Dec 2023 – Present · 2 yrs 5 mos · Paris, Île-de-France, France · Remote

• Better ISMS is a tech company building tools and offering consulting services. We mainly provide ISO 27001 consulting services to startups (ISO 27001 implementation) and outsourced internal audits (ISO 27001), even though we're familiar with other frameworks (GDPR, DORA, SOC 2, ISO 42001, NIS 2, AI Act).
• From our creation, we worked hands-on with dozens of tech, AI-native startups (based in San Francisco, Dublin, Munich, Paris) to get them ISO 27001:2022-ready within a couple of months (unlike some snake-oil sellers, we don't promise you it's going to take only a couple of hours. ISO 27001 requires work, both short-term and long-run, and even if you get help, there are some actions only your company can perform. You can take shortcuts but at some point honest auditors will notice and it's not going to be fun).
• Our internal audit services leverage our experience as both ISMS implementers and ISO 27001 lead auditors to challenge your preparation and make sure you're ready for the external audit. We do our best to raise the bar so that you can fix non-conformities and work on opportunities for improvement. We educate the auditees by explaining to you the next steps and how external audits are performed.
• Finally, since we do the work ourselves, we get plenty of ideas to improve the GRC space, especially leveraging AI, or simply practical guidance. This led to the creation of tools such as ISMS Copilot (ismscopilot.com), ISMS Mappings (ismsmappings.com), StackGRC (stackgrc.com), Use AI Securely (useaisecurely.com), or the ISMS Directory (ismsdirectory.com).

Sep 2022 – Mar 2025 · 2 yrs 6 mos · Barcelona, Catalonia, Spain

• Led the development and implementation of Kantox's risk management framework, achieving successful ISO 27001 certification in the first year, followed by passing all surveillance audits. Implemented GRC processes for company-wide risk assessments, including reporting to the board on key risks and mitigation strategies.
• Key responsibilities and achievements:
• Coordinated the full lifecycle of ISMS documentation, including policies, procedures, and Statement of Applicability (SOA) under ISO 27001.
• Oversaw ISMS implementation, conducting risk assessments and treatments to identify and mitigate information security risks across the organization.
• Managed vendor assessments and supplier alignment with security requirements, ensuring third-party compliance through security and contract reviews.
• Planned and facilitated internal and external auditing efforts, preparing evidence and leading initial certification audit/surveillance audits to achieve and maintain certification.
• Supervised extraction and analysis of security KPIs, reporting metrics to the board for informed decision-making on risk and compliance.
• Implemented GRC tools and processes for ongoing risk monitoring, treatment, enhancing organizational resilience.

Sep 2019 – Sep 2022 · 3 yrs · Région de Paris, France

• Goals of the mission for BNP PARIBAS PERSONAL FINANCE : realize risk cartography, deploy risk management tools; increase performance of KRI/KPI collection, consolidation, reporting and monitoring within an IT Risk department.
• Missions :
• Risk Cartography: Mapping the entity's IT risks, defining action plans and making sure they are implemented.
• IT Risk Assessment: Creating and supervising audit services related to IT risk assessment of suppliers. We created different assessments depending on the contracting stage (pre-contract or contract renewal) with the supplier. The services are now performed 50 times/year by cyber engineers that I trained and supervised.
• IT Risk Project Management : Steering the deployment of the ServiceNow tool for risk management of the entity and its international branches. Coordinating the deployment of a dozen risk management modules to be used by all entities' subsidiaries.
• Key Risk/Performance Indicators : Coordinating the collection of key risk indicators (vulnerabilities, security incidents, issues caused by changes, outsourcing audits) in France and in the bank's international subsidiaries, and organizing the reporting of alerts to top management.

Sep 2017 – Sep 2019 · 2 yrs · Région de Paris, France

• As part of my apprenticeship at the Information Systems Office of the French Ministry of Health, my main mission was dedicated to project management, as part of the deployment of a Sharepoint solution dedicated to 1000+ end users.
• Project Management Activities – Product Owner:
• Taking part in project governance and comitology (Kick-Off, Strategic Committee, Steering Committee) and managing Project Committees to coordinate present and future actions.
• Product ownership: Defining user stories and functional requirements for information-sharing platform; managing a backlog, validating sprints as part of an Agile Project, coordination with the entity in charge of the implementation of the project.
• Product conformity: participation in the choice of solutions and their configurations (Sharepoint Online, Yammer), carrying out tests, determining future developments
• Deployment management: change management approach (user training, communication)
• Day-to-day management: Administration of a platform of more than 1000 users, operational maintenance of the platform, user support, collaboration of a team of developers to meet the challenges encountered and automate processes.