IT Audit Manager, IT Risk Manager, GRC

BAKANG

LEPATE

IT Risk Assurance Manager (IT Audit, IT GRC)

DETAILS

ADDRESS

Gaborone, South-East District

PO Box 2497 Francistown

Botswana

PHONE

267********

EMAIL

************@*****.***

CORE

EXPERTISE

IT Governance & Risk

IT Risk Management

Enterprise Risk Registers

Regulatory Compliance

Control Mapping (RACM)

Policy & Standards Governance

Cybersecurity & Resilience

IT General Controls (ITGC)

Access Management Reviews

Vulnerability Management

Oversight

Incident Response Governance

Business Continuity & DR

Audit, Reporting & Analytics

Executive Risk Reporting

PROFILE

Big 4–trained IT Governance, Risk & Compliance specialist with experience strengthening technology risk, ITGC, and cybersecurity control environments across banking, telecommunications, insurance, and mining sectors. Proven record of building and operationalizing enterprise technology risk registers, leading risk-based control reviews, and accelerating closure of audit and regulatory findings. Trusted advisor to senior technology and business leadership, translating complex technical risk into clear business impact. Deep working knowledge of ISO/IEC 27001, COBIT, and regulatory expectations within highly regulated financial services environments.

PROFESSIONAL EXPERIENCE

IT Governance, Risk & Compliance Specialist,

Access Bank Botswana

Oct 2025 — Present

• Own and lead the Bank’s IT GRC capability, providing second-line oversight of technology risk, cybersecurity controls, and ITGC maturity across core banking and supporting platforms.

• Enhanced the enterprise technology risk register, improving executive visibility and prioritization of top technology risks.

• Lead risk-based reviews across access management, network security, vulnerability management, and incident response, identifying control gaps and driving remediation with system owners.

• Serve as primary liaison for internal audit, external audit, and regulators, coordinating walkthroughs, evidence, and timely closure of findings.

• Advise CIO, COO, and governance committees through executive dashboards translating technical risk into business impact.

• Represent IT GRC in ORMC, ERMC, and IT Steering Committee forums, providing independent risk insight and influencing technology risk posture and remediation priorities.

• Strengthened remediation governance through structured follow-ups and root-cause analysis, improving audit finding closure discipline across IT.

• Aligned IT and cybersecurity policies to ISO/IEC 27001, COBIT, and Risk-Based IT Audits

Data-Driven Auditing (Power BI,

DataSnipper)

Stakeholder & Regulator

Engagement

Issue Remediation Governance

LINKS

Bakang Lepate

regulatory expectations, improving control consistency and audit readiness.

Assistant Manager – IT Audit,

PricewaterhouseCoopers (PwC)

Gaborone

Jan 2025 — Oct 2025

• Led multiple risk-based IT audit engagements across banking, telecommunications, and regulated sectors.

• Delivered end-to-end audits covering ITGCs, cybersecurity controls, and automated businesscontrols from planning through audit committee reporting.

• Advised senior client stakeholders on technology risk exposure, translating technical findings into regulatory and financial impact.

• Supervised and coached audit teams, ensuring quality delivery aligned with PwC methodology.

• Championed data-driven auditing using DataSnipper and Power BI to improve testing coverage and efficiency.

• Performed quality reviews of working papers and reports to ensure compliance with PwC and regulatory standards.

Associate / ISMS Implementor,

PricewaterhouseCoopers (PwC)

Gaborone

Jul 2022 — Dec 2024

• Assessed and strengthened security controls across governance, identity and access management, continuity, logging, and data protection domains.

• Facilitated client risk workshops and control walkthroughs, improving stakeholderunderstanding of information security risks.

• Tracked and validated remediation actions, improving client readiness for ISO/IEC 27001 certification and regulatory audits.

• Supported development of risk registers, control matrices, and security policies across regulated clients.

CERTIFICATIONS

Certified Information Systems Auditor (CISA)

Certified Information Security Manager

(CISM)

Certified In Risk and Information Systems

Control (CRISC)

Certified in Cybersecurity (CC)

CISSP

2026

CGEIT

2026

PROFESSIONAL MEMBERSHIPS

ISACA

ISC2

EDUCATION

BSc Computing with Finance, University of

Botswana

Contact this candidate