Zanele Ngwamba

Technology & Cybersecurity Audits

• Lead and execute technology and cybersecurity audits, ensuring alignment with internal audit plans and regulatory requirements.
• Assess the effectiveness of IT controls, cybersecurity frameworks, and risk management processes.
  

Risk Assessment & Assurance

• Identify, evaluate, and prioritize IT and cybersecurity risks across the organisation.
• Provide assurance on IT governance, compliance, and risk mitigation strategies.
  

Regulatory & Compliance Oversight

• Ensure compliance with industry regulations (e.g., ISO 27001, NIST, GDPR, PCI-DSS) and corporate policies.
• Collaborate with compliance teams to address audit findings and regulatory gaps.
  

Incident Response & Forensic Investigations

• Evaluate incident response capabilities and recommend improvements.
• Support forensic investigations related to cybersecurity breaches and data integrity issues.
  

IT Governance & Framework Evaluation

• Assess the effectiveness of IT governance frameworks (COBIT, ITIL, NIST).
• Provide recommendations to enhance IT strategy and cybersecurity posture.
  

Data Analytics & Emerging Technology Risks

• Utilise data analytics to enhance audit efficiency and identify anomalies.
• Evaluate risks associated with emerging technologies, such as AI, cloud computing, and blockchain.
  

Stakeholder Engagement & Advisory

• Provide insights and advisory to senior management on IT and cybersecurity risks.
• Communicate audit findings and recommendations to key stakeholders, including executive leadership and audit committees.
  

Continuous Improvement & Best Practices

• Stay updated on cybersecurity trends, frameworks, and emerging threats.
• Develop and implement best practices to enhance internal audit methodologies.
  

Audit Team Leadership & Development

• Mentor and develop audit staff on IT and cybersecurity risk assessment techniques.
• Lead cross-functional teams in conducting technology-related audits.
  

Third-Party & Vendor Risk Management

• Assess cybersecurity risks associated with third-party vendors and cloud service providers.
• Ensure vendor contracts and SLAs align with security best practices.

• Develop and implement cybersecurity strategies aligned with business objectives and industry best practices.
• Establish and enforce security policies, standards, and frameworks to protect critical assets.
• Ensure compliance with regulatory requirements (ISO 27001, NIST, GDPR, PCI-DSS, SOC 2).
• Conduct and oversee penetration testing for networks, applications, APIs, and cloud environments.
• Implement a robust vulnerability management program, ensuring timely identification, risk assessment, and remediation of security flaws.
• Utilise threat intelligence to proactively address potential attack vectors.
• Assess the Design and implementation of cloud security controls for AWS, Azure, and Google Cloud.
• Ensure compliance with cloud security frameworks such as CIS Benchmarks, NIST CSF, and CSA CCM.
• Assess Zero Trust security initiatives, ensuring least privilege access and continuous monitoring.
• Assess IAM solutions, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM).
• Review role-based access controls (RBAC) and identity lifecycle policies.
• Assess unauthorised access through continuous identity governance.
• Design and review security architectures for enterprise IT, cloud, and OT/IoT environments.
• Conduct risk assessments, gap analyses, and security audits to identify areas for improvement.
• Advise clients on cyber resilience strategies to mitigate advanced persistent threats (APTs).
• Assess threat intelligence programs to proactively detect and mitigate emerging cyber threats.
• Use AI-driven threat hunting techniques to identify stealthy and advanced threats.
• Collaborate with external security intelligence networks to strengthen cyber defenses.
• Lead cybersecurity training and awareness programs for employees and clients.
• Conduct phishing simulations and social engineering tests to assess employee security behavior.
• Provide best practices and security guidance to development and operations teams.
• Work closely with clients to understand their cybersecurity needs and design tailored solutions.
• Serve as a trusted security advisor, providing insights on emerging threats and regulatory changes.
• Support digital transformation initiatives by ensuring security is embedded in new technologies.
• Manage and mentor cybersecurity teams, ensuring skill development and performance excellence.
• Oversee security project delivery, ensuring alignment with scope, budget, and timelines.
• Collaborate with cross-functional teams, including IT, compliance, and legal, to achieve security objectives.

[+] Information Systems Auditing in client's network.

[+] Ensuring Information Security best practices are implemented and adhered to.

[+] Developing and implementing a comprehensive plan to secure our computing network.

[+] Monitoring network usage to ensure compliance with security policies.

[+] Works with incident response teams to identify and monitor security threats to an organization’s cyber systems.

[+] Keeping up to date with developments in IT security standards and threats.

[+] Performing penetration tests to find any flaws.

[+] Collaborating with management and the IT department to improve security.

[+] Documenting any security breaches and assessing their damage

[+] Educating colleagues about security software and best practices for information security.

[+] Telco & Cyber Security Assessments through:

[*] GDPR & Popia based assessments.

[*] Mobile Services(IMS, Radio Interface Security, Node Configuration Reviews, 5G Security Aspects).

[*] Fixed Line Network Security Assessments, Revenue Leakage Analysis, Threat Modelling, Vulnerability Management, Threat Intelligence & Hunting.

[*] Hardware Penetration Testing, IT Infrastructure, Android Applications, Web Applications ,API, Smartphone, Customer Premises Equipment(Routers, Switches, IoT devices).

[+] Perform penetration tests against internal and external facing systems.
[+] Provide input to improve the quality and effectiveness of tests in a highly scaled and global environment.
[+] Articulate complex technical risks through creation of reports and delivering presentations to key stakeholders.
[+] Work with the SecOps teams to test the orchestration and automation processes and platforms, feed results into a testing program.
[+] Support the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing.
[+] Provide comprehensive technical expertise with web application and database vulnerability testing
[+] Support the development of the security automation framework and the implementation roadmap.

[+] Form part of the Cyber Security Offence team

[*]Operational capacity planning

[*]Co-ordinate and schedule scoping sessions amongst system stakeholders and technical contacts

[*]Solution and white-boarding of systems to be assessed

[*]Ability to assess various technologies and systems across diverse and innovative API’s (web services), web applications, mobile applications, thick thin clients, cloud as well as general network Infrastructure environments

[+] Develop, implement, and execute on the Offence team’s strategic objectives

[*]Assist in the development of the annual Cyber Security Team strategy

[*]Contribute with implementation plans aligned to the annual Cyber Security Team strategy

[*]Support the delivery of these plans by the Offence team members

[*]Ensure the timely execution of the implementation plan to the agreed standard

[*]Coordinate and negotiate with other internal IT and business teams to meet Defence team objectives

[*]Propose ideas solutions based on research and development

[+] Provide Cyber Security consulting to the business

[*]Provide professional advice and expertise to the organisation in the following areas:

[-]Cyber Security Testing

[-]Cyber Risk Identification and Remediation

[-]Cyber Attacker Tools, Techniques, and Procedures

[-]Innovation towards automation in key areas of testing

[*]Contribute to technical security standards and policies

[*]Cyber Security Technical advisor and subject matter expert

[*]Coordinate and negotiate with internal IT and business teams to meet objectives

[*]Raise Cyber Security awareness within the Bank

[*]Influence the Secure Dev Ops culture of the bank and its development initiatives

[*]Provide insightful reporting on assessments and articulate the risk back to business

[+] Expand the capabilities of the Offence team

[*]Identify the business’s Cyber Security needs and expectations, extend the Offence team’s services and capabilities to support the business initiatives

[*]Monitor the external and internal threat landscape, with a view to continuously improve upon the Offence team’s skills and capabilities

[*]Specifically improve existing API’s (web services), web mobile application, cloud and general network infrastructure and service security testing capabilities

[*]Foster relationships with business units and ISO partners

[+] Improve the Offence team’s Cyber Security testing services

[*]Manage security testing engagements through the security assessment lifecycle

[*]Perform or provide oversight and mentoring for technical risk assessments

[*]Co-ordinate assessments with internal and external stakeholders

[*]Collaborate in third-party security testing engagements

[+] Collaborate with the cyber-security Defence team

[*]Foster and maintain the strong collaborative environment between the Cyber Security teams

[*]Conduct table-top exercises to test the Defence team’s incident response policies and procedures

[*]Participate in technical “purple team” and “red vs blue” exercises

[+] Incident Management

[*] Data Loss Prevention incidents

[*] System Configuration Management violations

[*] Performance degradation from malware

[*] Spam handling (Analysis and Reporting)

[+] Logical Access Management

[+] Change Management

[*] Security Patch Management

[*] SCM integrity checks

[+] Service Level Management

[*] OLA and SLA performance that relate to back office and service providers.

Gather, interpret and document the requirements for the development, delivery and support of quality IT/IS solutions for the relevant business area or customer through various types:

Understand the business strategy and plans for work that has been allocated.

Gather business requirements through various methods such as initiating

interviews, document analysis, requirements workshops, surveys, site visits,

business process descriptions, use cases, scenarios, business analysis and

task workflow analysis.

Translate business requirements (Functional and non-functional) and plans into

IS/IT artefacts ( High level demand analysis, User Requirements

Specification(URS), Functional requirements specification, use cases, test

cases and plans, or other required IT governance documentation). Propose

option/s & solution/s to meet customer requests.

Analyze work practices and processes and identifying improvement

opportunities to increase capabilities and/or productivity where relevant.

Identify business environment changes, projects and initiatives and their

impact on broader spectrum of business operations where relevant.

Facilitate alignment of IT solutions/systems to the Group IT strategy

and roadmaps.

Represent Group IT by participating in relevant various business

interventions where relevant.

Obtain business approvals for relevant documentation.

Provide project support in terms of:

Provide input to change management and communication plan.

Provide input to training material and training efforts coordination.

Assist with User acceptance testing coordination.

Perform sit readiness assessment with allocated area of responsibility through Project Communication to the business, Business prioritization alignment and follow up with business and site roll out facilitation.

Provide Project Management support as per relevant process/processes

within allocated area of responsibility:

Population of required project related documentation.

Obtaining of relevant approval.

Monitoring of project according to relevant PLCM

Customer Liaison by:

Coordinating all customer relations, demands and request for customers.

Ensuring customer visits so that customer needs form the basis of all SLA’s.

Advising customers on services provided by attending operational forums.

Advising Group IT customers on new services and technology requirements.

Advising Group IT customers of best utilization of commercial software.

Monitor services delivered by:

Monitoring all operational activities within service level agreements.

Coordinating the process to establish and resolve non-conformance.

Obtaining customer feedback on service provided.

Business demand facilitation by assisting BRM with managing demands

and requests for/from customers.

Implement SLA’s in business by:

Ensuring that both customers and service providers implement processes to

manage the service and performance criteria of the agreement. Communicating

to all stakeholders with regards to changes of a particular SLA. Analysing and

interpreting monthly reports on actual performance vs SLA criteria. Providing

financial reporting on payment to service provider’s vs actual service delivered.

Performing service delivery audits and report deficiencies.

Preparation of audited data in Excel and Access for further manipulation by data

officers and regional staff.

Drawing data related reports in Access, SQL talk and SQL plus.

Assist with upload and download of; customer data to and from CRP.

Development of small ad-hoc queries with Access front-end to be used by data

officers / temporary resources.

Business Improvement Projects

Do gap analyses of the monitoring system and business support structures, and

clearly map the to-be process that support the upgrades as per BRS document

Involvement and understanding of the IM application system problems solution

process.

Installation of software.

Liaise with developers for any system problems.

USVD monitoring and solution process.

Grant access to users according to security standards.

Update and auditing of system user lists.

Help in Design and Maintaining the IM Web site

Perform testing of new and upgraded versions of systems.

Facilitate System training for new users.

Help in the development of IM related system training manuals.

Perform system performance audits.