Grégory Commin

• Manage cyber security incidents

• Back up of Manager

• Identify and implement security measures for all projects

• Manage vulnerability assessments and reports

• Support design for whole projects and provide the best security measures

• Develop and maintain KPI and security Dashboard

• Implement security by design for all projects

• Support and advise DevSecOps framework

• Update security policies

• Define and implement the company's cybersecurity vision, mission and strategy

• Advise clients on cybersecurity best practices and strategic initiatives

• Develop and execute a business growth plan, including service expansion and partnerships

• Ensure compliance with industry standards (NIST, ISO 27001, GDPR, FINMA…)

• Provide Security guidance (technical architecture review, security risk analysis, DPIA etc.) and assist the Business, the DPO and IT correspondents throughout projects

• Drive external audit for our clients

• Establish, manage and develop my team GRC team SOC team Pentest team

• Build the SOC department and manage all SIEM deployment and KPI with technical team Validate the design and deployment of the key controls Review security architecture

• GRC team: Lead risk assessment (ISO 27005, EBIOS RM) Lead ISO audit and governance for all our clients Define awareness campaign for our clients Provide technical review on architecture (OnPremise and Cloud) Implement cybersecurity standards for our clients

• Pentest team Schedule all pentest (Web application, network, industrial, OT, code review) Review of all technical and managerial reports Point of contact for all clients Define vulnerability management process

• Experience in managing complex stakeholder relationships

• Ensure profitability while maintaining high quality service delivery

• Oversee legal and regulatory compliance in all service operations

• Optimize monitoring and organization process.

• Allocates activities and objectives

• Controls the running of the activity through regular monitoring (quality, respect for schedules…)

• Brings its expertise in the different fields.

• Inform, provides feedback, formalizes HR processes

• Recruit, train and retain cybersecurity talent

• Develops its employees, appreciating the needs of training and/or support.

• Establish a culture of continuous learning and professional development

• Collaborate extensively with the IT department to guarantee the security of systems

• Assess, challenge and review vulnerabilities criticality to deliver risk- based insights useable by business stakeholders (DPO, workplace …)

• Implementation of security best practice for application migration to the cloud (move to the cloud)

• Cloud infrastructure Security Audit

• DevSecOps in Azure Cloud

• Risk Analysis ISO 27005: Identify and analyze security risks, recommend appropriate

• Remediation plan and document all components in clear business-Intelligible language

• Cloud Architecture and Security Tool benchmark

• Support Cloud Security Policies

• Attendee security committees and share the security requirements

• Review of Security clauses in contracts (third parties)

• Third-Party Audits to ensure Groupe Compliance

• Reviewing existing security standards, making recommendations, and updating the documents in line with best practice

• Hardening (security) Cloud components