Elvir Joss Sam Junior Ninteretse

Cybersecurity Operations

• Monitor and assess the bank’s cybersecurity posture across infrastructure and digital assets.
• Conduct vulnerability assessments and internal security scans (network, system, and application).
• Lead vulnerability management efforts: ensure timely remediation of vulnerabilities within defined SLAs, track remediation status, and share monthly reports with management.
• Oversee patch and configuration reviews to ensure compatibility and secure deployment.
• Support the deployment and tuning of tools like Imperva WAF, Radware, and Airgap Solution
• Collaborate with IT operations to improve system hardening, firewall rules, and endpoint protection.

• Develop and maintain the ICT risk register and perform periodic risk assessments.
• Design and implement templates and frameworks to assess:
  Cybersecurity maturity
  ICT risk maturity
  Risk appetite and tolerance thresholds
• Map technical controls to compliance standards (ISO 27001:2022, NIST CSF, PCI DSS).
• Lead compliance documentation and audit readiness for both internal and external review.
• Advise on secure process improvements to align with governance best practices.

• Draft baseline reports (e.g., Zero-Day Baseline, Risk Heat Maps) to reflect ICT risk posture.
• Contribute to the security roadmap, BIA sessions, and change management risk reviews.
• Analyze insider threats, DDoS exposure, and segmentation strategies for all Bank's systems

• Engage in awareness efforts to educate teams on phishing, secure access, and secure-by-design principles.
• Coordinate with TZ headquarters on change control, domain-integrated systems, and failover scenarios.

Imperva WAF | Radware | Nessus | CyberArk | ISO 27001:2022 | NIST CSF | PCI DSS | Risk Register Management | Risk Heat Maps

• 1. Data Collection
• Collected field data from coffee farmers, partners, and other relevant stakeholders.
• Verified the quality of the collected data, ensuring its reliability and completeness.
• 2. Data Analysis
• Contributed to the quantitative and qualitative analysis of data to assess project progress.
• Assisted in interpreting results to provide actionable insights for project improvement.
• Prepared reports and dashboards based on collected data.
• 3. Reporting and Documentation
• Contributed to drafting periodic activity and evaluation reports.
• Documented best practices, lessons learned, and key findings.
• Assisted in preparing presentations for internal meetings and partner discussions.
• Supported the preparation of bank reconciliations.
• Assisted in developing reports and visualizations using Excel and Tableau.
• Analyzed data sets to identify trends and insights for program evaluation.
• Conducted surveys and interviews to gather qualitative data for project assessments.
• Collaborated with team members to ensure accurate data entry and management.
• Supported data cleaning processes to enhance database integrity and reliability.
• Participated in meetings to present findings and recommend actionable strategies.

• Conducted penetration testing and vulnerability assessments in compliance with ISO 27001 and PCI DSS standards.
• Led penetration testing documentation efforts, refining security architecture in collaboration with the senior network administrator and contributing to the Fortinet firewall configuration for enhanced network defense.
• Gained hands-on experience in compliance frameworks by working closely with external PCI DSS assessors, deepening knowledge of security auditing tools such as Qualys.
• Deployed and maintained SIEM solutions to monitor security incidents and ensure real-time response to cybersecurity threats.
• Enhanced e-tax compliance security by working on a project destined to implementing encryption techniques such as SHA-256 and reverse engineering to secure taxpayer data, similar to KRA’s e-system in Kenya.
• Educated staff on security awareness, including phishing detection and password hygiene.
• Analyzed security incidents and vulnerabilities to enhance overall system protection.
• Monitored network traffic for suspicious activity, identifying potential threats proactively.

• Developed secure web applications using HTML, CSS, Python, and Django.
• Built employee login platforms with integrated security features.