AeroLeads people directory · profile

Stephen Muasya- Msc, Cisa®,Cscso® Email & Phone Number

Senior Global Governance, Risk and Compliance Consultant at Silensec
Location: Nairobi County, Kenya 11 work roles 7 schools
LinkedIn matched
✓ Verified Jul 2026 3 data sources Profile completeness 86%

Contact Signals

LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
Senior Global Governance, Risk and Compliance Consultant
Location
Nairobi County, Kenya
Company size

Who is Stephen Muasya- Msc, Cisa®,Cscso®? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

Stephen Muasya- Msc, Cisa®,Cscso® is listed as Senior Global Governance, Risk and Compliance Consultant at Silensec, a with 53 employees, based in Nairobi County, Kenya. AeroLeads shows a matched LinkedIn profile for Stephen Muasya- Msc, Cisa®,Cscso®.

Stephen Muasya- Msc, Cisa®,Cscso® previously worked as ISACA Foundation Scholarship Judge-2024 at Isaca and Committee Member-2025 Governance of Enterprise Information & Technology Advisory Group at Isaca. Stephen Muasya- Msc, Cisa®,Cscso® holds Masters In Computer Science, Information Technology Management( Major) from University Of Nairobi.

Company email context

Email format at Silensec

This section adds company-level context without repeating Stephen Muasya- Msc, Cisa®,Cscso®'s masked contact details.

Silensec

Review company-level records connected to Stephen Muasya- Msc, Cisa®,Cscso® before choosing the right outreach path.

Profile bio

About Stephen Muasya- Msc, Cisa®,Cscso®

As an Information / Cybersecurity GRC Professional with over 8 years of proven experience, I specialize in developing and implementing robust cybersecurity frameworks that align with business objectives and regulatory requirements. My journey spans FinTechs, startups, and banking institutions, where I’ve played a pivotal role in fortifying security postures, ensuring compliance, and mitigating risks.With a focus on Governance, Risk, and Compliance (GRC), I’ve spearheaded the design and execution of security programs based on major global standards such as ISO 27001, NIST, CIS Controls, PCI-DSS, and GDPR. My expertise extends to Business Continuity Planning (BCP) and Disaster Recovery (DR), ensuring operational resilience through well-tested continuity strategies that safeguard business operations during unexpected disruptions.I bring a strong background in IT/System Audits, where I assess the effectiveness of security controls and compliance measures to ensure they meet both organizational and regulatory requirements. Additionally, I possess specialized skills in WEB3 and Blockchain Compliance(KYC and AML/Regulatory Issues), navigating the complexities of decentralized technologies and ensuring that they align with applicable legal and regulatory frameworks.In the dynamic and high-risk environments of financial services and emerging tech, I’ve successfully collaborated with cross-functional teams to bridge the gap between technical cybersecurity initiatives and broader business objectives. My leadership has been integral to maintaining compliance with regulatory bodies, enhancing incident response capabilities, and optimizing risk management processes through a proactive and risk-based approach.I thrive in environments that demand constant innovation and agility, with a keen ability to balance cybersecurity with business needs. From establishing comprehensive risk assessment processes to managing third-party risks and vendor relationships, I am passionate about driving security awareness at all levels of an organization.In a world where cyber threats are constantly evolving, I remain committed to continuous learning and improvement, ensuring that the organizations I serve stay ahead of the curve in cybersecurity and risk management.If you’re looking to strengthen your cybersecurity, enhance your GRC processes, or improve your business continuity planning, I’d love to connect. Together, we can build resilient and secure operations that not only protect your business but also enable it to thrive in an increasingly digital world.

Current workplace

Stephen Muasya- Msc, Cisa®,Cscso®'s current company

Company context helps verify the profile and gives searchers a useful next step.

Silensec
Silensec
Senior Global Governance, Risk and Compliance Consultant
Kenya
Website
Employees
53
AeroLeads page
11 roles

Stephen Muasya- Msc, Cisa®,Cscso® work experience

A career timeline built from the work history available for this profile.

Senior Global Governance, Risk And Compliance Consultant

Kenya

Isaca Foundation Scholarship Judge-2024

Current

The ISACA Foundation (previously known as One In Tech) issues global academic scholarships to provide funding and career-building resources for students pursuing cyber-related degrees. This scholarship program was honored with a 2023 Power of Associations Gold Award from the American Society of Association Executives (ASAE) for our work bridging the cybersecurity workforce gap

Dec 2024 - Present

Committee Member-2025 Governance Of Enterprise Information & Technology Advisory Group

Current

The Governance of Enterprise Information & Technology Advisory Group will partner with ISACA Global to identify industry trends and support activities required to appropriately create the necessary information and governance content to develop products in support of ISACA’s constituents. New product ideas will be discussed, and products will be prioritized to align with ISACA global strategy.

Dec 2024 - Present

Information Security-Governance,Risk And Compliance(Grc) Specialist

Current

Global

✅Coordinate the development of best practice policies and standards based on various governance frameworks✅Getting Organization ready for Internal and External Systems/ Technology Audits✅Ensure all IT controls are documented and assigned control owners to establish accountability.✅Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives✅Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments✅Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)✅Monitoring IT controls across the organization✅Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., PCI DSS, GDPR, COBIT, SOC 2, ISO 27001,27002 NIST, CIS,27701, 22301 and 20000 etc.)✅Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units✅Control Self Assessments and Control Gap Analysis✅Third-party risk management and reporting✅Support Security Due-diligence activities with both regulators and business prospects✅Maintaining a Risk Register✅Responsible for developing and deriving KPIs from a controls baseline✅Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate✅Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program✅Creation, documentation and maintenance of governance processes to oversee IT GRC programs

Apr 2024 - Present

It Governance, Risk And Compliance Manager- (Security, Infrastructure And Product)

Kenya || Nigeria || Uae || Uk

I was Responsible for:✅ ISO 27001, CIS, PCI DSS, SOC 1/2 Implementation • Supported 100% -the implementation of ISO 27001 Information Security Management System (ISMS) program and relevant certifications. •Collaborated with cross-functional teams to establish and maintain security policies, procedures, and controls leading to 100% implementation and compliance.✅Internal IT Audits:•Planned, executed, and managed 5+ plus Periodic Cyber Security and Information Systems audits to assess compliance with NIST SP-800-53, ISO 27001 standards, CIS v8 and other relevant standards.•Identified over 50+ areas of improvement and provided recommendations for enhancing security and compliance measures.✅Compliance Standards and Assessments•Stay current on industry-specific compliance standards such as SOC 2, ISO 27001, CIS V8 and NIST, and others applicable to the organization.•Evaluate compliance with relevant regulatory frameworks, such as SOC2, ISO27001, GDPR, PCI DSS, and CCPA•Performed 30 + regular assessments and audits of the organization's security controls, policies, and procedures.✅Compliance Framework Development•Developed and maintained an effective security compliance framework that aligns with organizational goals.•Created and updated 10+ Policies, standards, and guidelines to address emerging security threats and regulatory changes.•Designed and implemented 30+ security controls, procedures, and technical safeguards to ensure compliance across the organization.✅Risk Assessment and Management:•Conducted periodic organizational- Wide risk assessments to identify potential security vulnerabilities and recommend appropriate risk mitigation strategies.✅IT Budgeting and planning•Oversighted and coordinated the process of IT Cost controlling (Budgeting and Forecasting of costs, Cost allocation, cost reporting, etc.) in collaboration with IT unit leads and the budgeting division which led to a 50% cost reduction in 6 months.

Jul 2022 - Feb 2024

Information Security And Grc Lead

*

Nairobi, Kenya

Special Contributions✅ Elevated overall security posture by 35% by leading the development and implementation of a comprehensive security program, including policies, standards, procedures, and awareness training, resulting in improved risk management and reduced security incidents.✅ Ensured 100% compliance with regulatory requirements (e.g., GDPR, HIPAA) by establishing a GRC framework, conducting regular audits and assessments, and remediating identified gaps, resulting in successful external audits and certifications.✅ Reduced cloud infrastructure costs by 20% by optimizing resource utilization, implementing cost-saving strategies, and automating governance processes, while maintaining security and compliance standards.✅ Mitigated critical vulnerabilities and risks by leading cross-functional teams to prioritize and implement remediation measures based on risk assessments, resulting in a significant reduction in the attack surface.✅ Established a robust incident response program by defining roles and responsibilities, developing playbooks, and conducting regular exercises, resulting in faster and more effective response to security events.Skills✅ Compliance Frameworks: NIST, ISO 27001/2, SOC 2, GDPR, HIPAA, PCI DSS, CCPA, SOX✅ Governance, Risk, & Compliance (GRC): Policy development, risk assessments, control implementation, Audit management✅ Cloud Platforms: AWS, Azure and GCP✅ Cloud Security: IAM, data encryption, network segmentation, security monitoring, CASB✅ Security Technologies: SIEM, IDS/IPS, firewalls, endpoint protection, vulnerability management

Jan 2022 - Jun 2022

Senior It Governance, Risk And Compliance Officer

||Kenya||

✅ Evaluated Information Technology controls for all operating systems, applications, database management system interfaces, and networks across the Bank to ensure consistency in achieving compliance requirements (regulatory, standards, and internal policies).✅ Promoted Information security awareness within the Bank on weekly basis by providing consultation, guidance, and conducting relevant awareness programs to ensure an Information Security-compliant culture.✅ Proactively anticipated potential threats and vulnerabilities and provided guidance in coordination with the information security department on effective responses or control measures to be implemented to mitigate them.✅ Managed updated Information Technology risk registers for the entire Bank.✅ Periodically performed vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on the closure of all identified vulnerabilities.✅ Carried out ICT risk assessments of the Bank systems and provided recommendations for appropriate and adequate IT security controls to mitigate and minimize ICT Risks.(NIST,ISO 27001,COSO,COBIT frameworks)✅ Continuously reviewed and improved the ICT Risk and security controls in place.-NIST RMF ISO and CIS V8 Controls.✅ Continuously reviewed systems at all levels i.e. servers, applications, database, network devices, etc., identifying risks and made recommendations on closure of the risks✅ Reviewing and tracking compliance with laws and regulations(GDPR and Kenya Data Protection Act)✅ Performing “deep dive” assurance reviews for new and existing products✅ Working with the CISO and the other senior members of the technology teams to promote cyber risk management throughout the organization.✅ Working with internal teams and industry stakeholders to promote Fraud Risk Management as an embedded discipline within the organization and across the entire financial services industry in Kenya.

Mar 2020 - Jan 2022

Information Security Grc Analyst

||Kenya||

Key Responsibilities:✅ Developed and maintained a formalized GRC framework, utilizing standards-based controls aligned to business-specific threats.✅ Assessed, prioritized and updated existing IT security policies and standards to reflect the compliance framework.(ISO 27001/2, COSO,COBIT,SOC 2 and PCI DSS )✅ Performed risk assessment of new IT projects, identify areas of potential technical and process vulnerability, recommend compensating controls.✅ Provided leadership & direction to ensure the proper governance occurs through Third Party Risk Management program.✅ Developed policies in line with ISO 27001/27002/27005 and IT security risk frameworks such as the NIST Cybersecurity Framework, COSO, COBIT )✅ Evaluated and maintained up-to-date knowledge of GRC standards' effectiveness and compensating controls in mitigating IT risk.

Jan 2018 - Feb 2020

Technical Business Analyst (Business Banking And Product)

Nairobi County, Kenya

✅Developed 150+plus user stories and to-be process flows to support the design and development of Cloud sales solutions for the Credit and Business Development Teams across the entire bank. ✅Worked collaboratively with team (UI/UX) Design members to design over 50 solutions and products that met clients’ business requirements and fulfilled user stories from product teams and Marketing departments across the entire bank.✅Created, developed, and implemented solutions to address infrastructure and security requirements as per NIST,ISO 27001/2, COSO, PCI DSS Frameworks✅Identify the needs for build automation, designing, and implementing CICD solutions✅ Consulted on DevSecOps requirements from diverse application/line of business partners✅Create plug-and-play/reusable solutions and patterns for CICD pipelines✅ Created, developed, and implemented automation and system integration for various build platforms✅Published and disseminated CI/CD best practices, patterns, and solutions✅Ensured that the service’s uptime and response time SLAs/OLAs are met or surpassed✅Build or maintained CI/CD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment✅Designed action plans to address CI/CD platform/tools/solutions’ shortcomings and difficulties✅Actively participated in bridge calls with team members and contractors/vendors to prevent or quickly address problems✅Troubleshooting, identified, and fixing problems in the DevSecOps domain✅Ensured incident tracking tools are updated in accordance with established norms and processes, gather all essential data, and document any discoveries and concerns✅Aligned with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL)✅Created and published engineering platforms and solutions

Jan 2016 - Feb 2018

Business Development & Kyc Specialist

Nairobi, Kenya

As a Business Development & KYC Specialist I played a crucial role in driving new business growth while ensuring compliance with Know Your Customer (KYC) regulations. This position required a unique blend of sales acumen, relationship management skills, and a thorough understanding of KYC/AML (Anti-Money Laundering) principles within the banking industry.Key Responsibilities:✅Business Development: ✅Identify and pursue new business opportunities with potential clients. ✅Develop and maintain strong relationships with existing clients. ✅Conduct market research and competitor analysis to identify trends and opportunities. ✅Create and deliver persuasive sales presentations and proposals. ✅Negotiate and close deals to meet or exceed sales targets. ✅Collaborate with marketing and product teams to develop targeted campaigns.KYC Compliance:✅Perform comprehensive KYC due diligence on new and existing clients.✅Gather and verify client information, including identity, source of funds, and business activities.✅Conduct risk assessments and identify potential red flags.✅Ensure compliance with all relevant KYC/AML regulations and internal policies.✅Prepare KYC reports and documentation for review by compliance officers.✅Stay up-to-date on evolving KYC/AML regulations and industry best practices.✅Contribute to the development and implementation of KYC/AML policies and procedures.

Jan 2015 - Dec 2015
Team & coworkers

Colleagues at Silensec

Other employees you can reach at silensec.com. View company contacts for 53 employees →

7 education records

Stephen Muasya- Msc, Cisa®,Cscso® education

Business Information Technology And Management, Information Technology

Kisii University

Certified Data Protection, Center For Intellectual Property & Information Technology Law, Pass

FAQ

Frequently asked questions about Stephen Muasya- Msc, Cisa®,Cscso®

Quick answers generated from the profile data available on this page.

What company does Stephen Muasya- Msc, Cisa®,Cscso® work for?

Stephen Muasya- Msc, Cisa®,Cscso® works for Silensec.

What is Stephen Muasya- Msc, Cisa®,Cscso®'s role at Silensec?

Stephen Muasya- Msc, Cisa®,Cscso® is listed as Senior Global Governance, Risk and Compliance Consultant at Silensec.

Where is Stephen Muasya- Msc, Cisa®,Cscso® based?

Stephen Muasya- Msc, Cisa®,Cscso® is based in Nairobi County, Kenya while working with Silensec.

What companies has Stephen Muasya- Msc, Cisa®,Cscso® worked for?

Stephen Muasya- Msc, Cisa®,Cscso® has worked for Silensec, Isaca, Isaca Kenya Chapter, Confidential, and Mara.

Who are Stephen Muasya- Msc, Cisa®,Cscso®'s colleagues at Silensec?

Stephen Muasya- Msc, Cisa®,Cscso®'s colleagues at Silensec include Frances Ruganyumisa, Ismath Chaudhry, Mercy Mwikali, Benson Burchard, and Varun Gupta.

How can I contact Stephen Muasya- Msc, Cisa®,Cscso®?

You can use AeroLeads to view verified contact signals for Stephen Muasya- Msc, Cisa®,Cscso® at Silensec, including work email, phone, and LinkedIn data when available.

What schools did Stephen Muasya- Msc, Cisa®,Cscso® attend?

Stephen Muasya- Msc, Cisa®,Cscso® holds Masters In Computer Science, Information Technology Management( Major) from University Of Nairobi.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.