Tarik Cacan

• • CIS Governance Management: Strategic management of the vulnerability management programme for a large-scale critical infrastructure (+40,000 assets). Definition of key performance indicators (KPIs) and key risk indicators (KRIs) for the management committee.

• • Strategic Remediation Expertise: Development of a remediation methodology based on business impact and threat intelligence, ensuring strict alignment with NIST and CIS Controls frameworks.

• • Leadership and Cross-functional Coordination: Operational leadership of multidisciplinary teams (Infrastructure, Cloud, Networks, Security) spread across multiples sites. Proven reduction in exposure to critical risks by 50% in a record two-month cycle.

• • Optimisation of Security Capabilities: Streamlining and automation of detection processes using cutting-edge tools (Qualys VMDR), enabling more efficient allocation of technical and human resources.

• • Consulting and Decision Support: Preparation of risk reports for executive stakeholders to justify priority investments and ensure the resilience of the Group's information system.

• • Process Standardisation: Implementation of consistent security standards across the Group's various entities, facilitating a coherent defense posture against emerging threats.

• • Principal Security Advisor: Providing expert advice and strategic recommendations directly to senior management and management committees on national security posture and the protection of critical services.

• • Governance and Regulatory Compliance: Overseeing complex compliance programmes with the NIS2 directive and ISO 27001/22301 standards within federated, multi-site government ecosystems.

• • Risk Management and National Resilience: Leading business impact analyses (BIAs) and designing business continuity plans (BCPs) and disaster recovery plans (DRPs) to ensure the seamless availability of critical government functions.

• • Inter-agency Collaboration and Counter-Intelligence: Liaison with national security authorities for the detection of insider threats and the sharing of threat intelligence within a collective defense framework.

• • Holistic Infrastructure Security: Overseeing the convergence of information systems security (CIS Security) and physical security (Protective Security) for the protection of sensitive government infrastructure.

• • Secure Digital Transformation: Integrating the principles of 'Security by Design' and digital sovereignty into major modernisation projects for the federal administration and police.

• • Security Office Management: Leadership and management of a multidisciplinary team of nine experts. Responsible for the vision, strategy and alignment of security with the group's business objectives.

• • Budget Management and Strategic Vision: Development and execution of a multi-year cybersecurity roadmap. Management of an annual budget of approximately €1 million, including arbitration of technological and human investments.

• • Holistic Security (CIS & Protective Security): Overseeing the convergence between information system security (IT/OT) and the protection of critical infrastructure, ensuring total resilience against physical and cyber threats.

• • Governance and Compliance (GRC): Ensuring compliance with ISO 27001, NIS1 and GDPR standards. Implementing a third-party risk management programme (Supply Chain Security) and conducting regular security audits.

• • Crisis Management and Incident Response: Setting up and managing the incident response center. Coordinated crisis units in conjunction with senior management and energy sector regulatory authorities.

• • Security Culture and Mentoring: Developed a company-wide awareness programme. Mentored technical teams and provided strategic advice (Principal Advisor) to the Executive Committee on cybersecurity issues.