Operational CISO · Paris

Christophe
Vannier

I don't inherit security postures — I construct them.

20+ years building and leading security functions across regulated environments — banking, fintech, and international public-sector programs. At Carrefour Banque, I owned the full security function for six years. At Lydia, I built governance lean and fast, without institutional safety nets. Before that: nine years deploying national-scale security programs across three continents.

Open to opportunities LinkedIn

20+ Years in
security

6 Years CISO
retail banking

3 Continents
deployed

FR·EN·ES Trilingual

What I do

Areas of Expertise

Security Governance & Strategy

End-to-end ISMS design, risk cartography, board reporting (COPIL/CA), KPI/KRI dashboards, and alignment with business objectives.

Regulatory Compliance

DORA, RGPD, PCI-DSS, ISO 27001/27005, ACPR, ANSSI, NIS2, LPM. Multi-framework compliance in heavily regulated environments.

Cyber Threat Intelligence

Operational CTI integration (Bitsight, SecurityScorecard, MITRE ATT&CK). Shifting from reactive to anticipatory security posture.

Zero Trust & IAM/PAM

Zero Trust architecture (Akamai, Cloudflare). IAM (Okta, Azure AD) and PAM (CyberArk, Wallix) programme delivery.

SOC & Incident Response

Full SOC stack — Splunk, QRadar, Sentinel, Elastic, CrowdStrike. Security incident management and crisis coordination.

Vendor & Third-Party Risk

Security due diligence, PAS (Plan d'Assurance Sécurité), contractual security clauses, and continuous third-party scoring.

Track record

Experience

2024 – 2025 Fintech

CISO — Lydia Solutions

Built the ISMS from scratch in a fast-moving fintech environment. Defined strategic security objectives, implemented KPIs, led DORA & RGPD compliance, and presided over security steering committees.

2018 – 2024 Retail Banking · 6 years

CISO — Carrefour Banque

Full ownership of the security function. Zero Trust architecture, CTI programme, IAM/PAM controls, DORA compliance, board-level reporting. First BIMI/DMARC implementation for a French bank. 4 years of operational use of SecurityScorecard and Bitsight.

2017 – 2018 Banking Group

Head of Operational Security — ARVAL (BNP Paribas Group)

SIEM deployment, operational security processes, PAM, cryptographic key management, and KPI dashboards.

2008 – 2017 International · 9 years

Independent Security Consultant

National-scale digital identity and security programmes across Costa Rica, Brazil, UK, West Africa, and the USA. ISO 27001 implementation & certification. Security M&A due diligence. Clients: Morpho (IDEMIA), Oberthur Technologies, AG2R La Mondiale.

Formation

Education & Certifications

Master — Executive Education

École Polytechnique · 2024–2025

ISO 27001 Lead Implementer

Information Security Management

ISO 27005 Risk Manager

Information Security Risk Management

Institut des Cadres Supérieurs de Vente

CNAM Nantes · 1992–1994

Get in touch

Ready to build
your next security function?

Open to CISO and senior security leadership roles — France and international.

christophe@christophevannier.com LinkedIn →

ChristopheVannier