Summary
Overview
Work History
Education
Certification
Timeline
Generic
Blaise Ntwali

Blaise Ntwali

Information Security Officer
Johannesburg

Summary

Information and Cyber Security professional with over 9 years of progressive experience in managed services, finance services, and academia. Proven expertise in identifying security risks, audit, compliance issues, and vulnerabilities, along with the ability to develop resilient mitigation strategies and solutions.
I am a motivated and analytical leader with a strong aptitude for quickly mastering complex tasks and delivering innovative solutions. My experience includes leading projects that align security architecture with industry standards and business objectives, ensuring that security strategies support overall business goals.
Recognized for my technical acumen, leadership capabilities, and strong interpersonal skills, I excel in leading and supporting cross-functional teams.

Overview

2025
2025
years of professional experience
8
8
years of post-secondary education
10
10
Certifications

Work History

Information Security Officer

Standard Bank Group
5 2023 - Current
  • Lead the implementation of the Cyber Resilience strategy across Standard Bank's Business Lending Solutions, Data and Personalization, Card Acquiring and Merchant Solutions, and Automation and Robotics in Business and Commercial Banking.
  • Lead platform security and ecosystems, third-party integrations, and sensitive data, protecting applications and supporting infrastructure from cyber incidents.
  • Drive the development and enforcement of security policies, standards, and controls to prevent reputational and financial losses, ensuring compliance with regulatory requirements (PCI DSS, GDPR and the POPIA Act) and ensure there are no repeated audit findings.
  • Coordinate with external auditors to ensure successful completion of annual regulatory compliance audits. Led the PCI DSS program for Standard Bank group shared security services and was successfully certified.
  • Spearheaded cybersecurity awareness training programs for employees, fostering a culture of security-conscious behavior across the company.
  • Lead efforts to improve the bank’s security posture, particularly in endpoint and server security, logical and privileged access management, and patch and vulnerability management,cloud security, API security, certificate management and security, DevSecOps,internal and external penetration testing, threat modelling and risk management. The set KPI and score cards (>= 95%) for security controls were achieved for 2023 and 2024.
  • Managed incident response activities, successfully containing and remediating multiple cyber threats in a timely manner. Zero material cyber incidents during my tenure.
  • Guided the successful migration of critical systems and data to cloud-based platforms, implementing robust security controls for ongoing protection.
  • Develop security strategy that is aligned to business goals and objectives. Furthermore, report to the CIOs, get support, budget and approvals.
  • Conduct risk assessments for critical business processes, identifying areas requiring additional safeguards or procedural improvements.
  • Oversee vendor risk management efforts, ensuring third-party providers met organizational security requirements before granting access to sensitive data or systems.

Lead Cyber Security Analyst

Standard Bank
2 2021 - 5 2023
  • Provided leadership for the Cyber Security Incident Response Team across Standard Bank Group, covering South Africa and other African regions.
  • Led the cyber automation team to streamline security workflows by automating manual tasks.
  • Developed incident response playbooks addressing the top five risks in the Bank, as well as cloud-specific playbooks for AWS and Azure, which are actively used to identify, triage, contain, remediate, and recover from cyber incidents.
  • Prepared detailed incident reports for senior management and executives, facilitated post-mortem reviews, and conducted a thorough threat and root cause analyses.
  • Collaborated with stakeholders to safeguard the Bank’s assets from emerging threats. Developed and implemented SOC detection use cases aligned with the MITRE ATT&CK framework, and conducted dynamic malware analysis to extract Indicators of Compromise (IOCs).
  • Led a successful implementation of Microsoft E5 security stack across Standard Bank without causing operational impact.

Information Security Analyst

Capitec Bank
09.2018 - 01.2021
  • Led cyber incident management and response efforts, successfully containing incidents and implementing improvements based on lessons learned.
  • Conducted vulnerability management scans and escalated findings to system owners for patching.
  • Developed Security Operations Center (SOC) alert use cases, reports, and dashboards while monitoring and detecting anomalous behavior.
  • Enhanced incident response readiness through simulations and testing.
  • Led digital forensic investigations and collaborate with the South African Police Service for insider cyber risks.

Information Security Engineer

Nclose
06.2015 - 09.2018
  • Delivered tailored security solutions and services to clients, including Allan Gray, Direct Axis, and Cape Union Mart, ensuring alignment with their security and business strategies.
  • Provided expert consultation on cyber and information security.
  • Conducted security audits to identify and mitigate cyber risks.
  • Represented clients during change control processes, ensuring successful implementation of technical changes.
  • Implemented Endpoint Detection and Response, Antivirus and web proxy across the Bank's estate; monitored and reported on compliance in the Monthly Managed Service Reports.
  • Regulated data access to prevent exfiltration, and developed mitigation plans to address and prevent security violations by end users.

Education

Master of Commerce - Masters in Information Systems

University of Cape Town
Western Cape, South Africa
02.2018 - 12.2019

Honours Degree - Honours in Information Systems

University of Western Cape
Western Cape, South Africa
01.2015 - 11.2017

Bachelor of Science - Bachelor of Science in Information Systems And Statistics

Rhodes University
Eastern Cape, South Africa
01.2012 - 12.2014

Certification

CISSP - Certified Information System Security Professional by ISC2

Timeline

CISSP - Certified Information System Security Professional by ISC2

10-2024

CISM - Certified Information Security Manager by ISACA

10-2021

Standard Bank Group Beyond Excellence Achiever in the years 2021,2022, 2023 and 2024

06-2021

Golden Key Member (Recognised as top 15% of academic achievers in the masters program)

01-2021

Purple Team Adversary Simulation Lab (Cyber Offence vs Defense) by CyberWarFare Labs

11-2020

Capitec Bank Data and Analytics Academy Graduate

08-2020

Certified Cloud Practitioner by Amazon Web Services (AWS)

06-2020

Mimecast Gateway Technical Professional

03-2020

Mimecast Technical Specialist

03-2020

Information Security Analyst

Capitec Bank
09.2018 - 01.2021

Master of Commerce - Masters in Information Systems

University of Cape Town
02.2018 - 12.2019

Intel Security Certified Product Specialist - Security Information and Event Management (SIEM)

05-2016

Information Security Engineer

Nclose
06.2015 - 09.2018

Honours Degree - Honours in Information Systems

University of Western Cape
01.2015 - 11.2017

Bachelor of Science - Bachelor of Science in Information Systems And Statistics

Rhodes University
01.2012 - 12.2014

Information Security Officer

Standard Bank Group
5 2023 - Current

Lead Cyber Security Analyst

Standard Bank
2 2021 - 5 2023
Blaise NtwaliInformation Security Officer