The Squad#Experience is an internal program designed to help our consultants grow and develop their skills. For this series, we spoke with Amandine C., our Squad Audit Unit Manager and DPO, who was previously in charge of R&D and now plays a key role in building Squad.
Can you introduce yourself?
My name is Amandine C. and I joined Squad five years ago as an R&D Project Manager. Before that, I worked on R&D projects at the CNRS (French National Center for Scientific Research) and continued doing so at Squad. I don't have a technical background and I didn't study computer science at university. I have a master's degree in project management.
At the end of my fixed-term contract at the CNRS, I was recruited by Eric Guillerm (CEO of Squad) and Bruno Billaud to help them with the CIR, i.e., how to develop Squad's R&D and set up CIFRE theses.
Today, you are a DPO/internal audit manager. What is your background?
In 2016, Squad had the ambition to become ISO:27001 certified, and as part of this process, Bruno asked me to take charge of the internal audit. These were my first steps into cybersecurity.
Little by little, I began to appreciate it and in 2017 I went on a training course to obtain the ISO:27001 Lead Auditor certification.
The first time Bruno told me about ISO:27001, I didn't even know what he was talking about. I told myself that it was always interesting to learn new things, and cybersecurity is Squad's core business. The more audits and assignments I did, the better I understood the expectations, the technical terms, and the standard itself. Then I started doing Squad supplier audits, iLUCCA for example.
Then Bruno and Eric asked me to take charge of GDPR compliance internally. This ties in with security because we need to talk to suppliers to see if they are compliant and what security measures are in place. Another step forward in cybersecurity!
I asked Eric if I could go on assignments with clients, which was related to what I was already doing internally. Bruno and Eric were driving forces in my career, but above all, I wanted to step outside my comfort zone. I went on assignments with clients so that I could learn. They trusted me, whether it was for internal or external assignments.
How did your first assignment with the client go?
I was assigned an SSI Governance project with a major client in the gaming industrywhere I learned how to draft security policies.
For the first time, I was switching sides, because as an auditor, you audit security policies.
I was the only woman, which was intimidating at first, but I really enjoyed it. This assignment lasted six months, but we had to prepare internally for the renewal of ISO:27001. We stayed in touch with the client, and I maintained very good relations with them.
What are you doing today?
Today, I have a new mission, which is to verify the implementation of contractual security plans internally:I collect indicators, verify the proper application of security measures, and drive the evolution of security insurance plans.
In 2020, I did not carry out any client assignments, but I coordinated audit programs for clients and conducted ad hoc audits, which allowed me to travel to Guadeloupe and Morocco. Other assignments abroad are coming up!
What is your role in the PASSI qualification process?
I have passed two organizational scope and audit manager scope exams, and I would like to take a more technical scope exam. I am responsible for the PASSI reference system, which means that I ensure that our reference system complies with the RGS. In pre-sales, I get involved when there are calls for tenders for PASSI audits. I look at who is available and who has the skills to meet the client's needs.
In January, I helped Franck C. pass the audit so that we could become PASSI-certified. Then I took over from him and am now the point of contact for PASSI written exam candidates. I am the coordinator for actions relating to the development of the PASSI reference framework.
What is your daily routine?
I can switch from auditing to SSI control, including GDPR and CIR, but I'm also on the CSR side. What I prefer is being on the implementation side of security measures, rather than auditing. That said, I still enjoy auditing, but I prefer writing security policies and making decisions. In short, at Squad, I assist our Chief Information Security Officer, Bruno Billaud.
I have obtained every possible certification in security governance, and I don't particularly want to specialize. This year, I worked with Bruno and Didier, which I really enjoyed. We regularly review our various ISO:27001 and PASSI projects. I really like the teamwork we do.
One day, I would like to take a training course to become more technical and acquire more knowledge in order to be more effective in auditing. Finally, if I were asked to give up a subject, I wouldn't be able to choose.
You mentioned a CSR mission. What is that?
I really enjoy this internal role, as I am one of the points of contact for people with disabilities. In short, I assist them with the steps they need to take and listen to their concerns. At the same time, I am responsible for the company's CSR assessments on dedicated platforms such as Ecovadis and UN Global Compact.
Since joining Squad, Amandine has made a significant contribution to ISO:27001 certification and PASSI qualification. She is also a pillar of strength within the company, playing an indispensable role in supporting people with disabilities. Thanks to a career path marked byandand motivation, Amandine is a true Swiss Army knife.
Summary of Amandine C.'s journey
•2015: Joined Squad in charge of R&D •2017: Passed ISO27001 Lead Auditor certification •2017: Passed Privacy Implementer certification – equivalent to DPO •2018: Passed Risk Manager/Ebios RM certification •2019: PASSI qualification, organizational and physical scope •2020: EGERIE training (non-certifying) •2020: PASSI qualification, Audit Manager
• 2015: Joined Squad in charge of R&D projects
• 2017: Obtained ISO27001 Lead Auditor certification
• 2017: Obtained Privacy Implementer certification –
Equivalent to DPO
• 2018: Risk Manager/Ebios RM certification
• 2019: PASSI qualification, organizational and physical scope
• 2020: EGERIE training (non-certifying)
• 2020: PASSI qualification, Audit Manager
