Sébastien Tauban
Information Security Consultant | Risk Analysis
2 recommandations
Salaire / Taux journalier
2 personnes recommandent
01210 Ferney-Voltaire, France
Freelance
À distance uniquement
Expertises
Langues
À propos
Introduction
Information Security & Risk Consultant with 10+ years of experience helping organizations structure, govern, and prioritize their security posture. Specialized in risk analysis, ISO 27001 programs, and CISO-as-a-Service, I work at the intersection of security, compliance, and business decision-making. Experienced in financial and corporate environments, with a focus on governance, audits, incident readiness, and third-party risk. Remote-first consultant.
Expérience de travail
Information Security Advisor
SOLUSS
sept. 2023 - déc. 2023
4 mois
Nyon, Vaud, Suisse
Information Security consulting for financial and leisure sectors Analysis of project security documentation to support operational teams; Definition of incident response plans (identification of needs based on risks, identification of capabilities and potential gaps in the structure to respond to incidents, drafting of plans in particular for the identification, containment, eradication and return-to-normal stages); Analysis and assessment of Information Security risks in various contexts, using different methods (COSO, ISO27005, Octave Allegro, etc.); Participation in the definition of security standards; IS audits based on the CIS framework; Analysis and response to phishing incidents reported by customers.
Senior Advisor
Supplier Shield
janv. 2022 - oct. 2023
1 an 10 mois
Suisse
We help organizations secure the integrity of their supply chain through in-depth assessments, backed up by our certified auditors' analysis.
Abilene Advisors
déc. 2019 - oct. 2023
3 ans 11 mois
Suisse
Senior Advisor
janv. 2022 - oct. 2023
1 an 10 mois
Suisse
Associate Advisor
déc. 2019 - janv. 2022
2 ans 2 mois
Switzerland
For multiple clients and organizational contexts: Information Security and Business Continuity Management Systems gap analysis; implementation, audit and maintenance; policy elaboration; CISO as a service; Audit 360 for security; Projects for data valorisation and protection. Day to day tools: ISO 27001; ISO 22301; ISO 27701; COSO; Octave Allegro; EBIOS, etc.; Suppliers’ information security audits; Definition of objectives and KPIs of Information Security
IT Internal Controller
Euler Hermes
nov. 2015 - août 2018
2 ans 10 mois
Paris Area, France
Monitoring of the IT internal control framework ICOFR (ex SOx) for France, Germany, Italy and Corporate entities; set up of control automation and indicators of risks monitoring thanks to tools and databases queries; audit follow-up (internal / external) and managers support during audit missions; Monitoring the monthly reporting for Solvency II data quality; set up of IT risk framework monitoring; identification, follow up and control of essentials and critical providers; preparing the presentation supports for the IT board; coordination of external auditors for regulators request or ISAE3402 certification.
Internal Controller
STET
nov. 2014 - oct. 2015
1 an
Paris Area, France
Identification and evaluation of operational risks; implementation and follow up of first and second level of control; audit and recommendations follow up, operational support to design action plans in order to correct the issues highlighted by audit; incidents analysis and writing reports with the proposition of correction plans to limit the risks; preparing the presentation supports and the Internal control report for the Audit Committee. STET is a key structure for banking sector with all complexity that it implies for this kind of structure.
IT Internal Controller
Amundi
avr. 2013 - oct. 2014
1 an 7 mois
Paris Area, France
Mission for Consort NT (IT Service company). Implementation of internal control system and its governance on SharePoint (risks cartography and control plan) based on COSO model within Amundi IT Department and within all processes (operations, development and transversal); integration of specific controls within Group Crédit Agricole reporting; preparation of internal control report and presentation supports for Board of IT Department; proposal of action plans on the areas of risk to Board of IT Department; coordination of external auditors in the context of ISAE3402 certification; follow up of audit’s recommendations.
BNP Paribas
avr. 2010 - mars 2013
3 ans
Paris Area, France
Functional Architect
sept. 2011 - mars 2013
1 an 7 mois
Paris Area, France
Mission for Consort NT (IT Service company) in order to join an outsourced team dedicated to the IT architecture and urbanisation. In charge of IT systems requests related to operational risk/ permanent control, general inspection (internal audit), finance (consolidation, general accounting and management), asset liability management and credit risk. Conducting urbanisation studies; project assessment, participation in managing the team and customer relation; preparing or updating cartographies.
Functional Architect
avr. 2010 - oct. 2011
1 an 7 mois
Paris Area, France
Mission for Iorga Consulting (IT Service company) within the team of urbanisation and architecture for IT systems of Europe Mediterranean retail banking. Project assessment, preparing or updating cartographies.
Internal Auditor
Credit Agricole Leasing & Factoring
sept. 2007 - août 2008
1 an
Paris Area, France
As part of the internal audit team of Eurofactor, participation in different thematic missions (Treasury, IT Systems, etc.) and execution of the audit in the subsidiaries abroad.
Bank Adviser
Credit Lyonnais
sept. 2002 - août 2004
2 ans
Paris Area, France
Sale of banking products (credit cards, mortgage loans, savings products, insurance products, etc.). Adviser for a portfolio of large public with multiple bank
Formation
IFACI
Professional Internal Audit Diploma (DPAI)
KEDGE Business School
Bachelor of Business Administration (B.B.A.), Banking and Finance
Aix-Marseille Graduate School of Management - IAE
Master 2, Audit interne des organisations
University of Geneva
Master of Advanced Studies (MAS), Information Security
Culture multidimensionnelle de la sécurité de l’information et de la gestion du risque : - dimension managériale : évaluer et gérer des risques de l'information, mise en place d'objectifs et d'indicateurs, organisation de la sécurité, plan de continuité d'activités, méthodologie d'audit, etc. - dimension organisationnelle et humaine : management de projets, sensibilisation du personnel, etc. - dimension technologique : nouvelles applications de l'informatique, refonte des systèmes d'information, sécurité des réseaux et des communications internet, architectures de sécurité, etc. - dimension juridique : mise en conformité avec les réglementations (protection des données, etc.) - Dimension stratégique et de gouvernance : intégration de la sécurité de l’information au cœur de la Direction d’entreprise. Maîtrise de la communication, y compris en cas de crise.
Licences et certifications
ISO/IEC 27001 Lead Implementer
Délivré le : –
ISO/IEC 22301 Lead Implementer
Délivré le : –
ISO/IEC 27001 Lead Auditor
Délivré le : –
Certified Data Protection Officer (CDPO)
Délivré le : –