Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Lucille Britz

Lucille Britz

Security Head
Gauteng

Summary

More than 30 years' experience as an Information Technology (IT) professional with strong expertise in IT management, IT security management, and IT enterprise architecture. Demonstrated expertise in establishing and implementing large information security programs. Designed and implemented automated tool-based vulnerability management framework that continuously monitors and detects Cybersecurity threats and vulnerabilities. Performed evaluations and selections of IT security tools and successfully implemented IT security systems to protect the availability, integrity, and confidentiality of critical business information and information systems. Highly skilled, dedicated and enthusiastic team player with excellent leadership and communication skills.

Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals. Detail-oriented team player with strong organizational skills. Ability to handle multiple projects simultaneously with a high degree of accuracy.

Overview

36
36
years of professional experience
15
15

15 Years managing Security related change in the Digital world

5
5
years of post-secondary education

Work History

Head of Security SEA and MENA

MTN
Johannesburg, Gauteng
02.2022 - Current
  • Developed and implemented Enterprise Security Program that includes 22 departments and 22,000 employees.
  • Developed Executive Order 1-48, Information Technology Security, to provide consistent policies regarding information technology (IT) security and roles and responsibilities of personnel using and maintaining computer resources, electronic communications and Internet access in performance of job function.
  • Developed City of Houston administrative procedure for IT Security Program, to prescribe roles, responsibilities, and conditions that promote security throughout IT system life cycle and set ground rules under which City of Houston operates to safeguard information and information systems.
  • Developed administrative procedure for the Appropriate Use of Computing Devices and Other IT Resources to establish policy for appropriate and inappropriate use of computing devices (including employee owned devices) that connect to IT resources.
  • Developed IT security handbooks to provide detailed information and guidance regarding the processes to meet IT security program requirements.
  • Developed and implemented web-based Cybersecurity Awareness Training Program for all employees.
  • Developed and implemented automated tool-based vulnerability management framework.
  • Led effort to conduct IT security risk assessments and develop security plans for departments.
  • Led evaluation, selection and implementation of the following tools: governance, risk & compliance (GRC), security information and event management (SIEM), automated vulnerability management, automated penetration testing, application whitelisting, data loss prevention (DLP), intrusion detection system/intrusion prevention system (IDS/IPS), web filtering, malware defense systems for endpoints and network perimeter, and mobile device management.

Regional Security Manager MENA

MTN
Johnnesburg, Gauteng
09.2017 - 02.2021
  • Management of IT Program, including IT Security Program, for Engineering Directorate that includes 9 Divisions with 900 Civil Service employees and 2500 Contractor employees.
  • Established management control and communications processes to ensure IT Security Program is implemented consistent with current policies.
  • Managed and implemented Agency certification and accreditation process for all IT systems.
  • Ensured development and approval of IT security plans and procedures, continuity of operations plans and procedures, and information security baselines and controls.
  • Conducted IT security audits to ensure effective implementation of security controls.
  • Ensured development and implementation of risk analysis processes and procedures for IT systems.
  • Defined risk mitigation strategies and reported significant changes to senior management.
  • Promoted accountability of Division Chiefs in managing information security risks.
  • Ensured vulnerability and threat assessments were performed to evaluate the effectiveness of existing security controls.
  • Developed and implemented processes to enable detection, identification, and analysis of IT security threats and vulnerabilities.
  • Developed and implemented Information Security Training and Awareness Program.
  • Established and maintained effective Information Resource Management program, including the development of strategic IT plan.
  • Managed 10 million dollar IT budget that included commercial IT systems and services, IT security projects, and in-house IT systems.
  • Managed IT service functions, including end user services and devices (computer workstations and mobile computing devices).
  • Established management and communication processes to ensure effective IT program that enables the mission and fosters conflict resolution.
  • Managed and implemented IT requirements, standards, and business processes.
  • Managed Capital Planning and Investment Control (CPIC) Process
  • Analyzed Federal, Agency, and Center IT requirements to determine impacts and developed effective implementation strategies for compliance.
  • Developed service level agreements, including appropriate performance metrics.

Head Portfolio Change Manager

Standard Bank of South Africa
Johannesburg, Gauteng
06.2012 - 07.2017
  • Established and implemented IT security program ensuring the security of all programmatic information residing on systems that were distributed across ten NASA Centers. These systems were an integral part of five major projects: Crew Exploration Vehicle, Crew Launch Vehicle, Mission Ops, Ground Ops, and Lunar Robotics
  • Developed program IT security governance document that includes effective approach to internal and external integration and communication to accomplish IT security objectives.
  • Established and validated security requirements that include physical, command and control, communications and information security requirements.
  • Coordinated activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
  • Established IT security planning processes, including continuity of operations and disaster recovery planning, risk analysis methodologies, and test methodologies for contingency plans and security controls.
  • Interfaced with senior management on policy interpretation and presented recommendations for approval. Coordinated with other Mission Directorates, Programs, and Projects to ensure consistent application and implementation of standards.
  • Established a management control and communications process to ensure IT Security Program was implemented consistent with the NASA Centers, the Exploration Systems Mission Directorate (ESMD), and the Agency security strategies and policies.
  • Provided leadership to IT security team and contractor community for resolution of IT security issues and implementation of process improvements from lessons learned.

Head Strategic Planning and program Manager

ABSA Business Bank
Johannesburg, Gauteng
04.2008 - 03.2012

Senior Project Manager

Telkom South Africa
Pretoria, Gauteng
01.1988 - 01.2007

Education

MBA - Technology And Innovation

University of Wales, Global
01.1997 - 12.2001

Associate of Applied Science - Mathematics/Physics

University of Witwatersrand, Johannesburg

Skills

  • Certified Information Systems Security Professional (CISSP) - 2002
  • Certified Information Security Manager (CISM) - 2005
  • Information Systems Security Management Professional (ISSMP) - 2005
  • Certified Federal Enterprise Architect - 2010
  • Governance, risk & compliance (GRC)
  • Project management
  • Information protection and analysis
  • Security information and event management (SIEM)
  • Risk assessment & compliance
  • Intrusion detection/prevention systems (IDS/IPS)
  • Application white listing
  • Data loss prevention (DLP)
  • Disaster recovery planning
  • Vulnerability management

Accomplishments

Leadership

  • Developed and implemented enterprise security strategy and framework that consists of strategically integrated elements of NIST risk management and Cybersecurity frameworks, SANS Critical Controls, ISO/IEC 27001/27002 and COBIT 5 for Information Security.

Strategy and Planning

  • Developed and communicated Acceptable Use policy, Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policy, and many other security policies and standards to all users.
  • Established policies and procedures for system administrators to perform operating system and application patching.

Team Collaboration

  • Collaborated with large departments to establish enterprise security framework to accomplish common IT security objectives and leverage common tools to reduce costs.
  • Coordinated the activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.

Project Management

  • Managed the implementation of Enterprise IT Security Framework “Quick Wins” Road Map based on SANS Critical Controls “First Five” controls.
  • Managed IT Certification & Accreditation (C&A) program implementing automated tools to realize efficiencies and significant cost savings for C&A process, including developing IT security plans and processes.
  • Managed IT asset management and configuration management project implementing VmWare vCenter Configuration Manager (VCM) tool, defining enterprise IT inventory processes (using ITIL), automating system patching capability and significantly improving IT configuration management.
  • Managed Pooled Workstations project implementing a virtual pooled engineering workstation environment (blade workstations in the Engineering Data Center) that enables remote connectivity from standard computers to perform processor and graphic intensive engineering analysis (i.e., ProE, MathCad, MathLab…). Realized cost savings due to the reduction of high-performance engineering workstations from 500 to 200.

Timeline

Head of Security SEA and MENA - MTN
02.2022 - Current
Regional Security Manager MENA - MTN
09.2017 - 02.2021
Head Portfolio Change Manager - Standard Bank of South Africa
06.2012 - 07.2017
Head Strategic Planning and program Manager - ABSA Business Bank
04.2008 - 03.2012
University of Wales - MBA, Technology And Innovation
01.1997 - 12.2001
Senior Project Manager - Telkom South Africa
01.1988 - 01.2007
University of Witwatersrand - Associate of Applied Science, Mathematics/Physics

Similar Profiles

CREATE PROFILE
Lucille BritzSecurity Head