Johannesburg Metropolitan Area
As a highly skilled Cyber Risk Auditor with almost 10 years of experience in cybersecurity, risk management, and business development, I hold a Postgraduate Diploma in Internal Auditing, the Certified Information Security Manager (CISM) certification, and an AWS Certified Cloud Practitioner credential, alongside foundational knowledge of COBIT. I specialize in establishing audit procedures and managing the execution of cyber risk audits, providing independent internal audit assurance, and offering consulting services to address cybersecurity risks. I bridge the gap between risk assessment and business strategy, identifying and mitigating cyber threats while driving growth in the cybersecurity domain. My expertise includes conducting comprehensive risk assessments, analyzing vulnerabilities, and developing robust mitigation strategies to protect critical assets and information systems. I ensure compliance with regulatory frameworks and align cybersecurity practices with industry standards and governance requirements. I actively contribute to the annual audit plan, manage audit progress, and provide insightful audit findings that highlight deficiencies and suggest improvements in the cybersecurity control environment. In addition to my technical skills, I excel in stakeholder engagement, building strategic partnerships, and translating complex cybersecurity concepts into actionable insights for executives. I lead cross-functional teams, mentor cybersecurity professionals, and implement security governance frameworks to enhance organisational resilience. My ability to integrate technical expertise with business acumen allows me to provide valuable leadership and insights, ensuring organisations are secure, compliant, and prepared for evolving cyber threats.
• Provide input into the annual audit plan, manage audit progress and ensure alignment with organisational goals • Compile and coordinate cyber risk audit findings, identifying deficiencies and producing high-quality audit reports that highlight critical issues • Execute audits using the Group’s Internal Audit methodology and frameworks, policies, procedures, and standards • Offer insights during audit reviews, applying innovative solutions to enhance the cybersecurity control environment and drive organisational improvements • Develop and maintain collaborative relationships across specialised areas to foster cross-functional teamwork and knowledge-sharing • Encourage and promote a culture of teamwork, inclusivity, and open communication within the audit team and across departments • Actively participate in professional development activities to continuously expand skills and expertise • Provide subject matter expertise and thought leadership in cybersecurity, offering guidance and recommendations to stakeholders • Ensure development and value-added improvements to operational processes • Manage audit risks within the assigned area of responsibility, ensuring timely identification and mitigation of potential threats • Build and nurture strong working relationships across teams and functional areas to enhance collaboration, innovation, and work delivery • Deliver exceptional customer experience, ensuring service delivery aligns with standards and client expectations • Sizwe also sits at the FirstRand Group Cyber MANCO and EXCO where he fosters, develop and maintain collaborative relationships with the Group CISOs and ISOs.
Identify potential cyber risks by conducting thorough assessments of the organization’s systems, networks, and infrastructure. Analyze vulnerabilities and recommend appropriate measures to mitigate risks. Implement effective risk mitigation strategies and frameworks. Creating cybersecurity policies and procedures, implementing security controls and measures, and establishing incident response plans. Stay updated with relevant laws, regulations, and industry standards pertaining to cybersecurity. Ensure the organization is compliant with these requirements and provide guidance on necessary actions to maintain compliance. Identify business opportunities in the cybersecurity domain. Collaborate with internal stakeholders and business units to develop strategies for expanding the organization’s cybersecurity offerings. Identifying potential clients, building relationships, and creating proposals for cybersecurity services or products. Work closely with clients to understand their specific cybersecurity needs and develop tailored solutions. Provide guidance and support to clients on cybersecurity best practices, risk management, and compliance. Develop and maintain an effective incident response plan to address and manage cybersecurity incidents. Coordinate with relevant teams to ensure timely response, containment, investigation, and recovery from security breaches or incidents. Conduct training programs and awareness campaigns to educate employees and stakeholders about cybersecurity best practices. Promote a culture of cybersecurity awareness and vigilance within the organization. Evaluate and manage relationships with external cybersecurity vendors, consultants, and service providers. Assess their capabilities, review contracts, and ensure effective delivery of services. Establish and maintain security governance frameworks and processes to ensure consistent and effective cybersecurity practices across the organization.
Building and maintaining strong relationships with clients, understanding their needs, and ensuring client satisfaction. Conducting thorough assessments of client organizations to identify their challenges, opportunities, and areas for improvement. Analyzing data, conducting interviews, and reviewing relevant documentation. Developing effective strategies and action plans to address client needs and achieve their goals. Identifying growth opportunities, optimizing operations, improving efficiency, or implementing organizational changes. Overseeing and managing consulting projects from start to finish. Defining project objectives, creating project plans, coordinating resources, monitoring progress, and ensuring timely delivery of results. Analyzing complex data sets to derive meaningful insights and recommendations for clients. Designing innovative and tailored solutions to address client challenges. Developing new processes, designing organizational structures, recommending technology solutions, or implementing best practices. Leading and mentoring junior consultants or project teams, providing guidance, support, and feedback. Responsible for ensuring high-quality deliverables and fostering a collaborative team environment.
Identifying potential security risks and vulnerabilities within an organization’s network, systems, and infrastructure. Developing and implementing security strategies and policies to mitigate risks and protect sensitive information. Collaborating with the organization’s IT team to design secure network architectures, systems, and applications. Evaluating and selecting appropriate security technologies, tools, and solutions. Conducting investigations, coordinating response efforts, and minimizing the impact of security incidents. Educating employees and stakeholders about security risks, best practices, and proper handling of sensitive data. Conducting security awareness programs, training sessions, and workshops. Identify opportunities for innovation in audit as well as client processes, and develop practical solutions to implement innovative practices Identify and clearly articulate the root cause of issues identified and impact thereof, and recommend changes to business processes that will address the IT and Project control weaknesses Planning & Scoping of IT Cyber Security Reviews Planning & Scoping of External IT Disaster Recoveries Performing Testing on IT Disaster recovery structures and Governance structures using: King III & IV Cobit 5 Principles ITL guidelines ISO 27001