Chr*** D.

Protection contre la perte de données, DLP, Évaluation des risques, Gestion des risques opérationnels

Member at Observatoire des Risques Opérationnels

• Location: Genève, Suisse
• Duration: 2024-05 to Present
• Description: www.oprisko.ch Operational Risk Advisory (Oprisko) is a non-profit organization based in Geneva in french speaking Switzerland. One of the goals of this association is to conduct studios and research in the field of risk management.

Data Security & DLP Engineer at Confidential

• Location: Genève, Suisse
• Duration: 2024-01 to Present
• Description: • Design and implement the overall system security strategy in alignment with business objectives and standards Regulatory • Propose and maintain security policies, procedures and standards, ensuring their compliance with IT best practices • Assess the risks and vulnerabilities of the information system, as well as potential threats, and implementation of preventive and corrective actions appropriate. • Coordinate internal and external security audits, following up on recommendations and the resolution of identified problems. • Oversee the management of security incidents, including incident response, Evidence gathering and collaboration with competent authorities as appropriate. • Develop and implement business continuity and recovery plans disaster to guarantee the availability and integrity of information systems. • Carry out a constant technological watch to stay informed of the latest IT security trends and threats, and recommend innovative solutions to strengthen the company's security posture.

ICT Security Engineer at Etat de Fribourg - Staat Freiburg

• Location: Fribourg, Suisse
• Duration: 2022-02 to 2023-12
• Description: Definition of a 3-year cybersecurity program including technical audits, implementation of ISO 27001 and a risk management methodology... for the Head of SITel Technical Section • IAM governance proposal to replace EmpowerID with redefinition of Rights and Access Process (In, Out and Move) • Participate in the preparation of the AOP IAM and SOC • Participate in the implementation of the Forcepoint DLP solution to replace Trend Micro for monitoring and data protection. • Optimize DLP rules to improve the detection and prevention of data. • Definition of BPMN vulnerability management processes from the SOC, the sector Security, the Users Sector, the Governance Sector and the Downstream Infrastructure Sector • Proposal for the creation of a new Security Competence Center within the Security sector in order to deal with related topics • Participation in the update of the SITel security policy • Participation in several application migration projects such as the Secure one BluePrint from Kudelski Security to Microsoft Purview • Proposal of a functional mapping of the entire security sector infrastructure • Definition of functional and technical requirements in order to prepare for a future call IAM and SOC public offerings

ICT Security Architect at BNP Paribas in Switzerland

• Location: Genève, Suisse
• Duration: 2020-09 to 2022-01
• Description: Assistance mission of the CISO and then of the Head of Architecture ofBNP PARIBAS SUISSE within the Digital Application Security Team (DAS) of the IT Department and the Architecture Technical Governance team in an international context: Singapore and Mumbai • Instructed in English the security of a portfolio of 120 projects at different levels of confidentiality, availability, integrity and traceability as well as the level of sensitivity of the (DTC according to FINMA) in the multi-party architecture committee International stakeholders: Singapore and Mumbai • Manage and optimize the Varonis Data Security Platform to protect data structured and unstructured. • Analyze user behaviors (UEBA) to identify insider threats. • Raise awareness among users about best practices and the risks of data leakage. • Manage Varonis DLP software updates and security patches. • Manage, modify, and update policies on an ongoing basis to meet Developments in threats and FINMA's regulatory requirements. • Carry out certain security tests necessary for the examination of sound projects portfolio including SCR, SCA, SAT, FSAT, SAST and DAST. • Participate in all architecture committees as a representative of the security teams in Switzerland for projects in its portfolio • Perform project risk analyses only in case of high levels confidentiality, availability, integrity and traceability and then maintain the Cyber risk mapping of the security department

CISO & DPO as a service at Nestlé

• Location: Paris, Île-de-France, France
• Duration: 2020-01 to 2020-08
• Description: -Head of data privacy & security governance. -Internal non-compliance audit of data privacy risks, action plan, remediation plan ... -Be the guarantor of the operation of the Information Security Management System (ISMS, based on ISO / IEC 27001: 2013) as a Lead (Animation of Management Reviews, monitoring of risk and control reassesments, organization of internal audits (Independent Review) and external (KPMG). -Animate the compliance pillar within MIT to support the functional teams on Security topics (Deliverables: preparation of media, prioritization of the teams' forecast activities, up-to-date indicators, reports). -Bring support for the ServiceNow solution for the Application Portfolio Management areas, I train LGO employees and ensure compliance with the standard linked to the GDPR (General Data Protection Regulations). -Coordinate and animate the Cloud Service Review Management in relation with the Security Operation Center and the MIT & Business teams (Deliverables: Security Compliance Index at the required level, up-to-date documentation, compliant solutions). -Be the guarantor of the dissemination and respect of Policies, Standards and good practices. -Be the contact point of the SOC (Security Operation Center) and I coordinate the resolution of Security incidents as a first level. I am the point of contact for NIA internal auditors on the security field. -Be the guarantor of the implementation of compliance management tools by the Group, and I am in contact with KMPG auditors, the National Agency for Information Systems Security (ANSSI) and the IT department of Cloud solution providers. - Use of Trend Micro DLP for data protection across multiple channels. - Development and updating of DLP policies to meet regulatory requirements.