2 teams (8 experts): SOC + vulnerability management. Monthly COMEX reporting via Power BI. 40% vulnerability reduction KPI.
IT Architecture GRC (Governance, Risk and Compliance) Data Privacy (GDPR, CCPA) Cybersecurity Incident Management Analyse de risques
Inetum → ESP Bank
Cybersecurity Architect & Project Manager
BANKING AND INSURANCE
June 2019 - December 2019 (6 months)
Paris, France
▸ TOGAF ADM architecture design integrating SentinelOne, Cisco NAC, Wallix Bastion — HLD/DAT documentation.
▸ Security audit of existing architectures: network flow correction, firewall optimization for GDPR compliance.
▸ Digital transformation & change management: process modernization and post-deployment impact validation.

🗂 PM: End-to-end project management of OOdrive migration and RSA deployment
• · KPI dashboards for steering committees
◦ · Deliverable planning (ITIL).

Tech: Windows 10/7, RSA, Wallix Bastion, SentinelOne, Cisco NAC, Citrix, Change Auditor
Gestion de projet Audit de sécurité IT Architecture Cybersecurity GRC
Inetum → LCL Bank (Crédit Agricole Group)
Cybersecurity Architect & Security Project Manager
BANKING AND INSURANCE
September 2016 - June 2019 (2 years and 9 months)
Paris, France
Nearly 3-year engagement at LCL, a major French retail bank within the Crédit Agricole Group. Dual role as Security Architect and Project Manager, responsible for the Windows 10 migration program, endpoint security modernization, and security governance reinforcement across the bank's entire IT estate.
▶ Migration & Security Modernization▸ Windows 10 Migration Piloted the full technical migration from Windows 7 to Windows 10 across the entire workstation fleet, with SCCM deployment for centralized patch and configuration management.▸ Endpoint Security Reinforcement Integrated SentinelOne (EDR) and Symantec Endpoint Protection v14.2 for advanced protection of workstations and servers.▸ Privileged Access Management Deployed CyberArk for administrator identity and secrets management aligned with Crédit Agricole Group policies.▸ Network Access Control Deployed Cisco NAC for network segmentation and policy-based access restriction across the bank's infrastructure.
Analyse de risques Cybersecurity Incident Management Audit de sécurité Gestion de projet Cybersécurité