Manisa Khumalo (MBA) (CISM) (CISA)

Technology Specialist with experience in IT Governance, Risk Management, Audit, Project Management and Cyber Security

+27-79-884-**** ad0y3z@r.postjobfree.com www.linkedin.com/in/manisa-khumalo Johannesburg, South Africa, 1609 PROFESSIONAL PROFILE

Manisa is a driven and passionate Information Technology Specialist skilled with 18 years’ experience in both the Private and Public sector in South Africa. What absolutely distinguishes her from her peers is her unique combination of technical certifications that are supported by her advanced business qualifications.

She has ability to build meaningful strategic relationships with both internal and external clients. Demonstrating an explorer-mindset, continuously investigating and gathering new information. Extremely analytical, working precisely and systematically, identifying subcomponents and then linking them, she also possesses good reporting and communication skills. She possesses deep knowledge IT Auditing, Risk Management, IT Governance, Cyber security, Data Analytics and Project Management. She has acquired expertise in Operations, Marketing, Resource and Financial Management, Budgeting and Business Strategy since completing her MBA and in her previous roles.

CORE COMPETENCIES

• Relating risks to the wider business environment

• Project Management

• Resource Planning

• Time Management

• Budget Development

• Business Management

• Communication skills

• Problem-solving skills

• Team Leadership and people management

• Structured Feedback on Governance, Risk and Compliance

• Executive Management Reporting

• Mentoring and empowering skills

PROFESSIONAL EXPERIENCE

ABSA Group Limited, Johannesburg South Africa

Senior Manager: Group Risk, February 2017 – April 2022 One of the four major banks in South Africa with 42 000 employees across South Africa and Africa. Part of the Chief Risk Office, which manages risks across engineering services that include Technology, Cyber and Data Risk Management. Ensures risks are managed by planning, executing and reporting on assessment engagements. Assesses the controls that are implemented to mitigate risks, focusing on technology risks such as Technology Governance, Cyber Security Risks and Data Management Controls.

• Contributed to the development of strategy and frameworks that ensures that Technology risks, governance and Cyber security are prioritised and delivered effectively across the business

• Develops assessment programmes to ensure compliance with all relevant legislation, policies, processes and resolutions and minimise risk

• Provided specialist expertise and advice to internal and external stakeholders to drive Technology governance and Cyber security strategy.

• Supervised and guides the subordinates during assessment and reviews the work performed.

• Reviewed and recommended improvement in the development and maintenance of Cyber security policies and procedures in line with the strategic objectives

• Assessed strategic and operational risks in the different areas within the busines to ensure that Cyber security incidents are reduced

• Managed and assessed compliance with applicable regulations, laws and policies to ensure that cybersecurity policies are in line with the developments in the industry.

• Completed project management activities (e.g., assessment / contracted review announcement memorandum formulation, project plan formulation, project administration, etc.) for the assessment and contracted review to be completed by the Team

• Prepared and presented reports to stakeholders, articulating the scope, observations, risk exposure and advise on areas and opportunities for improvement.

KPMG, Johannesburg South Africa

Senior Manager: Technology (IT) Advisory, March 2014 – June 2016 KPMG operates as a global network of independent member firms offering audit, tax and advisory services, working closely with clients, helping them to mitigate risks and grasp opportunities. Managed clients, assessed governance and requirements and provided solutions and presented to Audit and Risk Committee Boards. Was responsible for business development and was accountable for operations, staff management and budget of up to ZAR5M across different industries in both public and private sectors.

• Developed and improved guidelines, policies and standards to ensure adequate implementation of Control Procedures and Risk Management Processes

• Conducted Risk, Controls and governance assessments to identify gaps and recommended mitigating controls

• Assessed the development and maintenance of governance frameworks and governance structures

• Assessed maturity of IT processes using Cobit Framework and KPMG inhouse developed maturity assessment tool

• Reviewed and recommended improvement in the development and maintenance of Cyber security policies and procedures, in line with the strategic objectives

• Managed the planning and drive the execution for control self-assessments and governance workshops

• Assessed the strategic and operational IT risks in the different areas within the busines to ensure that the strategy is aligned to the business strategy, and Cyber security incidents are managed effectively.

• Manage and ensure internal compliance with applicable regulations, laws and policies, and for resolution of cyber security risks and other audit findings

• Developed and managed internal and external client relationships in order to provide solutions and improve service delivery

• Strategic Oversight, was responsible for strategic guidance, risk management direction, input, advice and recommendations for multinational implementation

Client Portfolio:

Royal Bafokeng Platinum, African Rainbow Minerals, Northam Platinum (Ltd), RTT Intelligent Logistics, University of Johannesburg, MTN Group, ArcelorMittal, Zurich Insurance, Lesotho Revenue Authority, Letseng Diamonds, Kagiso Tiso Holdings, Transnet ManiTech Consulting, Johannesburg South Africa

Managing Consultant, September 2011 – February 2014 Started own independent consultancy that specialised in IT Auditing, Governance and Technology Risk Management. Was responsible for client acquisitions, managed and executed assignments and reported to audit committees. Member of the Audit Committee and provided technology advisory services. Also managed audit and risk assignments and data analysis projects for clients. Four directs reports. Clients: Social Housing Regulatory Authority, NzaloWhite Consulting and Makhado Municipality Achievement:

• Within 6 months of operation, managed to secure 3 clients with work valued at ZAR400K

• Performed data analysis in medical aid company which identified some non-compliance with the medical aid rules

• Member of audit committee for a Social Housing Regulatory council, advising on Technology Governance. Rand Water, Johannesburg South Africa

Group Audit Manager: IT, December 2006 – January 2011 State owned entity, customers included municipalities, mines and industries. Planned, executed, reported, managed staff, reported results of risks, controls and governance to the Audit and Risk Committees. Reported to the Head of Internal Audit. Developed the IT Audit and Risk Department from single employee to multiple employees. Assessed both Financial and Industrial systems. Acted as Head of Internal Audit.

• Set up Group IT Audit Function: Developed strategy, guidelines, policies and processes for assessment of technology and cyber risks for both financial and industrial systems, i.e., IT and OT systems.

• Reviewed and recommended improvement in the development and maintenance of Cyber security policies and procedures, in line with the strategic objectives and assessment the implementation of Cyber security initiatives

• Championed the formation of IT and OT steering committee to ensure that governance processes are in place and risk are reported, prioritised and managed

• Performed Cyber security assessment and compliance reviews i.e., firewall review, database security, access management, SAP authorisation, penetration testing, network design and security

• Assessed the development and maintenance of technology governance frameworks and structures

• Developed and provided training on technology reviews to non-IT staff

• Prepared and presented reports to the Audit & Risk Committees and Executive Committees & Forums.

• Planned and Implemented Strategic directions of the Internal Audit Department

• Developed and implemented division policies, standards and processes.

• Identified significant Business & IT risks and technology governance gaps, ensured that effective processes, standards and policies were in place to mitigate risks

• Managed staff, including staff selection, development and performance reviews Standard Bank Group, Johannesburg South Africa

Manager: Infrastructure Audit, January 2005 – November 2006 One of the four major banks in South Africa with staff compliment of over 50 000 employees and operations across more than 12 countries.

• Planned and executed risk based audits in the banking environment, i.e. infrastructure, Cyber security, data management, governance and project assurance.

• Manage and ensure internal compliance with applicable regulations and laws, policies, and audit for resolution of risks and audit findings

• Reviewed quality of colleagues’ work and ensured compliance with policies and standards; benchmarking against the best practices

• Provide regular reporting and recommendations on technology, risks governance and controls to management

• As member of ISACA, ensured that I kept abreast of best practices and developments in the field of technology governance for continuous improvement.

Eskom, MegaWatt Park, Johannesburg South Africa

Senior Audit Advisor, December 2000 – December 2004 Eskom generates approx. 95% electricity used in South Africa and approx. 45% of the electricity used in Africa. Objectively assessed IT and business processes. Assessed technology risks (security and governance) and the efficiency of risk management strategies. Ensured compliance with laws and regulations. Reviewed and recommended improvement in the development and maintenance of Cyber security policies and procedures, in line with the strategic objectives. South African Airways, Kempton Park South Africa

Network Programmer (Data), February 1997 – November 2000 South African Airways is the national carrier of South Africa and flies to over 35 destinations across Africa, the Middle East, Asia, Europe, Australia and North and South America.

Monitored and maintained computer systems, security and networks. Installed and configured computer systems, diagnosed hardware and software faults and resolved technical and applications problems. ACADEMIC EDUCATION

University of Pretoria – Gordon Institute of Business Science (GIBS), Sandton, South Africa Master of Business Administration (MBA), 2013

Research: Comparing IT Governance maturity levels across different industries University of the Witwatersrand, Johannesburg, South Africa Management Advancement Programme (MAP), 2009

University of Johannesburg, Johannesburg, South Africa B Tech (information Systems and Technology Management), 2006 University of South Africa (Technikon SA), Pretoria, South Africa National Diploma (Information Technology), 1999

INTERNATIONAL CERTIFICATIONS

2020: Cybersecurity: Managing Risk in the Information Age (Harvard) 2015: APMG International - CoBiT 5 Foundation

2010: Certified Internal Auditor (CIA) - Institute of Internal Auditors (IIA) 2008: SAP NetWeaver – SAP Security SAP Academy

2005: Certified Information Security Manager (CISM) - Information Systems and Control Association (ISACA) 2005: Certified Information Systems Auditor (CISA) - Information Systems and Control Association (ISACA) 2002: Network + - CompTIA

2000: Microsoft Certified Systems Engineer (MCSE) - Microsoft COURSES & TRAINING

2016: Public Speaking and presentation Skills Course, KPMG, Johannesburg 2016: Business Writing Skills Course, KPMG, Johannesburg 2016: Helping People Buy Workshop, KPMG, Johannesburg 2016: Development Makes a Difference (Performance Management) Workshop, KPMG, Johannesburg 2016: Building Strategic Relationships Workshop, KPMG, Johannesburg 2009: Building, Leading and Managing Department – IIA Course, Institute of Internal Auditors 2009: Internal Audit Quality: Performing the Review (QAR) – IIA Course, Institution of Internal Auditors, Johannesburg 2008: Effective Report Writing – IIA Course, Institute of Internal Auditors, Johannesburg 2007: Risk Based Auditing – Institute of Internal Auditors Workshop, Institute of Internal Auditors, Johannesburg 2007: Advanced ACL Concepts & Techniques Functions Course, CQS Technology Holdings, Johannesburg 2007: SAP Overview Course, SAP Academy, Johannesburg 2006: Implementing IT Governance using CoBiT Course, ISACA, Illinois, US 2003: IT Audit School - MIS Training Institute Course, MIS Institute, Johannesburg 2002: COSO Implementation - IIA Course, Institute of Internal Auditors, Johannesburg INTERESTS

• Women in leadership

• Technology advancements

• Networking and Building Relationships

• Personal growth and branding

Contact this candidate