Qualification (including Matric) Institution Date ND Information Technology( 3 years) Tshwane University of Technology May 2001 B. Tech Information Technology Tshwane University of Technology May 2006 CISA ISACA January 2008 SABSA Foundation SABSA Courses August 2015 Master’s in Business Leadership (MBL) UNISA School of Business Leadership Awaiting Final Results **Summary ** Self-motivated, focuses on what must be achieved proposing and deciding on course of action. She has a pragmatic approach to strategic solutions and places attention to detail. Nompumelelo excels at developing relationships with her clients, internal and external stakeholders and professionals at all levels. Her extensive exposure in different environments enables her to be flexible, confident and self-managed. **Work experience ** **IT Security Manager ROA 14 November 2016 - Present Standard Bank ** • Develop and maintain relationships with key stakeholders to further embed the partnership that exists between IT Security, IT and the business. • Research and maintain knowledge of the IT threat landscape, security trends, regulatory requirements, new technologies and best practices in order to provide sensible and pragmatic security advice to stakeholders. • Provide ad-hoc consulting and engagement with various business units on secure, cost effective and practical control implementations across various platforms and/or systems. • Facilitate the adoption of IT Security solutions e.g. privilege user management or access management processes and services e.g. IT Security risk assessments and penetration tests. • Provide adequate IT Security input into all technology solutions; this includes the requirements for the evaluation, selection, installation, configuration and maintenance of hardware, applications and software. • Develop an effective line of business IT Security strategy that supports and enables business strategy. • Advise IT business partners on regulatory and/or legal requirements as it relates to securing of data as well as assist with the implementation of the controls to support these requirements. • Establish relevant metrics and management information to facilitate reporting and decision making. • Facilitate the reduction in the number and impact of IT Security incidents. • Act as a single point of contact for IT security risks, incidents and controls within the business units. **Information Risk Specialist 01 May 2015 – 11 November 2016 Standard Bank ** • Define the necessary directives to drive information risk management (IRM) on major business initiatives / projects. • Develop and maintain the IRM Controls Library with toolset to enable control evaluation and selection. • Build control assurance requirements for agreed controls to enable GIRO and Integrated Operational Risk (IOR) ongoing control assurance activities • Drive IRM on allocated strategic initiatives through: • Driving the IRM life cycle (risk assessment, control identification, control selection, control design, build, test and implementation) • Reporting IRM process effectiveness and efficiency status per initiative, covering both current status and overall trend • Escalating risk and control issues including inadequate risk management practices, new unmanaged risks, major initiative changes and significant initiative / project issues • Ensure the applicable, risk based reuse of IRM recommended controls, including strong authentication of people and systems, isolating information flow, improving intelligent monitoring, managing identity, managing data leakage and confidentiality, ensuring secure systems configuration. **IT Audit Manager: April 2008 - April 2015 Standard Bank ** Started off as Junior Manager at Standard Bank and got promoted to middle manager in 2010. My role on each of these audits was to manage, review, assist with fieldwork, communicate findings to management and draft the final report. I also maintained a relationship with the IT Enabling Functions to ensure that Group Internal Audit understands their business and adequately scope audit that will address risks faced by this portfolio. **Information Security Consultant Deloitte & Touche February 2004 – March 2008 (4 years 1 month) Provide Information Security and Audit Control Services to various clients. Function included; Develop Information Security Policies, Information Security Awareness Campaigns, Perform threat and vulnerability assessments and Sarbanes Oxley audits. Process re-engineering with focus on risk and controls. Clients included ABSA, Standard Bank, SAB, and Multichoice to name a few. **IT security Internship SITA and UMSOBOMVU Youth Fund ** January 2003 – January 2004 (1 year) This was an initiative between SITA and UMSOBOMVU Youth Fund to create an internship programme that will train the qualifying incumbents in Information Security. The programme consisted of 6 months of theoretical training and 6 months practical training with a government department. I was successfully placed at the Department of Land Affairs Gauteng Provincial Office in Pretoria to provide IT and Network Administration Support under the guidance of the Senior Network Manager at the time. **Headspace Solutions May 2001 – September 2002 (1 year – 4 months) ** Headspace was an IT (Software and Hardware) and Network Support vendor for the Courier Freight Group (CFG). I started off as an intern (this was a National Diploma requirement prior to graduation) and was later promoted to IT Support function where I was responsible for installation of IT hardware and software, configuration of users and PC onto the network and troubleshooting of various end user incidents.
My Home, Students Home, and Public Place
Nompumelelo speaks English