Brian Donga Email & Phone Number

London, GB

• Central point of contact for technology risk and governance issues within Security & Resilience overseeing audit, compliance and control activities including supporting issue resolution across the bank's technology.
• Consult and provide expertise on all facets of technology risk and controls within information technology security and the bank as a whole.
• Led the review of the group technology risk management framework and spearheaded the development of new robotic process automation controls and AI controls guidance.
• Coordinated control testing activities in line with compliance requirements and annual attestations, reviewing SOC 1 attestation reports and other 3rd party reviews.
• Planning and contributing to the Bank technology risk & control self-assessment (RCSA) process and collation of bank technology KRIs for key governance forums. Designing and developing data visualisation dashboards for.
• Periodic management reporting including managing relationships with key stakeholders to influence and support the delivery of appropriate security services.

London, GB

• Successfully coordinated comprehensive IT and cybersecurity audits, identifying risks and ensuring that the organisation has robust IT controls to protect data and technology systems. Delivered actionable reports to.
• Delivering Technology, Cybersecurity and real time project reviews in an agile manner from planning, scoping through to proactive discussions with business and IT management, use of data analytics where applicable and.
• Following up on the effective implementation of agreed actions, liaising closely with actions owners and business management.
• Main areas of focus included technology, cybersecurity, and integrated audits, including application, infrastructure, and cyber security audits.
• Oversee Audit Processes: Plan, execute, and manage IT audits to ensure compliance with internal policies and external regulations.
• Used data analysis tools to extract, validate and analyse large volumes of financial data for financial and IT audits, as well as treasury forecasting.

London, Greater London, GB

• Successfully led and coordinated cybersecurity and IT audit teams across diverse sectors, providing clients with critical insights into cyber risks and control effectiveness. Supported clients in their cybersecurity.
• Led and coordinated IT and cybersecurity reviews and assurance assessments, ensuring adherence to regulatory standards and effective execution of audit plans.
• Managed compliance to NIST, ISO27001, DPA/GDPR, PCI-DSS, SOX, and other legal requirements to ensure data protection and privacy.
• Helping clients with varying levels of cyber maturity assessments through their entire journey including reviewing security transformation programmes, addressing risks in security operations centres and enhancing.
• Developed advanced models and dashboards, including predictive modelling to predict IT security benchmarks, optimise business outcomes and performance, and drive improvement initiatives on behalf of clients.
• Applied technical expertise to explore, experiment, use data mining techniques, forecasting and presentation of data to identify trends and patterns that can inform decision-making.

Johannesburg, Gauteng, ZA

• GEF Security Lead for the implementation of Identity and Access Management (IAM) systems and tools for privileged access management. Formalised logical access management processes, oversaw implementation of AML and.
• Worked with IT/business partners to provide IT Security advisory services and guidance, identifying, assessing and remediating Technology and IT Security risks.
• Provided expertise on all facets of technology risk and controls within information technology and business as part of business-as-usual and within change programmes, either independently or embedded within a project.
• Managed the review and approval of source code and new server deployments to production including the risk acceptance and policy exception process, providing specialist judgement on risk issues.
• Coordinated GEF IT security, OR, BCM, DR, Compliance, Audit interventions with GEF Senior Management members.
• Developed security and control improvement initiatives to ensure systems are secure.

Worldwide, OO

• As a member of the risk advisory team (contractor), reporting to a Senior Manager or Director/ Partner, I was responsible for overall engagement delivery. Conducted IT risk assessments and audits, improving clients' IT.
• Planned and executed IT and integrated audits, identifying key IT risks and controls for remediation.
• Documented audit work papers, communicated process improvement opportunities, and tracked audit actions to completion.
• Used data analytics software to extract, validate and analyse large volumes of financial data for financial audit, journals testing and forecasting.
• Reviewing, analysing and assessing IT risks (cyber security, network security, data protection, technology change & systems development, technology reliability, transformation projects, access controls, physical.
• Resilience, design and implementation of programmes to improve IT Disaster Recovery, Business Continuity.

Rosebank, Gauteng, ZA

• Performed IT risk assessments and information technology audits for the Group Internal Audit function. Responsibilities included performing business process analysis, network security, IT application and infrastructure.
• Managed and performed IT internal audit projects, evaluating technical systems and providing detailed reports on controls.
• Provided input to the Internal Audit Program for Information Technology components, working closely with the IT Audit Manager.
• Identified and evaluated audit exceptions, determining management action plans for internal control deficiencies.
• Used EXCEL and IDEA data analytics software to extract, validate and analyse large volumes of financial data for financial audit, journals testing and forecasting.
• Used IDEA, Qlik View and other data analytics tools to conduct in-depth analysis of IT and business data to uncover trends, patterns, and insights that informed audit actions and other risk decisions.

Midrand, Gauteng, ZA

• Summary: Innovated web application penetration testing methodologies and developed new work programs enhancing the firm’s security service offerings, progressed corporate security policies, controls and standard.
• Led IT internal audit projects (internal & external) by evaluating various technical systems, reporting at the end of each audit project detailing controls both in place and lacking in the environments examined.
• Reviewed security mechanisms, IT general controls associated with Windows, Unix operating systems, switched networks (Cisco), applications and databases.
• Conducted IT General Controls Reviews to ensure proper standards for system development, data centre operations, and information security.
• Performed Application Control Reviews to assess the effectiveness of controls over individual application systems.
• Conducted Information Security Assessments to ensure information accessibility by authorised personnel only.

East London, Eastern Cape, ZA

• This role involved providing maintenance of the computer desktop environment by analyzing requirements, resolving problems, installing hardware and software solutions, responsible for administration and internal.
• Maintaining a thorough understanding of the basics behind the Internet and its workings (DNS, Security, IP Routing, HTTP, VPN, Email Routing, etc.)
• Maintaining a thorough understanding of Local Area Networking
• Responding to inquiries from staff, administrators, service providers, site personnel and outside vendors and etc. to provide technical assistance and support
• Monitoring Service Desk for tickets assigned to the queue and process first-in first-out based on priority
• Modifying configurations, utilities, software default settings, etc. for the local workstation

Alice, Eastern Cape, ZA

• Provide helpdesk support and resolve problems to the end user’s satisfaction
• Monitor and respond quickly and effectively to requests received through the IT helpdesk
• Monitor Service Desk for tickets assigned to the queue and process first-in first-out based on priority
• Modify configurations, utilities, software default settings, etc. for the local workstation
• Utilize and maintain the helpdesk tracking software
• Install, test and configure new workstations, peripheral equipment and software