Manager, IT Security, Architecture and Governance
University of New England
Total years of experience :10 years, 1 Months
Role Profile:
The role is mainly responsible for leading the implementation of the cybersecurity strategy and tactical activities. The role is also responsible for security policy and other security documentation, enterprise security risk management including third party risk management, enterprise security architecture, security awareness and security governance.
The role is also responsible for managing cybersecurity incidents, disaster recovery planning and managing all cyber-related engagements facilitated by external consultants.
Key Achievements to date:
Led the development and implementation of the security awareness program including the roll out of a security awareness platform to more than 3500 staff members;
Worked with the Chief Information Security Officer to develop a three-year rapid uplift security program to improve the security posture of the University;
Oversaw cyber security projects and external consultant engagements; Led the redevelopment and testing of the IT Service continuity and disaster recovery plan in alignment with BCP and Emergency Management;
Worked with the Chief Information Security Officer to design the University security architecture and security services;
Oversaw the development of architecture guidelines, design patterns and reference architectures;
Led the design of solutions in alignment with approved reference architectures and strategies;
Developed and implemented the enterprise security risk management process across the University;
Led the security assessments and threat and risk assessment of new and existing technologies;
Collaborated with Enterprise Architecture and Privacy to streamline technology and application acquisitions and implementation through the Technology Architecture Group;
Developed and implemented security incident management processes; Led the security incident response team to manage security incidents;
Developed, implemented and tested the University data breach management process in collaboration with the privacy office; Managed the integration of security practices into several business processes;
Role Profile:
The role was based at the Department of Science, Information Technology and Innovation in the Chief Information Office.
The role was mainly setting the direction for the information security function across the department including developing cybersecurity strategies, developing and implementing policies and standards, ensuring compliance to applicable standards like IS18 and setting up the cybersecurity governance structures.
The role also involved leading and coordinating departmental tactical activities including cybersecurity assessments and coordinating the remediation.
The role involved regular reporting to the departmental senior executives and board (deputy director-general level) through regular cybersecurity posture updates, paper presentations and supporting the CIO during various cybersecurity high-level presentations with the director-general and his peers.
Key Achievements:
Led the development of departmental risk-based cybersecurity strategy using Cyber Resilience Review security maturity assessment;
Led the improvement and implementation of a security awareness program for the department and provided regular reporting to management;
Oversaw the vulnerability management program and coordinated whole of department cybersecurity reporting to senior management across the department;
Led security risk assessments of new technologies and third-party solutions to assess compliance with the departmental security requirements;
Coordinated whole of department security incident reporting to senior management and to Queensland Government Chief Information Office;
Collaborated with BCP/DR subject matter experts within the department to update and test BCP/DR plans;
Developed cyber security metrics that simplified cybersecurity posture reporting to the board;
Established the cybersecurity posture reporting regime to provide senior management with an update about ongoing security activities;
Oversaw whole of department penetration tests and lead workshops to share lessons learnt from the various tests with the various agencies;
Was lead cybersecurity advisor on a departmental SAP project.
Role Profile:
Nextech Security Solutions was a boutique cybersecurity company primarily based in Dar es Salaam, Tanzania but providing services to clients in Rwanda, Malawi, Uganda, and Kenya.
We provided services to companies in various industries including financial services, government, educational, and Non-profit.
The primary responsibility was to lead and develop strategies to grow the practice including undertaking cybersecurity assessments, developing strategies and roadmaps, and delivering unique solutions to clients.
Key Achievements:
Led over 55 gap assessment engagements for clients against known standards including NIST, PCI DSS and ISO27001;
Developed strategies and roadmaps for clients to improve their cybersecurity posture;
Led project delivery of different cybersecurity solutions;
Led the delivery cybersecurity assurance services including penetration testing and security reviews;
Led the development and implementation of business continuity and disaster recovery plans for financial and government organisations;
Developed and assisted educational and legal organisations in the implementation of information security policies; and
Conducted cybersecurity awareness sessions for various clients including government organisations.