You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
Malt Strategy
Anwar MazouzAM

Anwar Mazouz

Cybersecurity Specialist

EUR 890/Tag
Neuchâtel, CH
3-7 Jahre
Governance, Risk & Compliance (GRC)
IT-Security
ITSM

Durchschnittliche Reaktionszeit: 1h

Über Anwar

I help organizations quickly identify security gaps, strengthen their control framework, and achieve compliance with ISO 27001 and NIST CSF. With a strong mix of audit rigor and technical expertise. I deliver practical, risk-driven recommendations that teams can implement efficiently.
Beratungs- und Prüfungsdienstleistungen
Digitale & IT-Dienstleistungen
Digitale Geschäftsmodelle
Telekommunikation
Software-Hersteller

  • Französisch

    Muttersprachlich oder zweisprachig

  • Englisch

    Verhandlungssicher

  • Deutsch

    Grundkenntnisse

Vor Ort möglich
Neuchâtel (bis zu 50 km)

Projekt- und Berufserfahrung

  • Expert Suisse
    IT Instructor & Data Analysis
    Juni 2025 - Heute (1 Jahr)
    Teach IT risk assessment methodologies and controls for financial data to ensure integrity, confidentiality and availability.
    Teaching IT Risk Management Audit financier
  • Cantonal Audit Office of Neuchâtel
    Senior IT Auditor
    Januar 2024 - Heute (2 Jahre und 5 Monate)
    • • Cybersecurity maturity assessment (NIST CSF): action plan definition and remediation tracking with IT teams.
    • • Security architecture and control review against ISO 27001 / ISO 27002 (requirements, gaps, remediation).
    • • Detection/logging review: Splunk / ELK configuration (rules, dashboards, reports, retention, integrity, time sync).
    • • Vulnerability management review: Nessus program (configuration, scan cadence, reporting) and post-fix verification.
    • • Penetration test oversight for Internet-exposed internal applications; OWASP-aligned remediation follow-up.
    • • Active Directory security reviews (PingCastle, Purple Knight, ADRecon): password policies, identity lifecycle, privileges, service accounts, Kerberos risks, hardening, PKI/trusts and tiering.
    • • Network security review: Fortinet NGFW, firewall rules, IPS/IDS policies, segmentation and hardening recommendations.
    • • Secure SDLC review: development practices and configuration of Snyk and SonarQube; findings prioritized and fixed pre-production.
    • • SAP security configuration review (authorizations, auditability, security parameters).
    Planification Reporting Cybersécurité IT Risk Management Audit & Conformité : ITGC, SOX, HIPAA, PCI-DSS, RGPD, NIST 800-53, IRS, Bâle III
  • KPMG Paris
    IT Risk Consultant
    April 2022 - Januar 2024 (1 Jahr und 9 Monate)
    • • Security control assessments: scoping, workshops, reporting, and action plan follow-up with IT and business stakeholders.
    • • Gap analyses and recommendations aligned with standards (including NIST where applicable); remediation roadmap and prioritization.
    • • Cloud security reviews (Azure, GCP, AWS): governance (policies/procedures, HLD/LLD, RACI, KPIs) and best practice alignment.
    • • Cloud architecture controls: segmentation/filtering, WAF, public/private zones, NSG rules, hardening and compliance requirements.
    • • Cloud IAM: RBAC, MFA/conditional access, secret rotation, just-in-time access, PAM/PIM and periodic access reviews.
    • • Logging/monitoring/detection: sensitive log collection, retention, secure storage, SIEM forwarding, SOC use cases alignment.
    • • Vulnerability/patch management in cloud: coverage, target definition via ITAM/CMDB, scan frequency, remediation governance and tracking.
    • • Resilience review: DR/BCP (RTO/RPO), redundancy, backup strategy and restore testing requirements.
    • • CRM security review: risk analysis, access control, audit logging, security requirements and action plan.
    • • IT Asset Management / CMDB review: data quality (ownership, criticality, traceability) and impact on vuln/access/patching.
    • • Designed and delivered NIST-based cybersecurity training for KPMG consultants.
    Cybersécurité Audit Advisory IT Strategy IT Project Management
Gesamte Berufserfahrung von Anwar ansehen

Empfehlungen

Sei die erste Person, die Anwar empfiehlt

Teile Deine Erfahrung aus der Zusammenarbeit mit diesem Freelancer.

Diese Freelancer passen auch zu Ihren Kriterien

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Anmelden, um Profile zu sehen

Ausbildung und Abschlüsse

  • Specialized Master's in Information Systems Management
    CentraleSupélec –
    2022
    Specialized Master's in Information Systems Management
  • Engineering Degree
    ECAM LaSalle
    2021
    Engineering Degree
Ausbildung und Abschlüsse von Anwar ansehen

Fähigkeiten

Management von Cybersecurity-Vorfällen
GRC (Governance, Risiko & Compliance)
Least-Privilege-Prinzipien
Security-Awareness-Training
Risiko- & Schwachstellenbewertung
Datenintegrität & Governance
Agiles Projektmanagement
Digitalisierung
IT-Projektmanagement
IT-Strategie
ISO 27001
Audit & Conformité : ITGC, SOX, HIPAA, PCI-DSS, RGPD, NIST 800-53, IRS, Bâle III
Swift

Kategorien