As the Global Cyber Operations Governance, Risk, Compliance (GRC) Third-Party Risk Management (TPRM) lead for Anglo American and De Beers Group of Companies, I am responsible for maturing and implementing a robust TPRM program that aligns with the organization’s strategic objectives. - Conducting risk assessments of third-party vendors to identify and mitigate potential security risks.- Establishing and maintaining strong relationships with third party suppliers to ensure compliance with security standards, developing remedial actions to be implemented to reduce risk and continuous monitoring.- Collaborating with internal stakeholders to define security requirements (contract schedules) and contract deviations.- Keeping abreast of industry best practices and regulatory requirements related to third-party risk management and supply chain cyber risk.- Continuously improving the third-party risk management program based on feedback, lessons learned and stakeholder engagement.- Promoting awareness of third-party risk management adoption across the Business and ensuring compliance with the Standard in partnership with key stakeholders in Legal, Supply Chain, Data Privacy, and Business.- Conducting supplier risk assessments for RFPs to facilitate risk-based decision-making by the Business- Ensuring close collaboration with all internal Governance forums

- Developing the security program short term and long-term tasks and milestones for implementation- Performing independent assurance on all security projects before submission to second line assurance- Developing the Group security governance framework for implementation- Evidence preparation and representation for ISO27001, PCI-DSS, Swift (supporting subsidiaries) and Central Bank of Kenya annual review.- Developing Group minimum controls for adoption group (plus subsidiaries)- Reporting to Board, Exco, various regulators on the Security program status, security posture, security assessments, audit remediation status an industry trends.- Driving controls development for Data protection in line with Kenya DPA.- Oversight on post production deployment security assessment and ongoing assurance based on Fraud trends and analysis.- Developing access governance strategy (Joiner, Mover, Leaver) in collaboration with IT Governance and Group Risk- Vendor and stakeholder management in collaboration with the Supply Chain teams. Continual Monitoring of High risk suppliers- Driving Security & Customer awareness programs (both Mobile banking and non-mobile banking customers)- In this function I led a team of 5 specialist that supported Equity Group and 6 Equity Subsidiaries across Africa

- Responsible for Audit preparation (internal & external), monitoring, tracking, remediation to achieve the objectives of zero repeat security findings and zero overdue findings.- Preparation for certification (ISO27001, PCI-DSS, GSMA) - Driving vulnerability Management, tracking & reporting by establishing a vulnerability management forum- Implementation of PPP framework (Policy, process, procedure) environment, - Implementation of Security strategy, Ensuring alignment with Group Information Security Strategy, - Implementing controls for Security posture improvement, - Identity & Access management & Access recertification, - Data Loss prevention control testing and implementation, - Reporting for Information Security Steerco, Audit & Risk Committee, Group Technology & Security Governance Council, Delegation of Authority Board, Business Resilience, POPI Steerco.- Developed a forum for Business risk champions to support Security the delivery of Security objectives (Security awareness training, Access attestations, policy change communication, Security KPI objectives, Audit remediation)- Driving the High Risk User program in MTN SA (compliance with security controls)- Ensuring Security and Security controls are embedded in the organisation culture,processes and procedures

Data protection, POPI, Data Protection Violations & Escalations, Data Loss prevention control implementation, Data Governace (Structured & Unstructured) Risk Assessments, Identity & Management, Segregation of Duties, Internal & External Audit, Governance, Reporting for Security Steerco

Vulnerability scanning, management and tracking, Implementing Clean desk policy, Physical site observations and walk throughs, Risk assessments, Managing Business Unit & Subsidiary InfoSec advisors for Siemens Southern Africa, Security Awareness Training, Staff Introduction day & physical onsite awareness, Roll out of Data protection measures and controls, Security Posture reporting to CISO

Development of employee entry & exit lifecycle program, Identity & access management, SoD, RBAC Role Definitions, Active Directory migration, AD & ERP Integration