Samado

Cybersecurity and Compliance Consultant

Expleo Group • Freelance

Sep 2023 - Present • 2 yrs 8 mos

Implementation and Governance (ISMS): - Implementation of the ISMS for Entities: Morocco, Belgium, Romania, and Iberia. - Transition of the ISMS to the new version of the ISO 27001:2022 standard and updating of more than 120 documents. - Alignment with organizational, human, physical, and technical security measures. - Deployment of security measures for more than 12 group entities. Internal Audits and Compliance (ISO 27001 / PCI-DSS / NIS2): - Internal audits of central functions and processes (France). - Audit of local IT processes and physical security. - Audit of local IT processes (Germany and the United Kingdom). - Audit of compliance with PCI-DSS requirements. - Local ISMS audit - Morocco (compliance with laws 05-20 and 09-08). External Audits and Certifications: - Preparation for LRQA certification audits - Initial audit in 2024 and surveillance audit in 2025. - Key achievements: Double certification obtained for HQ. - First certification obtained for Morocco. Risk Management and Governance: - IT and non-IT risk management for Expleo Group. - Annual update of the risk register. - Preparation of the risk treatment plan for 2026. - Consulting and auditing for IT and business teams on business continuity, risk management, and regulatory compliance. - Conducting the central Business Impact Analysis.

ISO27001 Lead Implementor

ACAPS • Freelance

Dec 2022 - Sep 2023 • 9 mos

Implementation of an Information Security Management System (ISMS). The objective was to strengthen information security governance and align internal practices with international standards. Key Activities: - Conducted a gap analysis against ISO/IEC 27001 requirements - Defined the ISMS scope and governance structure - Performed information security risk assessments and established the risk register - Developed and implemented security policies, procedures, and controls - Supported security awareness and internal communication initiatives - Contributed to internal audit preparation and compliance monitoring Deliverables: - Risk assessment methodology and risk register - Security policies and procedures - Statement of Applicability (SoA) - Internal audit documentation - ISMS governance framework

Information Security and Compliance Officer

AXA • Full time

Feb 2019 - May 2022 • 3 yrs 3 mos

I contributed to the implementation of an Information Security Management System to enhance the protection of strategic and financial information handled by AXA. The project focused on establishing a structured governance model and integrating security into organizational processes. Key Activities: - Conducted ISMS gap assessment and maturity evaluation - Defined information security governance structure and roles - Performed risk identification and risk evaluation workshops - Developed security policies and compliance documentation - Supported internal audit and management review processes - Business Continuity Plan (PCA,PRA,PSI,etc.) for the years 2019, 2020 and 2021 Exercice with Process Managers and Specialist of AXA. - Security Awareness Campaign to 2000 AXA collaborators. - Management of operational security, Audits and intrusion tests - Training CIMA teams across 4 entities (Cameroun, Gabon, CiV, Senegal) in Vendor Security management and Security by Design - Secured vendors by creating a cyber maturity questionnaire, identifying 20 critical vendors by risk assessment. - Managing Pentesting and Vulnerabilities Scanning Processes with the collaboration of external specialist (Confirmed Pentesters) - Security by Design & Software Security Audit with Qualys for 2 Internal Applications. Led IT resilience and business continuity programs (PSI, PCA, PRA) for critical information systems. - Conducted IT risk assessments and defined RTO/RPO objectives with mitigation plans. - Mapped cyber risks and implemented a remediation plan for 5 entities. - Led and support the Mulberry project (Cybereason, Backup Azure 365) Support Data Classification Project: - Collaborated with department heads to assess data (paper and digital). - Prepared an inventory of data, criticality, ownership, RTO, & RPO. - Coordinated disaster recovery testing to ensure operational readiness. - Compliance with Loi 09-08 and Loi 05-20 for Morocco.