Ismahène Mezigheche
Berlin
Summary
Results-Driven IT Governance, Risk & Compliance Professional | 10+ Years of Expertise Highly accomplished in steering Information Security programs with an in-depth understanding of data security, privacy regulations, and industry standards. Proficient in navigating compliance landscapes encompassing NIST, GDPR, ISO 27001, and PCI DSS.
Proven track record in implementing ITIL methodologies and leading ISO 27001 initiatives. Committed to ensuring robust governance, risk management, and compliance frameworks to safeguard organizational assets.
Overview
10
10
years of professional experience
Work History
Senior Information Security GRC Lead (Acting)
Zalando SE
07.2022 - Current
- IS Governance: Lead the establishment and enhancement of the Information Security Management System (ISMS), crafting policies, standards, guidelines, and procedures in collaboration with control owners,
- IS Risk Management: Spearheaded the development of Information Security Risk methodology, conducting thorough third-party and internal application risk assessments. Provided comprehensive IT Security Risk reports to the Management Board, enabling informed decision-making,
- IS Compliance Management: Defined and implemented baseline controls, ensuring compliance with regulatory requirements. Conducted continuous ISMS maturity assessments following NIST 800-53 guidelines, decisively addressing compliance exceptions and violation cases,
- IT Audit Management: Orchestrated IT General Controls and Application Controls Audit, coordinating preliminary audits to prepare IT teams. Planned, executed, and reported IT Security audits as 2nd Line of Defense, enhancing organizational resilience against cyber threats.
Senior IS Governance, Risk & Compliance Manager
Zalando SE
07.2021 - 07.2022
- Risk Identification and Documentation: Empower business units to continuously identify, measure, and document relevant risks across application, component, and data layers,
- Enhanced Risk Methodology: Improve risk assessment methodology and implement scalable solutions for assessing cybersecurity risks, including those posed by third parties,
- Operational Management: Manage operational tasks such as approving software requests, conducting third-party risk assessments, and handling policy exception requests,
- Security Compliance Governance: Design and establish security compliance policies, procedures, and best practice guidelines to ensure alignment with industry standards and regulatory requirements,
- Centralized Controls Framework: Build, maintain, and promote adherence to a centralized IT controls framework to enhance security posture and mitigate risks effectively.
IS Governance, Risk & Compliance Manager
Zalando SE
02.2021 - 07.2021
- Policy Lifecycle Management: Oversee the lifecycle of security policies, standards, processes, and guidelines,
- Threat and Risk Transparency: Enhance transparency of threats and risks in the IT landscape through identification, assessment, and monitoring,
- IT Controls Support: Assist IT experts in defining and implementing effective controls to manage risk and ensure compliance with regulations like NIST and GDPR,
- Operational Task Management: Manage operational tasks including software request approval, third-party data sharing, and policy exception requests.
IT Risk Manager
Zalando SE
06.2019 - 02.2021
- Promoting Risk Awareness: Foster a culture of risk awareness and understanding among decision-makers, facilitating informed decision-making,
- Risk Assessment: Analyze current risks and identify potential threats affecting the company through comprehensive risk assessments,
- Risk Evaluation: Evaluate risks against predefined criteria such as costs and legal requirements, leveraging insights from previous risk catalogs,
- Strategic Consultation: Provide strategic and tactical guidance on information security and compliance matters, ensuring alignment with organizational goals,
- IT Risk Strategy Establishment: Develop the organization's IT risk strategy and support its implementation, ensuring robust alignment with information security objectives.
IT Risk Analyst
Société Générale Algeria
09.2017 - 06.2019
- IT-RM Blueprint Oversight: Direct the deployment of the IT-RM Blueprint, aligning organizational requirements with effective IT risk treatment measures to enforce policies, safeguard infrastructure, and optimize system management,
- Proactive Risk Management: Proactively support the identification and assessment of IT risks, offering guidance on mitigation strategies to enhance controls and reduce risk exposure,
- Monthly Reporting: Deliver monthly reports to map company KPIs/KRIs, enhancing understanding of security maturity and requirements for informed decision-making,
- Security Consulting: Provide consulting in security forensics, incident management, and vulnerability management to IT and business departments, ensuring robust security measures are in place,
- Security Compliance Monitoring: Oversee security compliance monitoring, including account reviews and access rights management, to maintain adherence to security standards and regulations.
IT Support Engineer
Société Générale Algeria
09.2016 - 09.2017
- User Support Management: Provide IT support to over 1000 users through hotline, remote access, and on-site assistance for diverse issues encountered,
- Incident Resolution: Handle level 1 and level 2 IT incidents, ensuring efficient resolution within defined SLAs,
- Workstation Management: Oversee installation, configuration, maintenance, and troubleshooting of end-user workstation hardware, software, and peripherals.
Software Engineer
A.A.D.L
01.2014 - 09.2016
- Automated Process Development: Implement in-house IT solutions to automate and optimize internal processes such as archive management, payment order generation, and report customization,
- Database Model Optimization: Proactively redefine and optimize MS Access database models to align with organizational requirements.
Education
Master of Technology - Computer Science And Programming
University of Science And Technology
Algiers, Algeria07.2013
Bachelor of Technology - Computer Science And Programming
University of Science And Technology
Batna, Algeria07.2011
High School Diploma -
Mustapha Ben Boulaid High School
Batna, Algeria07.2008
Skills
- Compliance & Regulation: Ensuring compliance with GDPR, ePrivacy, and PCI DSS regulations,
- Risk Management: Skilled in identifying and mitigating cybersecurity risks using ISO 27005, Mehari, EBIOS methodologies,
- Governance Frameworks: Implementing NIST Cybersecurity Framework, ISO 27001, and SOC2 for effective governance,
- Vendor Risk Management: Assessing and managing cybersecurity risks associated with third-party vendors,
- Communication & Stakeholder Management: Effectively communicating cybersecurity risks and compliance issues,
- Security Tools Proficiency: Mastery of using security tools such as Wallix, Qualys, Nessus, RSA, ServiceNow, and Jira,
- IT Infrastructure: Managing IT infrastructure components including Active Directory, SCCM, AWS, and Google Suite,
- Program Management & Audit: Managing cybersecurity programs and conducting audits for compliance
- Analytical Skills: Strong analytical skills for in-depth security analysis and decision-making,
- Industry Knowledge: Deep understanding of banking and e-commerce products and regulatory requirements
Certifications & Training
- PCI DSS and PA DSS, 5 days training offered by DataProtect, Algiers, Algeria (April 2019),
- QUALYS: Vulnerability Management|Web Application Scanning|Policy compliance|Cloud Agent, Several training offered by Qualys, Paris, France (Nov 2018 - Feb 2019),
- ISO/IEC 27001 Lead Implementer, Certified by PECB (June 2018),
- DLP: Data Loss Prevention 14.6 Administration, 5 days training offered by Symantec's educational services, Paris, France (February 2018),
- Certified Ethical Hacker V9, 5 days training within the Microtel institute, Algiers, Algeria (October 2017),
- ITIL V3 Foundation in IT Service Management, Certified by AXELOS Global Best Practice (May 2017),
- Master of Business Administration - MBA, Personal Development and Career Management, IICOM, Algiers, Algeria (2013 - 2014).
Languages
French
Bilingual or Proficient (C2)
English
Advanced (C1)
German
Elementary (A2)
Arabic
Advanced (C1)
Timeline
Senior Information Security GRC Lead (Acting)
Zalando SE
07.2022 - Current
Senior IS Governance, Risk & Compliance Manager
Zalando SE
07.2021 - 07.2022
IS Governance, Risk & Compliance Manager
Zalando SE
02.2021 - 07.2021
IT Risk Manager
Zalando SE
06.2019 - 02.2021
IT Risk Analyst
Société Générale Algeria
09.2017 - 06.2019
IT Support Engineer
Société Générale Algeria
09.2016 - 09.2017
Software Engineer
A.A.D.L
01.2014 - 09.2016
Master of Technology - Computer Science And Programming
University of Science And Technology
Bachelor of Technology - Computer Science And Programming
University of Science And Technology
High School Diploma -
Mustapha Ben Boulaid High School
Similar Profiles
Isabella JohanssonIsabella Johansson
Portfolio Manager Customer Care Operations at Zalando SEPortfolio Manager Customer Care Operations at Zalando SE
Kaarthikraaj RamananKaarthikraaj Ramanan
Principal Software Engineer at Zalando SEPrincipal Software Engineer at Zalando SE
Ankita SaxenaAnkita Saxena
SAP Security Consultant at Zalando SESAP Security Consultant at Zalando SE
Shubham KarShubham Kar
Student Consultant at Zalando SEStudent Consultant at Zalando SE
Zahra El KhalloufiZahra El Khalloufi
Marketing Manager French Market at Gala Group BrandsMarketing Manager French Market at Gala Group Brands