With over a decade, hands-on experience in developing, delivering, and maintaining Cyber Security and technology risk management solutions encompassing people, process, and technology elements. This aim is achieved through the meticulous selection of industry-recognized standards and frameworks; ISO27001, 31000, 9000, NIST CSF, ASD Essential 8, Cyber Kill Chain, OWASP, and PCI DSS to achieve regulatory obligations and sustain risk appetite.
A proven track record in tenures with the public sector, utility, and retail industries on an international scale, working in medium to large corporations with 5K+ and 15K+ employees, with varying maturity levels.
My roles are tasked with providing leadership and direction towards uplifting cybersecurity maturity and culture. This is well established by implementing technological and governance capabilities to achieve the organization's vision. With the objective to add value to the enterprise by understanding the business need by driving secure and practical systems in the domains of policy and procedure, prevention and detection, incident management and response as well as disaster recovery and business resilience. I hold the ISACA CRISC certification as well as a bachelor’s degree in Computer Science, majoring in Business Management Information Systems. In addition, he sits in several advisory roles with experience across a broad range of management, technology, and risk frameworks.
TOPIC- How to build a Third-Party Risk Management program that actually works
TOPIC DESCRIPTION- An effective 'Third-Party Risk Management Program' can be difficult to achieve, with many different aspects to consider, ranging from; cloud applications, third-party users, and mobile devices can be hard to focus on what's important and achieve your objectives. My topic will be about breaking down the goals of the program and how those goals can be achieved. I will discuss what tools and mechanisms can be used and how to get the most of your efforts.