Philippe GUARNIERI
Cyber security, Risk Management
Professional Status
Employed
Open to opportunities
About Me
Holistic Risk Management digital safety and security, strategy development, implementation of action plans, organization, governance.
Tools, methods, management, monitoring, quality of the level of security: BSC, ISMS, dashboards, of governance.
Risk management related to a process approach, Intelligence.
Management techniques and cross hierarchical methodology and experience of complex projects, organizations, cross-sectional and functional relationships, sometimes with a strong international dimension, live, teams of 4 to 80 + people.
Assistance with CSO
Seminars and training to the security of information systems.
Construction of technical proposals, outsourcing, missions, pre-sales consultant, webmarketing.
Tools, methods, management, monitoring, quality of the level of security: BSC, ISMS, dashboards, of governance.
Risk management related to a process approach, Intelligence.
Management techniques and cross hierarchical methodology and experience of complex projects, organizations, cross-sectional and functional relationships, sometimes with a strong international dimension, live, teams of 4 to 80 + people.
Assistance with CSO
Seminars and training to the security of information systems.
Construction of technical proposals, outsourcing, missions, pre-sales consultant, webmarketing.
Deputy Head of the Information System Security
ADP-GSI
February 2001
to September 2006
Full-time
Grenoble - Paris
France
- Experience in an American group specializing in human resources beyond its growth was very informative because of its multicultural
- Establishment of an organization's computer security management information system
Detailed Description
- Approach to risk analysis: Mehari, Marion, Incas, links with the trade, classification of risks and threats, analysis of value.
Management tools: charts, indicators, SLA, security assurance plan.
Approach to quality: TQM, PDCA, MRP process.
Organization of the technological gaps in coverage.
Coordination of technical teams, internal consulting.
Standards, rules, policies.
Security of information training for IT, sales, users, and awareness.
Definition and implementation of audits and penetration testing with service providers.
Creating and running a stop for the management of identities and rights.
Recruitment, coaching and managing a team of 4,
Analysis of the flows, and creation and deployment around the perimeter of the processes and procedures, development of profiles of type "business".
Implementation of protocols for managing incidents and crisis management for the management of identities (hurried departures, strikes, DRP service, special cases.)
Implementation of the anti-viral (reduced from 30 to 2% of machines at risk).
Formal establishment of the supply of ADP Security "
Brochure, answers to tenders of customers, collection and analysis needs.
Specifications for security service providers.
Pre-sales with the sales teams, support
Project Manager SSO (SSO WATCH).
International project for securing the portable encryption (Security-Box, Safeguard Easy), studies of exchange-type MAIL security through encryption (PKI, IBE, PGP, SSL) on anti-spam solutions, education participation of architecture.
ISO 17799 certification (eg, 2700x) (the first French company to be certified)
Compliance with the Sarbanes-Oxley
Early integration of safety in the ITIL
Studies standards and maturity models (SSE-CMM (ISO21827), CMMI, ISO-15504, OCTAVE, OCTAVE-S, ITBPM, EBIOS) and the regulatory constraints (CNIL, LSF, Basel II).