Brian Kanyemba

Experience

• 

  KPMG Zimbabwe

  Apr 2010 - Oct 2017

  Governance• Creating IT Operations and Security budget and plan accordingly.• Manage & oversee information risk and security implementation of strategic activities with direction from Global while & any specific local requirements.• Design test and implement DRPPolicies and Requirements• Implement and enforce Global Information Security Policies, Requirements, Specs together with any other applicable local policies.• Creating new policies and procedures to bridge gaps in overall security.Training & Awareness• Implement IT security training that incorporate the key Acceptable Use Policy topics.• Implement & maintain a comprehensive, ongoing annual information risk and security awareness campaign.Information Risk and Security Assessments• Assess information security risks and provide risk assessment signoff.Incident Response• Follow local established processes for responding to security incidents.Third Party Providers• Handling third party provider information security queries & security incidents.• Handling SLAs and NDAs with third parties.Compliance• Carry out an annual internal audit according to predefined compliance standards.• Coordinate & provide information to support Global Compliance Review Programs.• Address action items resulting from internal audits and GCR.• Identify, document and instances of non-compliance with security policiesMonitoring• Ensure updated antivirus definitions are implemented on servers & desktops.• Monitor SCCM patch management.• Monitor hard drives on firm-issued laptops & desktops to ensure they are Bitlocker encrypted.• Review & approve firewall changes.• Ensure adequate physical security of data centers and restricted IT areas.• Schedule with Global firm for periodic Vulnerability Assessments.• Manage compliance with firm defined Prohibited Software List • Manage user Privileged access rights & review, as appropriate. Show less • Review, resolve and escalate Information Security incidents to the National IT Security Officer• Ensuring that classification , criticality and risk assessment of information systems are conducted and escalated to the NITSO• Determine when a security incident constitutes an emergency and escalate to the NITSO• Monitor trends and developments in information security through report writing and escalating to the NITSO• Adding newly identified Information Security issues and risks to the Risk Register and review progress of each issue on a weekly basis and report to the NITSO.• All duties assigned by NITSO and Chief Information Officer/Risk Management Partner. Show less • Responsible for installing, maintaining and upgrading servers.• Ensure that the server data is secure from unauthorized access.• Perform light programming (scripting, which involves writing programs to automate tasks).• Effective provisioning, installation/configuration, operation, and maintenance of systems hardware and software and related infrastructure• Participate in technical research and development to enable continuing innovation within the infrastructure.• Co-ordinate and assist project teams with technical issues in the Initiation and Planning phases of standard Project Management Methodology• System capacity management; Day to day monitoring of servers and systems performance levels.• Supervising software installation making sure the network is free from unlicensed software and all known malware.• Assist user departments, in designing and use of spreadsheets/documents to support their activities using corporate standards.• Hardware Purchase Administration Show less • 1st Level Support and Troubleshooting.• Administer call logging, Assign user service requests, escalation and generating reports from SysAid helpdesk systems• Asset Management.• Domain, ISA (Proxy), SCCM, Mail, Print and Active Directory Server Integration, implementation, control and maintenance.• Network Infrastructure/protocols ‐ LAN and WAN integration and troubleshooting.• ITS Inventory maintenance and ITS equipment Movement; Laptops, Desktops, Printer, Projectors, Servers, Switches etc.• Installing, upgrading, customizing and integrating software systems while ensuring full stability and workability.• Internet security, web restrictions, network account access, a password management and recovery.• Setting up presentation equipment i.e. projectors and PA Systems at conferences, staff meetings and breakfast meetings.• Attending Meetings with managers from all departments to discuss system requirements, specifications, costs and timelines.• Outsourcing third party hardware support.• User support, training and guidance.• Hardware and Software Procurement and Licensing.• Pastel Support.• Other duties assigned. Show less

  • National Information Technology Security Officer

    Sept 2014 - Oct 2017

  • Deputy National Information Technology Security Officer

    Jul 2013 - Aug 2014

  • Systems Administrator

    Nov 2011 - Jun 2013

  • IT Helpdesk Administrator

    Apr 2010 - Dec 2011
• 

  Mutare Bottling Company

  Oct 2017 - Mar 2020

  ICT Officer

  Responsible and for the day to day operations and support of the organisation’s systems. Oversee and coordinate technology direction and strategy, process and quality improvement. Manage IT standards compliance, asset management, project planning and management, budgeting, forecasting, customer support and Business Continuity and Disaster Recovery. Designing, building, configuring implementing, managing, supporting and enhancing key technologies. Ensuring system Availability, Confidentiality and Integrity.• Managing IT staff by recruiting, training and coaching, communication job expectations and appraising their performance.• Researched and recommended on acquisition of hardware and software solutions.• Domain Controller, Proxy Server, AD, DHCP & DNS, SCCM Server, Mail, Print, configuration and maintenance.• Ensuring 95%+ Availability of all the organisation’s systems.• Ensuring the security of data, databases, network, workstations and backup systems.• Preserves assets by implementing disaster recovery and back-up procedures and information security and control structures.• Handling annual IT budget and ensuring cost effectiveness.• Conduct periodic IT Quality Assurance self-assessments.• Build long term solid relationships with providers of IT related products and services. Show less

• 

  EFT Corporation Ltd

  Apr 2020 - Jun 2023

  Information Security Officer

  Manage enterprise cybersecurity governance, policies, processes, and metrics. Ensuring processes and procedures are compliant with ISO 2700x, PCI DSS 3.2 and PCI Pin 2.0 standards. Provide vision for enterprise-wide business technology cybersecurity initiatives. Create strategic initiatives, advise leadership on alignment with corporate business objectives, and guide IT teams on implementation. Evaluate and prioritise cybersecurity projects based on enterprise risk profile, cost and capacity to implement change. Foster information security culture through facilitating information security training for all personnel. Show less

• 

  Zimbabwe Technical Assistance, Training and Education Center for Health (Zim-TTECH)

  Jul 2023 - now

  Security Specialist