Why did you choose to work in the financial industry?
Honestly, it was a coincidence! My first job happened to be in this sector, and I stayed because of the wide variety of opportunities it offered. Over the years, I’ve worn many hats: systems engineer, designer, project manager, business analyst, team leader, and now, security officer. I’ve worked in various financial domains, such as cards, insurance, and specialized financing, which keeps things dynamic and challenging.
Can you describe your role as Information Security Officer?
I’m part of the Global Business Unit “Banking Components,” where I lead a team of Information Security Officers. Our job is to ensure the overall security of SBS activities, from pre-sales to R&D, maintenance, and support. This involves overseeing projects to ensure compliance with security standards, training teams, and guiding the design of new products. We also monitor the execution of control plans to ensure everything aligns with best practices.
Our responsibilities include conducting in-depth reviews to identify vulnerabilities, recommending corrective actions, and ensuring those fixes are implemented. We also support projects in their client interactions, which may involve reviewing contracts, responding to RFPs, conducting security assessments, audits, or participating in technical discussions.
Who benefits from your work, and how does it align with SBS’s security strategy?
In short, I’m part of SBS’s second line of defense, working alongside colleagues who form the first. My role helps prevent both accidental and malicious security risks.
On a larger scale, my work ensures that we deliver services to our clients that comply with current security standards. This means designing and developing secure software, delivering it safely, and supporting our clients (or our operations teams) in deploying it in a secure environment.
How does your team handle compliance with regulations like DORA?
Our team closely monitors legal and regulatory changes, particularly DORA (Digital Operational Resilience Act), which aims to ensure digital resilience across the EU, safeguarding banks and their clients from IT crises.
DORA requires banks and their service providers to report activities to European regulators. At SBS, we work closely with legal experts to adapt contracts and meet DORA’s requirements. We guide teams in adopting stronger practices, conduct regular checks, and prepare the necessary documentation for audits. The deadline for compliance is January 17, 2025, and we’re on track to meet it.
Despite the importance of security, why is it sometimes difficult to prioritize? What challenges do you face in your role?
In the past, systems were isolated and less exposed to risks because the Internet wasn’t a major attack vector. Security wasn’t a priority then. Today, with increasingly interconnected systems and data exchanges, the landscape has changed dramatically.
Although security is now critical, it’s not always easy to shift mindsets as quickly as technology evolves. Teams often have other priorities, and it takes time to help them understand the importance of security in this complex environment.
As an ISO, my challenge is that I don’t have direct hierarchical authority over the projects I support. Improving security requires a mix of pedagogy, pragmatism, and sometimes firmness. I rely on my experience to tailor my messages and build credibility with the teams I work with.
What’s the most valuable lesson you’ve learned in your career?
“Patience and time do more than force or rage,” a line from La Fontaine’s fable The Lion and the Rat, resonates deeply with me.
Patience is crucial when trying to convince others, especially without hierarchical authority. Teaching and explaining are the best tools to drive change. Developers, project managers, and designers often have competing priorities, so persistence is key.
Security jargon can also be a hurdle. It’s vital to adapt the message to the audience—whether it’s legal experts, project managers, developers, or even sales teams—so they understand the specific stakes. For example, legal teams grasp the risks of contractual breaches, while developers need clear explanations of commitments and best practices.
Do you have a memorable anecdote from your work since you’ve been serving as an Information Security Officer?
I officially joined SBS’s Security team full-time in the fall of 2020, right before the Cyber Crisis in October. It was a true baptism by fire that lasted several weeks. I learned a tremendous amount during that period and forged many valuable connections across the group—and beyond!
Would you like to join the SBS (ex-Sopra Banking Software) adventure? Discover all our job offers on our Careers page by clicking on this link.