Brian Mpafe

• Spearheaded the development of a robust PCI-DSS compliance program, ensuring adherence to industry standards.
• Established a comprehensive third-party risk management framework to mitigate vendor-related risks.
• Created and implemented incident response playbooks, enhancing organizational preparedness for cybersecurity incidents.
• Conducted quarterly reviews of the risk register with the board audit committee, promoting transparency and accountability.
• Achieved successful PCI-DSS and ISO 27001:2022 audits with zero critical findings, demonstrating a strong security posture.
• Integrated the risk register into the board governance cycle, fostering informed decision-making.
• Reduced incident response SLAs by 40%, significantly improving response times and operational efficiency.

• Led comprehensive ISMS design to enhance organizational security posture and compliance.
• Executed HIPAA gap remediation initiatives to ensure regulatory adherence and mitigate risks.
• Developed and implemented a robust staff security awareness program to foster a culture of security.
• Delivered quarterly risk reporting to the board of directors and executive committee, enhancing decision-making processes.
• Achieved ISO 27001 certification readiness, demonstrating commitment to information security best practices.
• Reduced critical audit findings by 70%, significantly improving overall risk management.
• Established a board risk dashboard as a standard governance tool, facilitating transparent risk communication.

• Transitioned into a leadership role as CISO and IT Director, overseeing comprehensive information security initiatives across multiple sectors.
• Spearheaded the design and implementation of enterprise-wide security strategies that align with organizational goals and board directives.
• Conducted quarterly risk briefings for boards and audit committees, effectively translating complex technical data into actionable insights for informed governance.
• Championed the establishment of ISO 27001 ISMS programs, guiding organizations from initial gap assessments to successful certification, enhancing security posture and compliance.
• Fostered a culture of security awareness and risk management, driving continuous improvement in information security practices across client organizations.

• Led the successful implementation of MTN Cameroon SIEM (ArcSight), achieving 97% of project deadlines while enhancing real-time threat detection capabilities.
• Directed the MTN Cameroon DataCenter Extension project, delivering results 20% ahead of schedule and ensuring full regulatory compliance.
• Engineered and executed Active Directory, SCCM, and GPO hardening strategies for multiple enterprise clients, facilitating compliance with PCI-DSS and GDPR standards.
• Spearheaded disaster recovery planning and implementation, ensuring robust business continuity strategies across projects.
• Transitioning into a strategic role as CISO and IT Director, leveraging extensive project management and security engineering experience to drive organizational security initiatives.

• Conducted comprehensive enterprise-wide cybersecurity risk assessments to identify vulnerabilities and enhance security measures.
• Deployed the COBIT governance framework to establish robust IT governance and risk management practices.
• Developed and delivered executive-level security reports, ensuring transparency and informed decision-making across three jurisdictions.
• Achieved a significant improvement in the organization's risk posture, reducing it from High to Moderate within 12 months.
• Harmonized cross-border security policies across three operating entities, fostering consistency and compliance in security practices.
• Collaborated with stakeholders to align cybersecurity initiatives with business objectives, enhancing overall organizational resilience.

• Led project management for a major DataCenter capacity expansion, focusing on physical security, redundancy design, and regulatory compliance.
• Demonstrated strong leadership and strategic planning skills, resulting in project delivery 20% ahead of schedule.
• Ensured full regulatory compliance during commissioning, enhancing organizational credibility and risk management.
• Collaborated with cross-functional teams to implement best practices in information security and operational efficiency.
• Leveraged expertise in IT governance and security frameworks to align project outcomes with organizational objectives.
• Prepared to transition into roles such as CISO, CIO, and Information Security Manager, bringing a robust background in project execution and risk mitigation.

• Championed secure software development practices across 30+ startups, enhancing their security posture and compliance.
• Organized 12 impactful bootcamps, fostering a culture of security awareness and best practices among developers.
• Supported the successful development of 16 commercial applications on the Microsoft stack, ensuring robust security measures were integrated.
• Advocated for Microsoft Azure cloud security and identity frameworks, emphasizing Zero Trust principles and identity governance to strengthen security across the WECA developer community.
• Cultivated relationships with key stakeholders to promote a unified approach to information security and risk management.
• Leveraged industry knowledge to drive innovation and enhance security strategies, positioning organizations for success in a rapidly evolving threat landscape.