Stephen Muasya- Msc, Cisa®,Cscso® Email & Phone Number
Who is Stephen Muasya- Msc, Cisa®,Cscso®? Overview
A concise factual answer block for searchers comparing this professional profile.
Stephen Muasya- Msc, Cisa®,Cscso® is listed as Senior Global Governance, Risk and Compliance Consultant at Silensec, a with 53 employees, based in Nairobi County, Kenya. AeroLeads shows a matched LinkedIn profile for Stephen Muasya- Msc, Cisa®,Cscso®.
Stephen Muasya- Msc, Cisa®,Cscso® previously worked as ISACA Foundation Scholarship Judge-2024 at Isaca and Committee Member-2025 Governance of Enterprise Information & Technology Advisory Group at Isaca. Stephen Muasya- Msc, Cisa®,Cscso® holds Masters In Computer Science, Information Technology Management( Major) from University Of Nairobi.
Email format at Silensec
This section adds company-level context without repeating Stephen Muasya- Msc, Cisa®,Cscso®'s masked contact details.
Review company-level records connected to Stephen Muasya- Msc, Cisa®,Cscso® before choosing the right outreach path.
About Stephen Muasya- Msc, Cisa®,Cscso®
As an Information / Cybersecurity GRC Professional with over 8 years of proven experience, I specialize in developing and implementing robust cybersecurity frameworks that align with business objectives and regulatory requirements. My journey spans FinTechs, startups, and banking institutions, where I’ve played a pivotal role in fortifying security postures, ensuring compliance, and mitigating risks.With a focus on Governance, Risk, and Compliance (GRC), I’ve spearheaded the design and execution of security programs based on major global standards such as ISO 27001, NIST, CIS Controls, PCI-DSS, and GDPR. My expertise extends to Business Continuity Planning (BCP) and Disaster Recovery (DR), ensuring operational resilience through well-tested continuity strategies that safeguard business operations during unexpected disruptions.I bring a strong background in IT/System Audits, where I assess the effectiveness of security controls and compliance measures to ensure they meet both organizational and regulatory requirements. Additionally, I possess specialized skills in WEB3 and Blockchain Compliance(KYC and AML/Regulatory Issues), navigating the complexities of decentralized technologies and ensuring that they align with applicable legal and regulatory frameworks.In the dynamic and high-risk environments of financial services and emerging tech, I’ve successfully collaborated with cross-functional teams to bridge the gap between technical cybersecurity initiatives and broader business objectives. My leadership has been integral to maintaining compliance with regulatory bodies, enhancing incident response capabilities, and optimizing risk management processes through a proactive and risk-based approach.I thrive in environments that demand constant innovation and agility, with a keen ability to balance cybersecurity with business needs. From establishing comprehensive risk assessment processes to managing third-party risks and vendor relationships, I am passionate about driving security awareness at all levels of an organization.In a world where cyber threats are constantly evolving, I remain committed to continuous learning and improvement, ensuring that the organizations I serve stay ahead of the curve in cybersecurity and risk management.If you’re looking to strengthen your cybersecurity, enhance your GRC processes, or improve your business continuity planning, I’d love to connect. Together, we can build resilient and secure operations that not only protect your business but also enable it to thrive in an increasingly digital world.
Stephen Muasya- Msc, Cisa®,Cscso®'s current company
Company context helps verify the profile and gives searchers a useful next step.
Stephen Muasya- Msc, Cisa®,Cscso® work experience
A career timeline built from the work history available for this profile.
Isaca Foundation Scholarship Judge-2024
CurrentThe ISACA Foundation (previously known as One In Tech) issues global academic scholarships to provide funding and career-building resources for students pursuing cyber-related degrees. This scholarship program was honored with a 2023 Power of Associations Gold Award from the American Society of Association Executives (ASAE) for our work bridging the cybersecurity workforce gap
Committee Member-2025 Governance Of Enterprise Information & Technology Advisory Group
CurrentThe Governance of Enterprise Information & Technology Advisory Group will partner with ISACA Global to identify industry trends and support activities required to appropriately create the necessary information and governance content to develop products in support of ISACA’s constituents. New product ideas will be discussed, and products will be prioritized to align with ISACA global strategy.
Education Committee (Member)
Current
Information Security-Governance,Risk And Compliance(Grc) Specialist
Current✅Coordinate the development of best practice policies and standards based on various governance frameworks✅Getting Organization ready for Internal and External Systems/ Technology Audits✅Ensure all IT controls are documented and assigned control owners to establish accountability.✅Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives✅Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments✅Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC 2, ISO 27001, NIST, etc.)✅Monitoring IT controls across the organization✅Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., PCI DSS, GDPR, COBIT, SOC 2, ISO 27001,27002 NIST, CIS,27701, 22301 and 20000 etc.)✅Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units✅Control Self Assessments and Control Gap Analysis✅Third-party risk management and reporting✅Support Security Due-diligence activities with both regulators and business prospects✅Maintaining a Risk Register✅Responsible for developing and deriving KPIs from a controls baseline✅Overall analytics of the GRC program and creation and distribution of reporting metrics / dashboarding where appropriate✅Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program✅Creation, documentation and maintenance of governance processes to oversee IT GRC programs
It Governance, Risk And Compliance Manager- (Security, Infrastructure And Product)
I was Responsible for:✅ ISO 27001, CIS, PCI DSS, SOC 1/2 Implementation • Supported 100% -the implementation of ISO 27001 Information Security Management System (ISMS) program and relevant certifications. •Collaborated with cross-functional teams to establish and maintain security policies, procedures, and controls leading to 100% implementation and compliance.✅Internal IT Audits:•Planned, executed, and managed 5+ plus Periodic Cyber Security and Information Systems audits to assess compliance with NIST SP-800-53, ISO 27001 standards, CIS v8 and other relevant standards.•Identified over 50+ areas of improvement and provided recommendations for enhancing security and compliance measures.✅Compliance Standards and Assessments•Stay current on industry-specific compliance standards such as SOC 2, ISO 27001, CIS V8 and NIST, and others applicable to the organization.•Evaluate compliance with relevant regulatory frameworks, such as SOC2, ISO27001, GDPR, PCI DSS, and CCPA•Performed 30 + regular assessments and audits of the organization's security controls, policies, and procedures.✅Compliance Framework Development•Developed and maintained an effective security compliance framework that aligns with organizational goals.•Created and updated 10+ Policies, standards, and guidelines to address emerging security threats and regulatory changes.•Designed and implemented 30+ security controls, procedures, and technical safeguards to ensure compliance across the organization.✅Risk Assessment and Management:•Conducted periodic organizational- Wide risk assessments to identify potential security vulnerabilities and recommend appropriate risk mitigation strategies.✅IT Budgeting and planning•Oversighted and coordinated the process of IT Cost controlling (Budgeting and Forecasting of costs, Cost allocation, cost reporting, etc.) in collaboration with IT unit leads and the budgeting division which led to a 50% cost reduction in 6 months.
Information Security And Grc Lead
Special Contributions✅ Elevated overall security posture by 35% by leading the development and implementation of a comprehensive security program, including policies, standards, procedures, and awareness training, resulting in improved risk management and reduced security incidents.✅ Ensured 100% compliance with regulatory requirements (e.g., GDPR, HIPAA) by establishing a GRC framework, conducting regular audits and assessments, and remediating identified gaps, resulting in successful external audits and certifications.✅ Reduced cloud infrastructure costs by 20% by optimizing resource utilization, implementing cost-saving strategies, and automating governance processes, while maintaining security and compliance standards.✅ Mitigated critical vulnerabilities and risks by leading cross-functional teams to prioritize and implement remediation measures based on risk assessments, resulting in a significant reduction in the attack surface.✅ Established a robust incident response program by defining roles and responsibilities, developing playbooks, and conducting regular exercises, resulting in faster and more effective response to security events.Skills✅ Compliance Frameworks: NIST, ISO 27001/2, SOC 2, GDPR, HIPAA, PCI DSS, CCPA, SOX✅ Governance, Risk, & Compliance (GRC): Policy development, risk assessments, control implementation, Audit management✅ Cloud Platforms: AWS, Azure and GCP✅ Cloud Security: IAM, data encryption, network segmentation, security monitoring, CASB✅ Security Technologies: SIEM, IDS/IPS, firewalls, endpoint protection, vulnerability management
Senior It Governance, Risk And Compliance Officer
✅ Evaluated Information Technology controls for all operating systems, applications, database management system interfaces, and networks across the Bank to ensure consistency in achieving compliance requirements (regulatory, standards, and internal policies).✅ Promoted Information security awareness within the Bank on weekly basis by providing consultation, guidance, and conducting relevant awareness programs to ensure an Information Security-compliant culture.✅ Proactively anticipated potential threats and vulnerabilities and provided guidance in coordination with the information security department on effective responses or control measures to be implemented to mitigate them.✅ Managed updated Information Technology risk registers for the entire Bank.✅ Periodically performed vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on the closure of all identified vulnerabilities.✅ Carried out ICT risk assessments of the Bank systems and provided recommendations for appropriate and adequate IT security controls to mitigate and minimize ICT Risks.(NIST,ISO 27001,COSO,COBIT frameworks)✅ Continuously reviewed and improved the ICT Risk and security controls in place.-NIST RMF ISO and CIS V8 Controls.✅ Continuously reviewed systems at all levels i.e. servers, applications, database, network devices, etc., identifying risks and made recommendations on closure of the risks✅ Reviewing and tracking compliance with laws and regulations(GDPR and Kenya Data Protection Act)✅ Performing “deep dive” assurance reviews for new and existing products✅ Working with the CISO and the other senior members of the technology teams to promote cyber risk management throughout the organization.✅ Working with internal teams and industry stakeholders to promote Fraud Risk Management as an embedded discipline within the organization and across the entire financial services industry in Kenya.
Information Security Grc Analyst
Key Responsibilities:✅ Developed and maintained a formalized GRC framework, utilizing standards-based controls aligned to business-specific threats.✅ Assessed, prioritized and updated existing IT security policies and standards to reflect the compliance framework.(ISO 27001/2, COSO,COBIT,SOC 2 and PCI DSS )✅ Performed risk assessment of new IT projects, identify areas of potential technical and process vulnerability, recommend compensating controls.✅ Provided leadership & direction to ensure the proper governance occurs through Third Party Risk Management program.✅ Developed policies in line with ISO 27001/27002/27005 and IT security risk frameworks such as the NIST Cybersecurity Framework, COSO, COBIT )✅ Evaluated and maintained up-to-date knowledge of GRC standards' effectiveness and compensating controls in mitigating IT risk.
Technical Business Analyst (Business Banking And Product)
✅Developed 150+plus user stories and to-be process flows to support the design and development of Cloud sales solutions for the Credit and Business Development Teams across the entire bank. ✅Worked collaboratively with team (UI/UX) Design members to design over 50 solutions and products that met clients’ business requirements and fulfilled user stories from product teams and Marketing departments across the entire bank.✅Created, developed, and implemented solutions to address infrastructure and security requirements as per NIST,ISO 27001/2, COSO, PCI DSS Frameworks✅Identify the needs for build automation, designing, and implementing CICD solutions✅ Consulted on DevSecOps requirements from diverse application/line of business partners✅Create plug-and-play/reusable solutions and patterns for CICD pipelines✅ Created, developed, and implemented automation and system integration for various build platforms✅Published and disseminated CI/CD best practices, patterns, and solutions✅Ensured that the service’s uptime and response time SLAs/OLAs are met or surpassed✅Build or maintained CI/CD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment✅Designed action plans to address CI/CD platform/tools/solutions’ shortcomings and difficulties✅Actively participated in bridge calls with team members and contractors/vendors to prevent or quickly address problems✅Troubleshooting, identified, and fixing problems in the DevSecOps domain✅Ensured incident tracking tools are updated in accordance with established norms and processes, gather all essential data, and document any discoveries and concerns✅Aligned with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL)✅Created and published engineering platforms and solutions
Business Development & Kyc Specialist
As a Business Development & KYC Specialist I played a crucial role in driving new business growth while ensuring compliance with Know Your Customer (KYC) regulations. This position required a unique blend of sales acumen, relationship management skills, and a thorough understanding of KYC/AML (Anti-Money Laundering) principles within the banking industry.Key Responsibilities:✅Business Development: ✅Identify and pursue new business opportunities with potential clients. ✅Develop and maintain strong relationships with existing clients. ✅Conduct market research and competitor analysis to identify trends and opportunities. ✅Create and deliver persuasive sales presentations and proposals. ✅Negotiate and close deals to meet or exceed sales targets. ✅Collaborate with marketing and product teams to develop targeted campaigns.KYC Compliance:✅Perform comprehensive KYC due diligence on new and existing clients.✅Gather and verify client information, including identity, source of funds, and business activities.✅Conduct risk assessments and identify potential red flags.✅Ensure compliance with all relevant KYC/AML regulations and internal policies.✅Prepare KYC reports and documentation for review by compliance officers.✅Stay up-to-date on evolving KYC/AML regulations and industry best practices.✅Contribute to the development and implementation of KYC/AML policies and procedures.
Colleagues at Silensec
Other employees you can reach at silensec.com. View company contacts for 53 employees →
Frances Ruganyumisa
Colleague at SilensecKinondoni Municipal, Dar Es Salaam, Tanzania, United Republic Of
View →
IC
Ismath Chaudhry
Colleague at SilensecKenya
View →
MM
Mercy Mwikali
Colleague at SilensecKenya
View →
BB
Benson Burchard
Colleague at SilensecTanzania, United Republic Of
View →
VG
Varun Gupta
Colleague at SilensecKenya
View →
BK
Bonface Kinoti
Colleague at SilensecKenya
View →
BN
Baraka Nashon
Colleague at SilensecTanzania, United Republic Of
View →
AA
Azeem A.
Colleague at SilensecNairobi County, Kenya
View →
YC
Yuster Cornely
Colleague at SilensecDar Es-Salaam, Dar Es Salaam, Tanzania, United Republic Of
View →
SM
Sana Muhammad
Colleague at SilensecWest Midlands, England, United Kingdom
View →
Stephen Muasya- Msc, Cisa®,Cscso® education
Masters In Computer Science, Information Technology Management( Major)
Certificate, Fintech Compliance ,Payments And Global Regulations
Certificate, Information Systems Auditing, Controls And Assurance
Sdgs And The Law, Sdgs And Law
Business Information Technology And Management, Information Technology
Certified Information Systems Auditor-Cisa
Certified Data Protection, Center For Intellectual Property & Information Technology Law, Pass
Frequently asked questions about Stephen Muasya- Msc, Cisa®,Cscso®
Quick answers generated from the profile data available on this page.
What company does Stephen Muasya- Msc, Cisa®,Cscso® work for?
Stephen Muasya- Msc, Cisa®,Cscso® works for Silensec.
What is Stephen Muasya- Msc, Cisa®,Cscso®'s role at Silensec?
Stephen Muasya- Msc, Cisa®,Cscso® is listed as Senior Global Governance, Risk and Compliance Consultant at Silensec.
Where is Stephen Muasya- Msc, Cisa®,Cscso® based?
Stephen Muasya- Msc, Cisa®,Cscso® is based in Nairobi County, Kenya while working with Silensec.
What companies has Stephen Muasya- Msc, Cisa®,Cscso® worked for?
Stephen Muasya- Msc, Cisa®,Cscso® has worked for Silensec, Isaca, Isaca Kenya Chapter, Confidential, and Mara.
Who are Stephen Muasya- Msc, Cisa®,Cscso®'s colleagues at Silensec?
Stephen Muasya- Msc, Cisa®,Cscso®'s colleagues at Silensec include Frances Ruganyumisa, Ismath Chaudhry, Mercy Mwikali, Benson Burchard, and Varun Gupta.
How can I contact Stephen Muasya- Msc, Cisa®,Cscso®?
You can use AeroLeads to view verified contact signals for Stephen Muasya- Msc, Cisa®,Cscso® at Silensec, including work email, phone, and LinkedIn data when available.
What schools did Stephen Muasya- Msc, Cisa®,Cscso® attend?
Stephen Muasya- Msc, Cisa®,Cscso® holds Masters In Computer Science, Information Technology Management( Major) from University Of Nairobi.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial