Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
LANGUAGES
Affiliations
CAPABILITY SUMMARY SECTION
Career highlights
Timeline
Generic

David F. Sebyala

London

Summary

Results-oriented achiever with proven ability to exceed targets and drive success in fast-paced environments. Combines strategic thinking with hands-on experience to deliver impactful solutions and enhance organizational performance.

Demonstrates strong analytical, communication, and teamwork skills, with proven ability to quickly adapt to new environments. Eager to contribute to team success and further develop professional skills. Brings positive attitude and commitment to continuous learning and growth.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Cyber Security Consultant

Aenova Pharma
07.2024 - 03.2025
  • Delivered an Audit ready environment, prepared to pass an external ISO 27001:2022 audit.
  • ACHIEVEMENTS.
  • Contributed significantly to the successful ISO 27001:2022 certification of a multinational pharmaceutical manufacturer by supporting critical project components.
  • Spearheaded the development and execution of remediation plans addressing non-conformities (NCs) and opportunities for improvement (OFIs) across seven global manufacturing sites.
  • Ensured full compliance with ISO certification requirements by aligning OT environments with IEC 62443 standards resulting in passing external ISO Certification Audit.
  • Partnered with IT security teams to evaluate and implement robust cybersecurity controls for operational technology (OT) systems meaning that required vendor patching could be monitored.
  • Collaborated with site Information Security Officers (ISOs) to resolve audit findings and compile comprehensive compliance documentation.
  • Led stakeholder engagement efforts to drive alignment with security protocols and promote a culture of compliance resulting in cohesive effort to satisfy compliance and enabling cross-site coordination and timely status updates.

Cyber & Information Security Lead

ISPIN
02.2022 - 06.2024
  • Company Overview: (MSSP to Financial Services, Retail)
  • Managed delivery of an enhanced client security posture by implementing tailored cybersecurity use cases deployed on Carbon Black, identifying potential vulnerabilities.
  • ACHIEVEMENTS
  • ManaReduced end-user susceptibility to phishing attacks by designing and launching effective phishing simulations and targeted security awareness programs.
  • Led secure cloud migrations to Microsoft Azure, implementing strong access controls and deploying custom cloud infrastructure use cases.
  • Revised and standardized security policies across multiple client sites, achieving compliance with corporate and regulatory standards.
  • Developed and managed phased roadmaps for cybersecurity enhancements, with measurable progress tracking to ensure timely execution.
  • Published global cyber threat advisories, increasing organizational awareness and readiness against emerging cybersecurity threats.
  • Delivered ITIL-aligned service reporting, providing actionable insights that improved transparency, customer satisfaction, and service quality.
  • Scoped and managed end-to-end security projects, coordinating stakeholders and delivering results that met both security and business needs.
  • Spearheaded identity management solutions in Azure, including the development and deployment of security-focused use cases.
  • Oversaw Security Operations Center (SOC) services, including threat hunting, vulnerability scanning, patch management, and incident response.
  • Network intrusion, vulnerability scanning & remediation, association for PenTest teams.
  • Performed Root Cause Analysis (RCA) on critical incidents, enabling long-term remediation and prevention strategies.
  • Designed and facilitated crisis response workshops, including tabletop exercises to improve readiness for major incident scenarios.
  • Evaluated emerging technologies and recommended strategic investments to strengthen the organization''s information security posture.
  • Managed vendor relationships for outsourced services related to information security, ensuring alignment with organizational goals and priorities.
  • Managed cross-functional teams to ensure timely delivery of information security projects, improving overall data protection.
  • Collaborated with external partners to share insights on emerging threats, enhancing collective defense strategies against cyberattacks.

Cyber & Information Security Lead

Avaloq
01.2020 - 01.2022
  • Company Overview: (Financial Services)
  • Led the outsourcing of key security services and the implementation of a Cyber Security Operations Centre (CSOC) Target Operating Model (TOM), serving as the primary liaison with the Managed Security Service Provider (MSSP).
  • ACHIEVEMENTS
  • Developed and enforced group security policies, procedures, and controls for vulnerability scanning, penetration testing, and network packet analysis, ensuring GDPR compliance and data privacy through data classification and Data Loss Prevention (DLP).
  • Planned global log ingestion in collaboration with IT architects to enhance security monitoring capabilities.
  • Strengthened email security via advanced gateways and phishing simulation tools providing improved employee awareness and reducing threats.
  • Documented High-Level Designs (HLD) for MSSP vendor collaboration resulting in ensured operational compliance with offshore teams.
  • Delivered major incident coordination, problem management analysis, and ISO27001-aligned SOC security standards across multiple domains contributing to improved security posture.
  • Managed stakeholder engagement across Governance, Risk, and Compliance (GRC), as well as contract negotiations for MSSP onboarding providing clear guidelines for ongoing external engagements.

Senior Project Manager, Cyber

Credit Suisse
04.2019 - 12.2019
  • Company Overview: (Investment Bank)
  • Delivered a new insider threat capability (EXABEAM) in partnership with an external provider, mitigating risks through advanced behavior analytics and data exfiltration prevention (DLP).
  • ACHIEVEMENTS:
  • Enhancing the security landscape by introducing innovative technologies and improving existing threat modelling and use cases resulting in provision of acceptable behavior baseline.
  • Improved Identity and Access Management (IAM) through audit initiatives on AD resulting in assuring that only authorized persons gained access to corporate systems.
  • Designed data exfiltration mitigations and insider threat workflows, resulting in strengthening the overall security framework.

Dep. CISO

ABB
12.2017 - 02.2019
  • Company Overview: (Automation Industry)
  • Spearheaded the establishment of a Security Defence Centre, combining internal and external capabilities to enhance the organization's cybersecurity footprint.
  • ACHIEVEMENTS
  • Delivered a strategic technology overhaul, including cloud migration to AWS and the implementation of a Data Lake for centralized log collection and analysis.
  • Defined IT security priorities, managed threats, and enhanced the policy controls framework aligned with ISO27001 standards.
  • Project Planning: Assist in planning and scheduling OT-related projects, ensuring alignment with business objectives and timelines.
  • Regulatory Compliance: Ensure that OT systems comply with relevant industry standards and regulations (e.g., ISO, NIST, IEC 62443, etc.).
  • Standardized security incident management workflows, vendor relations, and encryption protocols.
  • Improved operational visibility across technology domains with architectural blackspot analysis and HLD/LLD design.
  • Directed security awareness initiatives, including phishing campaigns and training on emerging cyber threats.
  • Managed Red Team penetration testing, privileged access using IBM PAM, and offshore SOC activities, ensuring alignment with business objectives.
  • Supported divestiture of the Power Grids division to Hitachi, focusing on secure data transfer and compliance with ITIL disaster recovery principles.

IT Security Consultant

AXA Tech
06.2017 - 12.2017
  • Company Overview: (Financial Services)
  • Led a Security and Business Change Management Programme, successfully streamlining expiring security solutions for firewalls, mail gateways, and proxy gateways.
  • ACHIEVEMENTS
  • Redesigned global rollout processes based on comprehensive policy framework analysis, integrating defined KPIs and SLAs.
  • Revamped security policies and operations guidelines align with ISO 27001 standards.
  • Produced High-Level Designs (HLD) for firewall rule flows and dependencies, driving clarity and efficiency in implementation.
  • Delivered migration plans for mail and gateway proxies, ensuring continuity and alignment with organizational goals.
  • Defined new security roles and responsibilities to reflect updated processes.
  • Improved governance through Programme Steering Committee oversight, enabling risk and compliance transparency with senior stakeholders.
  • Enhanced infrastructure management efficiency, reducing operational costs and improving service delivery.
  • Served as a key point of contact for clients and internal stakeholders, providing expert guidance on all aspects of cybersecurity risk management.

Service Delivery Director | Programme Manager

Swiss Re Shared Product Services (SPS)
08.2014 - 04.2017
  • Company Overview: (Insurance)
  • Managed Business Transformation and ITIL Service Management projects, including service design, SOC organization target operating models, and infrastructure integration.
  • ACHIEVEMENTS
  • Developed and implemented a service catalogue, enabling streamlined service ordering and reducing infrastructure maintenance overheads.
  • Established Central Mission Control Support for offshore SOC operations and centralized global responsibility for security incident management.
  • Delivered new service processes for reporting, achieving leaner infrastructure maintenance.
  • Took over and successfully managed critical infrastructure projects plagued with delays, budget overruns, and implementation difficulties.
  • Directed vendor contract evaluations and renewals, ensuring efficient resource allocation.
  • Enhanced product delivery for life insurance products using Agile methodologies.

Interim Director/Consultant

Credit Suisse
02.2014 - 08.2014
  • Company Overview: (Investment Bank)
  • Delivered high-transaction security solutions, including the redesign and implementation of a global SIEM logging solution (SPLUNK) for faster log analysis and operational responses to cyber threats.
  • ACHIEVEMENTS
  • Managed group strategy delivery in Secure & Control Technologies across UK, Switzerland, and US regions.
  • Improved data protection assurance through enhanced ISMS and real-time log analysis.
  • Implemented CyberArk and Cloakware for robust access management and break-glass procedures.

Senior IT Security Programme Manager

UBS
07.2012 - 12.2013
  • Company Overview: (Investment Bank)
  • Directed a comprehensive security business change program, formulating a strategic roadmap for security services and coordinating a major merger in the Wealth Management Division.
  • ACHIEVEMENTS
  • Facilitated operational re-engineering using ITIL and SDLC methodologies, ensuring compliance with audit regulations and creating a clear responsibility matrix.
  • Consolidated Security Operations and Technology into a Global Security Organization, increasing efficiency and reducing operating costs across Europe, Asia, and the U.S.
  • Implemented SDLC rollout for Wealth Management in conjunction with Agile practices, streamlining security transformations.
  • Improved transparency into security issues through enhanced Product Support management from engineering to operations.

Education

MBA -

MBA Org
Zurich
11.2017

Skills

  • Cybersecurity Leadership (CISO)
  • Risk & Compliance Management
  • Regulatory Compliance
  • GRC frameworks
  • NIST
  • ISO 27001:2022
  • Information Security
  • ITIL Service management & implementation
  • Vulnerability analysis
  • Analytical thinking
  • NIST frameworks
  • Identity management
  • Threat intelligence

Accomplishments

    DR, AENOVA PHARMA

    David Sebyala was in the employ of Aenova Pharmaceuticals through our supplier D-Ploy.

    achieved results with accuracy and efficiency in following aspects:

    · Assisting on critical components of ISO 27001:2022 certification project Aenova

    · Had input into project plans to address non-conformities (NCs) and opportunities for improvement (OFIs) across seven manufacturing sites

    · Work closely with IT security teams to assess and implement cybersecurity measures for OT systems (patching).

    · Collaborated closely with site Information Security Officers (ISOs) to resolve outstanding issues and consolidate evidence for compliance.

    · Conducted stakeholder engagement initiatives to ensure adherence to security protocols.

    · Delivered regular updates to global ISO leadership, ensuring smooth coordination across locations.

    His duties were executed faithfully, and I would recommend him for any similar position in the future.

    SB, SwissRE

    David is a fast thinker. He has the rare ability to see trough complexity right to the relevant points. He then plans and then very gently assembles followers to move and never stop until the goal is reached. He presents confidently and clearly to top management audience and manages stakeholders effectively. He embraces changes and challenges and has an extremely high intrinsic motivation. David is a partner you can rely on! It was a pleasure to work with him!

    SA,Avaloq

    David is a great person to have in a project team. His expertise and experience contributed significantly in defining, planning and the setup of the target operating model for our Cyber Security Operations Center.

    He led the MSSP RFP and Vendor selection process from start to the end. This activity included defining the scope of the service, drafting the RFP Document, selecting and communicating with vendors, setting up and moderating presentations for various Stakeholder. He has excellent communication skills and was always willing to go the extra mile to satisfy the project requirements.

    Personally, i really enjoyed working with David as he is a great asset to have in a Team

    MS,ABB

    While in ABB, David was originally reporting to me in his program for 2nd generation SOC. David proved to be competent, well-organized and truly professional in his program management. I can recommend David, especially for complex and challenging programs with multiple stakeholders and dynamic environment.He has the competence to create realistic budgets and timelines as well as communicate efficiently with different organizational levels.

Certification

  • Certified ITIL v3 & v4
  • Microsoft Certified: Azure Cloud Security
  • CISSP
  • Certified SCRUM Master
  • PRINCE2 Project Management Certification
  • ISO 27001:2022
  • OT Security

LANGUAGES

English: C2
Proficient
German: C1
Advanced
French: B1
Intermediate

Affiliations

  • Member, British Computer Society (MBCS)
  • Chartered IT Professional (CITP)
  • Practitioner, Institute of Service Management (PriSM)

CAPABILITY SUMMARY SECTION

  • Security strategy, driving innovation, and fostering a culture of continuous security improvement.
  • Expertise in Risk Analysis.
  • Regulatory Compliance (GRC) frameworks such as NIST, ISO 27001:2022.
  • Assessments of enterprise infrastructure, identifying vulnerabilities, and implementing effective mitigation plans.
  • Awareness in Azure Cloud Security, IAM/PAM solutions, and SOAR system implementations, Cloud migration.
  • Overseeing Incident and Problem Management processes, owning Post Incident Reviews (PIR), and third-party service delivery.
  • Change Management representative on CAB.
  • In-depth knowledge of MITRE ATT&CK, NIST, ISO 27001:2022, and CISSP domains, Agile and ITIL methodologies.
  • Change Management, Vendor Management, and strategic Roadmap Development.

Career highlights

use ISPIN

Avaloq

ABB

AXA

Timeline

Cyber Security Consultant

Aenova Pharma
07.2024 - 03.2025

Cyber & Information Security Lead

ISPIN
02.2022 - 06.2024

Cyber & Information Security Lead

Avaloq
01.2020 - 01.2022

Senior Project Manager, Cyber

Credit Suisse
04.2019 - 12.2019

Dep. CISO

ABB
12.2017 - 02.2019

IT Security Consultant

AXA Tech
06.2017 - 12.2017

Service Delivery Director | Programme Manager

Swiss Re Shared Product Services (SPS)
08.2014 - 04.2017

Interim Director/Consultant

Credit Suisse
02.2014 - 08.2014

Senior IT Security Programme Manager

UBS
07.2012 - 12.2013

MBA -

MBA Org

Similar Profiles

CREATE PROFILE
David F. Sebyala