Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Languages
References
Timeline
Generic

Tshamanyangala Paul Kankwende

Melissa,TX

Summary

Group Head of Information Security with over 15 years of global financial, telecommunications, healthcare, and education industry experience as a change agent to redefine true enterprise security and an additional five years leading a security startup in the information security industry. Security Strategy, Execution, Security Management, Security Architecture, Security Engineering, Consulting Services, Data Loss Prevention, Threat and Vulnerability Assessment, Incident Management, APT Campaigns, Marketing Segmentation, Social Network, Network Security, Risk Management and Controls, Big Data, Security Analytics, Endpoint Security, Network Security, Startups, Common Sense, and Accountability are some of my specialties. A focused security manager brings 22 years of experience supporting organizational efforts in uniquely challenging locations. Dedicated to strategic planning and delivery of large-scale objectives, while maintaining the highest levels of integrity and respect. Adept at facilitating the attainment of complex goals in environments ranging from third-world to war-torn countries. Highly skilled in utilizing advanced technical, business, and logistics prowess to streamline processes.

Overview

16
16
years of professional experience
1
1
Certification

Work History

Systems Security Manager

Salinas Valley Health
01.2023 - 01.2024
  • Lead and manage cyber security program development and implementation to build cutting-edge policies and processes that ensure consistent, effective information security and privacy practices
  • Oversee infrastructure vulnerability technical assessments (scanning, system hardening, and penetration testing) and facilitate risk-based assessments of vulnerabilities and their remediation
  • Assist in maintaining governance documentation, ensuring all processes, policies, and standards are up-to-date and easily accessible for internal teams
  • Address data governance-related issues, escalating where necessary and ensuring timely resolution
  • Support the continuous improvement of the infrastructure vulnerability management program initiatives, process and technology integration, and technical & risk-based assessments
  • Maintain infrastructure vulnerability management policy and standards in partnership with the Risk & Security organization, operations teams, and Business Unit system owners
  • Serves in a leadership role for regulatory compliance such as the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act (HIPAA and HITECH Act) security activities, including implementing, managing, and enforcing information security directives mandated by regulatory requirements.
  • Performed risk assessments and identified areas of improvement in cybersecurity policies, procedures, and protocols.
  • Led a complex information security and privacy program, providing vision and direction for information security initiatives to support SVH business objectives and requirements.
  • Manage information security teams to proactively analyze and directly respond to internal and external threats to system security, including unauthorized access, vulnerability assessments, and incident management. Define and drive threat identification and response across the company.
  • I initiated several IT and secure code development practices, including two-factor authentication (2FA), Data Loss Prevention (Data classification and DLP), Intrusion Prevention (IPS), Web Application Firewalls (WAF), MDM, static and dynamic code scanning, Endpoint security, SIEM, phishing and social engineering campaigns, employee awareness, and several IT and security initiatives.
  • Offered tactical/strategic information security guidance and advice and examined the ramifications of new and existing technologies.
  • Developed and implemented a comprehensive information security strategy to protect sensitive data and intellectual property for global operations with over 5000 employees and contractors.
  • Designed threat and vulnerability management initiatives by OWASP, MITRE ATT&CK, NIST CSF, ISO 27001, and the Center for Internet Security, among other control objectives and frameworks.
  • Managed the overall security program, including risk management, incident response, and compliance with relevant regulations.
  • Performs initial and periodic information security risk assessments and conducts ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
  • Ensures compliance with security practices and consistent application of sanctions for failure to comply with security policies for all individuals in the organization’s workforce, extended workforce, and all business associates, in cooperation with Human Resources, the information security officer, administration, and legal counsel as applicable.
  • Initiates facilities and promotes activities to foster information security awareness within the organization and related entities.
  • Research emerging technologies to support system development efforts and recommend technologies that increase cost-effectiveness, flexibility, and security value.
  • Review new and existing systems design projects and procurement or outsourcing plans for compliance with standards and architectural plans.
  • Monitors common and individual work queues. Completes or escalates incidents and service requests in a timely fashion. Provides escalation assistance to all IT team members.

Group Head of Information Security

Bayport Financial Services
10.2021 - 12.2022
  • Provides strategic vision and operational leadership of the Information Security Shared Services across the Group, subsidiaries, supporting information security initiatives, and the associated decision-making, planning, and implementation to monitor and protect sensitive data and systems from infiltration or misuse
  • Develops Bayport Management Limited's security strategy, security awareness programs, security architecture, and security incident response
  • Partner with business stakeholders across the company to raise awareness of risk management concerns
  • Support the collection and reporting of data governance metrics, helping to showcase the progress and impact of governance initiatives
  • Responsibilities cover security engineering, security operations, incident response, threat intelligence, vulnerability management, application security, audit, and compliance (inclusive of daily adherence to the Payment Card Industry [PCI] Data Security Standard [DSS] privacy, disaster recovery, and regular information security updates to the Board of Directors).
  • Manage encryption in the cloud, monitor for and respond to incidents in the cloud environment.
  • Keeping cloud infrastructure current, making recommendations, and continually improving cloud strategy
  • Provides the direction for Bayport Management Limited's data and cybersecurity protection and oversees Technology governance and policies. Accountable for managing enterprise information security governance, risk management, and compliance, including privacy and disaster recovery elements.
  • Assisted clients in applying key frameworks, including NIST, COBIT, and SOC 2.
  • Provides strategic risk guidance for IT projects, including evaluating and recommending technical controls. Educates IT and Bayport Management Limited leaders on appropriate security risk and mitigation strategies.
  • Collaborates with IT and Bayport Management Limited compliance team(s) as needed and coordinates the IT component of both internal and external audit examinations to ensure security programs comply with relevant laws, regulations, and policies.
  • Develops, maintains, and publishes up-to-date security policies, standards, and guidelines. Oversees Training and dissemination of security policies and practices.
  • Evaluate new cybersecurity threats and IT trends and develop effective security controls. Oversees development of security awareness programs
  • Develops and oversees effective disaster recovery policies and standards to align with company business continuity management program goals.
  • Coordinates the development of implementation plans and procedures to ensure business-critical services are recovered in the event of disasters or other incidents and provides direction, support, and in-house consulting in these areas.
  • Evaluate potential security breaches, coordinate responses, and recommend corrective actions. Define and report on information security metrics.
  • Maintains current knowledge of the industry, regulatory trends, and developments in enterprise technology. I worked within applicable standards, policies, and regulatory guidelines to promote a safe working environment.

IT and Cybersecurity Manager

Vumatel
02.2021 - 08.2021
  • Develop and implement a long-term security strategy to protect the company's information resources
  • Develop comprehensive information security policies, procedures, standards, and guidelines and oversee their approval, dissemination, and maintenance
  • Ensure that the information security management program enforces compliance with applicable policies, laws, regulations, and contractual requirements
  • Work closely with functional-area architects, engineering, and security specialists throughout the company to ensure adequate security solutions and controls are in place throughout all IT systems, cloud systems, and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements
  • Lead efforts to monitor and maintain compliance with POPIA, GDPR, and other applicable laws and regulations
  • I worked to strike an optimal balance between the necessity for business and the need for security, safety, and data privacy in all aspects of IT operations.
  • Identify, evaluate, and report on information security risks, program developments, and improvement projects to the executive committees and provide subject matter expertise on security standards and best practices.
  • Work with senior stakeholders across the business to identify and assess IT risks, establish risk tolerance,
  • navigate risk acceptance processes, monitor remediation efforts, and implement mitigating and compensating controls necessary to reduce IT risks to acceptable levels.
  • Use cybersecurity frameworks, including NIST, COBIT, ISO 27001, and SOC 2, to specify security control, risk assessment methods, and suitable safeguards to protect information assets.
  • Develop, mentor, lead and manage a high-performing cross-functional team of information security, risk, and compliance professionals.
  • Be an active participant and take a leadership role in relevant councils, committees, and working groups in areas related to IT Governance, Information Security, Data Governance, Identity & Access, and Privacy.
  • Supervise all aspects of security operations for the organization's daily defense, including monitoring, detection, Investigation, and response to attacks, vulnerabilities, and emergent threats.
  • Oversee the evaluation, selection, and implementation of innovative, cost-effective, and minimally disruptive information security solutions.
  • Supervise efforts to satisfy regulatory requirements, including executing internal and external IT audit activities and implementing remediation actions.
  • Develop business-focused metrics to measure the effectiveness of the information security program and increase the program's maturity over time.
  • Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate postures in response to the changing threat landscape.
  • Liaise with law enforcement and other advisory bodies to ensure the organization maintains a strong security posture.
  • Oversee incident response planning, investigate security breaches, and assist with any associated disciplinary, public relations, and legal matters.
  • Oversee and lead the creation, communication, and implementation of a process for managing vendor and third-party risks.

Senior IT and Cybersecurity Consultant

Right to Care-Equip Health
02.2020 - 06.2021
  • Developing, implementing, and monitoring a strategic and comprehensive enterprise-wide information security and IT risk management utilizing components drawn from industry standards such as ISO 27001, NIST, COBIT, and CIS frameworks
  • Ensuring that the security program is appropriate and fit for purpose to support the business's strategic objectives while addressing the most pressing risk items with available resources using a risk-based approach
  • Consulting with the Board of Directors, Executive, and senior management on information security affecting customers and the clinic
  • Discover, remediate and validate security issues across cloud infrastructure(Azure, Aws) per industry standards, information security policies
  • Build, deploy, and manage production security tools and services to monitor networks, endpoints, and cloud workloads
  • Design and operate scalable processes to provision cloud access and maintain the least privilege
  • (Aws, Azure)
  • Partner closely with security leadership, compliance, and engineering to execute security strategies for Equip health infrastructure.
  • Enterprise Information Security: Strengthen protection against increasing information, technology security, privacy, and confidentiality threats; protect the integrity of the organization's data and IT assets by strengthening RTC's cybersecurity posture.
  • IT Service Continuity and Disaster Recovery: Maintain RTC IT Service continuity strategy, update recovery plans, policies, and procedures, and conduct regular disaster recovery/failover tests for critical systems.
  • Risk Management: Conduct risk assessments and decide the level of acceptability; implement risk mitigation plans. Maintain the risk register, which is reviewed and updated.

Head of IT: Infrastructure and Security

Motus Financial Services
02.2019 - 12.2019
  • Responsible for leading and executing the long-term strategy for Motus Financial Services’ Technology Infrastructure and Information Security and Privacy Programs, ensuring alignment with the corporate strategy
  • Use cybersecurity frameworks like NIST, COBIT, ISO27001/2, and SOC 2 to define security controls, risk assessment methods, and the best ways to protect information assets
  • Built the information security team from the ground up, covering all the necessary disciplines and functions to protect the company's information assets
  • Implemented governance and risk-based strategy that is empowered by being part of the company's leadership team, working with C-Suite executives and the Board of Directors to address new and emerging threats constantly
  • Oversees the development and implementation of the Information Security Program to ensure the ongoing practice of security as a process within the organization
  • Assesses the IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and penetration.
  • Vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and penetration.
  • Develop, maintain, and oversee information security policies, procedures, and control techniques to address all applicable requirements.
  • In partnership with the head of IT and Legal Compliance, ensure that Motus Financial Services complies with existing laws and regulations (e.g., GDPR, POPIa, and Other International Privacy Laws).

Head of IT Governance, Operations, and Security

Right to Care (Healthcare)
05.2013 - 01.2019
  • Enterprise Information Security: Strengthen protection against increasing information, technology security, privacy, and confidentiality threats; protect the integrity of the organization's data and IT assets by strengthening RTC's cybersecurity posture
  • Responsibilities cover security engineering, security operations, incident response, threat intelligence, vulnerability management, application security, audit, and compliance (inclusive of daily adherence to the Payment Card Industry [PCI] Data Security Standard [DSS], privacy, disaster recovery, and regular information security updates to the Board of Directors
  • Provides strategic risk guidance for IT projects, including evaluating and recommending technical controls
  • Educates IT and Right to Care leaders on appropriate security risk and mitigation strategies
  • Collaborates with IT and Right to Care compliance team(s) and coordinates the IT component of internal and external audits to ensure security programs comply with relevant laws, regulations, and policies
  • Develops, maintains, and publishes up-to-date security policies, standards, and guidelines
  • Oversees Training and dissemination of security policies and practices
  • Valuates new cybersecurity threats and IT trends and develops effective security controls
  • Oversees development of security awareness programs
  • Responsible for security operations, which include network and endpoint security as well as Identity and Access Management (IAM)
  • Regulatory compliance: Ensure adherence to relevant legislation, internal policies, and audit requirements; Review RTC IT internal policies, procedures, frameworks, and standards used in the organization.
  • Promoted high customer satisfaction by resolving problems with knowledgeable and friendly service.
  • Demonstrated leadership by making improvements to work processes and helping to train others.
  • Achieved cost-savings by developing functional solutions to problems.
  • Collaborated with a cross-functional team to define features and build powerful and easy-to-use products and customer-facing workflow tools.

Senior IT Manager

Right to Care (Healthcare)
04.2008 - 04.2013
  • Leading a group-wide implementation, operation & maintenance of the Information Security Management System based on the ISO/IEC 27001 standard
  • Information security strategy design and deployment
  • Information security governance
  • Risk assessment, management, methodologies, and quality assurance
  • Manage a team of information security professionals, hire and train new staff, and provide leadership and coaching
  • Define, update, and implement corporate Information Security Strategy
  • Develop and implement Information Security Policies and Procedures
  • Performing changes in existing policies and procedures to ensure operating efficiency and regulatory compliance
  • Experienced with selecting, implementing, and managing enterprise security technologies, including SIEM, proxies, NAC, anti-virus, anti-malware, DLP, IPS, vulnerability scanners, and PKI
  • Determine the IT Security Office budget to cover planned projects, purchases, and security technology upgrades
  • Providing security expertise for all organizational projects (risk assessment)
  • Identify security issues during the project's life cycle
  • Manage security penetrations test
  • Assisted in performing ongoing security monitoring and continuous improvement of information systems, including risk assessment, gap analyses, new security capabilities assessments, and recommendations
  • Regularly report to the CIO, CEO, and Security Dashboards
  • Evaluate systems, applications, and processes and publish change recommendations if necessary
  • Provide security communication, awareness, and training to all personnel
  • Program development and operations experience in Information Security and Compliance, Privacy, Audit, Threat & Vulnerability Management, Incident Response, Third Party Risk, Penetration Testing, Identity and Access Management, Digital Threat Monitoring, Data Governance, and IT Risk.
  • Developed and implemented IT policies and procedures to ensure compliance with industry standards.
  • Managed the installation, configuration, maintenance, and troubleshooting of network systems.
  • Collaborated with other departments to develop innovative solutions for complex problems.
  • Created detailed documentation for software, hardware, and network configurations.
  • Conducted research to identify new technologies that could improve operations.
  • I worked closely with vendors to negotiate contracts and select appropriate products or services.
  • Coordinated disaster recovery plans to minimize downtime during system outages or malfunctions.
  • Established security protocols to protect data from unauthorized access or modification.
  • Assessed current infrastructure capabilities against future requirements.
  • Developed and implemented system lifecycle methodologies to produce systems of high quality.

Education

PhD in Information Systems -

University of Cape Town

Master of Science in Cybersecurity -

EC-Council University

Master of Science in Information Systems -

Tshwane University of Technology

Bachelor’s degree in information systems -

Tshwane University of Technology

Diploma in Information Systems -

Tshwane University of Technology

Skills

  • Security resource management
  • Penetration Testing
  • Network Security
  • Forensic analysis
  • Incident Response
  • Application security
  • Disaster Recovery Planning
  • Patch management
  • Problem-solving aptitude
  • Operational Reporting
  • Effective Communication
  • Teamwork and Collaboration
  • Technology Integration
  • Continuous Improvement
  • Requirements Analysis
  • Written Communication
  • Security improvements
  • Analytical Skills
  • Adaptability and Flexibility
  • Agile work processes
  • Project Leadership
  • Budget Control
  • Data Encryption
  • Government policy compliance
  • Threat research
  • Compliance Management
  • Network security audits
  • Security plans of action
  • Vulnerability assessments
  • Cybersecurity policy development
  • Business continuity planning
  • Risk management expertise
  • Intrusion Detection
  • Risk Assessment
  • Security Needs Assessment
  • Managing security breaches
  • Data Security
  • Task Prioritization
  • Reporting and documentation
  • Disaster Recovery
  • Loss prevention expertise
  • Incident Reports

Certification

  • Certified Chief Information Security Officer
  • Certified Network Defender (CND)
  • Certified Information Security Manager (CISM)
  • ISO/IEC 27032 Lead Cybersecurity Manager
  • ITIL Foundations
  • COBIT 5
  • Program in Project Management
  • Microsoft Certified System Engineer (MCSE)
  • Microsoft Certified Professional (MCP)
  • Microsoft Certified System Administrator (MCSA)
  • Information Security Graduate Certificate (EC Council)
  • Certified Security graduate certificate (Information Security Analyst)

Affiliations

  • Reading
  • learning
  • Soccer

Languages

English
Professional

References

References available upon request.

Timeline

Systems Security Manager

Salinas Valley Health
01.2023 - 01.2024

Group Head of Information Security

Bayport Financial Services
10.2021 - 12.2022

IT and Cybersecurity Manager

Vumatel
02.2021 - 08.2021

Senior IT and Cybersecurity Consultant

Right to Care-Equip Health
02.2020 - 06.2021

Head of IT: Infrastructure and Security

Motus Financial Services
02.2019 - 12.2019

Head of IT Governance, Operations, and Security

Right to Care (Healthcare)
05.2013 - 01.2019

Senior IT Manager

Right to Care (Healthcare)
04.2008 - 04.2013

PhD in Information Systems -

University of Cape Town

Master of Science in Cybersecurity -

EC-Council University

Master of Science in Information Systems -

Tshwane University of Technology

Bachelor’s degree in information systems -

Tshwane University of Technology

Diploma in Information Systems -

Tshwane University of Technology
  • Certified Chief Information Security Officer
  • Certified Network Defender (CND)
  • Certified Information Security Manager (CISM)
  • ISO/IEC 27032 Lead Cybersecurity Manager
  • ITIL Foundations
  • COBIT 5
  • Program in Project Management
  • Microsoft Certified System Engineer (MCSE)
  • Microsoft Certified Professional (MCP)
  • Microsoft Certified System Administrator (MCSA)
  • Information Security Graduate Certificate (EC Council)
  • Certified Security graduate certificate (Information Security Analyst)

Similar Profiles

  • Teresa Lawsky

    Teresa LawskyTeresa Lawsky

    Breast Health Nurse Navigator at Salinas Valley HealthBreast Health Nurse Navigator at Salinas Valley Health

    View Profile
  • Amanda Balentine

    Amanda BalentineAmanda Balentine

    Pathology Clerk at Salinas Valley HealthPathology Clerk at Salinas Valley Health

    View Profile
  • Ma Jeralyn Ramos-Gomez

    Ma Jeralyn Ramos-GomezMa Jeralyn Ramos-Gomez

    Technical Supervisor at Salinas Valley HealthTechnical Supervisor at Salinas Valley Health

    View Profile
Tshamanyangala Paul Kankwende