Jabu Mtembu

I am a passionate information security specialist with a unique blend of expertise across proactive
cybersecurity (information security), reactive digital forensics (including mobile forensics), and
Governance, Risk, and Compliance (GRC), enabling me to approach security challenges with both
strategic insight and technical precision. I hold a BCom degree in Business Informatics and various
industry certifications. Currently, I am employed as the Manager of Information Security Policy and
Standards at MTN within the GRC function.

My core responsibility is to manage and oversee the Information Security Policies and Standards
within the MTN group. I also support other MTN operating companies in adopting compliance
documents. Additionally, I assist with reviewing weekly reports, committee reports (Risk and Audit),
and the CTIO report. I act as a liaison and contact for security auditing purposes.
Furthermore, I provide yearly training on the application of the NIST Framework and support MTN
InfoSec teams in various jurisdictions to conduct NIST risk-based assessments. I prepare packs for
two committees: the Information Security Forum (ISF) and the Technical Security Governance
Council (TSGC). I record minutes, action items, and follow up on them on a monthly basis. I also
assist with compiling Risk Acceptances and have been assigned as project manager for the following
projects: Ransomware Framework, Compliance Dashboard, and Governance Framework.

In my GRC role at MTN, which spans all jurisdictions (18 countries) under the group umbrella, I work
closely with the Privacy team, Information Security Heads, Audit, and Risk and Compliance teams.
This experience has exposed me to the company's operations at all levels, providing me with access
to senior stakeholders.

I served as one of the primary contacts between non-client facing clusters and the Chief Information
Security Officer (CISO). In this role, I ensured the alignment and implementation of the cyber
resilience framework (FFIEC). I also conducted extensive third-party privacy and cybersecurity risk
assessments, which included reviewing security standards on Master Service Agreements (MSAs)
where necessary.

Another focus area was the daily monitoring of the Data Loss Prevention (DLP) dashboard. I assisted
clusters in identifying critical assets from a confidentiality perspective (referred to as "Crown Jewels")
and integrating this information into the business impact analysis and risk management processes.
Additionally, I was involved in social engineering awareness training, helping users to better identify
red flags and report phishing emails, vishing, and smishing attempts. On a monthly basis, I extracted,
analyzed, and reported on critical information security matters, presenting these findings at various
cluster Executive Risk and Information Security committees.

Before joining Nedbank, I was a Manager in the Digital Forensics specialist division at Ernst and
Young, PwC, and Exactech. My role involved acquiring, preserving, and recovering digital evidence,
including mobile phones, and preparing detailed reports. I conducted numerous Anton Piller orders
with the assistance of the South African Police Service, law attorneys, and sheriffs. Additionally, I
sought new business opportunities through networking and trained over 15 computer forensics
consultants.

I have consulted in both the private and public sectors across all nine South African provinces and
14 African countries. I also assisted international EY and PwC teams from China, the UK, the USA,
and Australia. As an expert witness, I testified in the Kimberly High Court and various internal
disciplinary matters. I have experience in basic data analysis using SQL, ACL, and Excel, and have
assisted in non-IT/Cyber Forensics investigations, including double payments to suppliers,
nepotism, asset verification, and ghost employees.

Before joining Nedbank, I was a Manager in the Digital Forensics specialist division at Ernst and
Young, PwC, and Exactech. My role involved acquiring, preserving, and recovering digital evidence,
including mobile phones, and preparing detailed reports. I conducted numerous Anton Piller orders
with the assistance of the South African Police Service, law attorneys, and sheriffs. Additionally, I
sought new business opportunities through networking and trained over 15 computer forensics
consultants.

I have consulted in both the private and public sectors across all nine South African provinces and
14 African countries. I also assisted international EY and PwC teams from China, the UK, the USA,
and Australia. As an expert witness, I testified in the Kimberly High Court and various internal
disciplinary matters. I have experience in basic data analysis using SQL, ACL, and Excel, and have
assisted in non-IT/Cyber Forensics investigations, including double payments to suppliers,
nepotism, asset verification, and ghost employees.

Before joining Nedbank, I was a Manager in the Digital Forensics specialist division at Ernst and
Young, PwC, and Exactech. My role involved acquiring, preserving, and recovering digital evidence,
including mobile phones, and preparing detailed reports. I conducted numerous Anton Piller orders
with the assistance of the South African Police Service, law attorneys, and sheriffs. Additionally, I
sought new business opportunities through networking and trained over 15 computer forensics
consultants.

I have consulted in both the private and public sectors across all nine South African provinces and
14 African countries. I also assisted international EY and PwC teams from China, the UK, the USA,
and Australia. As an expert witness, I testified in the Kimberly High Court and various internal
disciplinary matters. I have experience in basic data analysis using SQL, ACL, and Excel, and have
assisted in non-IT/Cyber Forensics investigations, including double payments to suppliers,
nepotism, asset verification, and ghost employees.