Joris MICHALLON

Chief Information Security Officer - Societe Generale

Greater Paris Metropolitan Region

About

Experience

  • Société Générale (14 yrs 11 mos)
    • Head of Group ISP - Information Security in Projects
      Sep 2025 - Present · 10 mos

    • Chief Information Security Officer - SG Wholesale
      Jan 2022 - Sep 2025 · 3 yrs 9 mos

      At SG Wholesale, I manage multiple teams responsible for cybersecurity risk management, governance, and cyber expertise in areas such as public cloud, APIs, and network security. My responsibilities encompass: (i) overseeing cyber risk governance of Business Units in France & EMEA, (ii) conducting security assessments and developing mitigation strategies for Business and IT projects (Security by Design), (iii) implementing a Third Party Cyber Risk Management Framework for key outsourced services and (iv) defining strategy and exectuting controls related to Public Cloud Security, APIs, and Network Security. Key highlights: - HR/People Management: Managing a team of 34 internal and external staff members. - Business Perimeter: Oversee 5 Business Units (Capital Markets, Global Banking & Advisory, Private Banking, Securities, Transactions and Payments) and 1 Support Unit.

    • Head of Audit for IT infrastructures, Cybersecurity and Corporate IS
      Jan 2016 - Jan 2022 · 6 yrs 1 mo

      As the Head of Audit for IT Infrastructures, Cybersecurity, and Corporate IS, I led a specialized team conducting internal audit missions globally across all Group business lines. My areas of expertise include information security & cybersecurity, IT infrastructures, Corporate Information Systems (Finance, Risk, HR), and IT offshored service centers in India and Romania. Key highlights: - HR/People Management: Managed a team of 20 staff members. - Operational Supervision: Oversaw 20+ audit missions per year. - Program Management: Directed cross-functional audit programs related to cybersecurity, data analytics, and risk assessments. - Senior Management Liaison: Acted as the audit correspondent for IT & cyber senior management, including the Group CIO, CTO, and Group CISO. Professional certifications: CISA, CISSP, CISM.

  • Cyber Security Consultant at Wavestone
    Sep 2008 - Aug 2011 · 3 yrs

    At Wavestone, I was part of the Security and Risk Management practice, where I specialized in IT security audits and crafting robust security architectures. Key highlights and missions: - Security Audits: Led IT security audits following ISO 27002 standards and conducted penetration tests for clients in banking, online gaming, aerospace, energy, and the public sector. - Risk Analysis: As a Security Risk Analyst for a French public administration, I conducted risk assessments, designed security frameworks, and formalized policies, standards, and guidelines. - Project Management: Oversaw IT security projects within a major transformation program for the nuclear energy sector. This included redesigning central interconnection platforms, managing RFPs for new security components and appliances, but also continuously evaluating cyber risks for various project streams.

  • Network and System Engineer at Go Sport
    Jul 2005 - Aug 2008 · 3 yrs 2 mos

    At Go Sport (sporting goods retail), I managed network infrastructures, databases, and Unix systems. As a junior (work-study program with my engineering school) I led a network & system monitoring project to improve efficiency and resiliency over failures.