Kingsley Duru, ACA, PCI-ISA

Experience

• 

  Enterprise Bank Limited

  Aug 2006 - Sept 2011

  Internal Control Coordinator

  Actively worked in standardization and automation, application and implementation of best practices formanaging internal controls.Deployed innovative technology to enhance and continuously improve the design and operation of effectiveness of the controls, documentation, assessment and review proceduresFormulated policies and procedures to improve internal controls, compliance and efficiencyDelivered adequate and timely action plans and monitored progress to address and resolve controldeficiencies Show less

• 

  Spring Bank PLC

  Jun 2008 - Sept 2012

  Head, Human Resources Compliance

  •

• 

  Enterprise Bank Limited

  Nov 2012 - Sept 2014

  Head, Quality Assurance, Monitoring & Enforcement
• 

  Heritage Bank Plc

  Sept 2014 - Aug 2023

  • Designed and implemented the Data Protection processes in the bank.• Conducted Data Protection assessments/gap analysis and assessed controls across the lifecycle of personal data• Deployed a robust Data Protection Impact Assessments (DPIAs) framework for the bank. • Aligned Data Protection programmes with information security programmes like Incident Detection, Record Information Management, and Enterprise Data Management• Drove the Data Protection Compliance audit which led to 80% in the reduction of cost of audit charged by the External Auditors. • Implemented Privacy by design at all levels of the bank’s activity.• Innovated secure and 100% compliant Data Privacy of the bank in the Central Bank of Nigeria (CBN) Data Protection IT Standards Blueprint Audit 2021.• Extensive knowledge of Data Privacy requirements and Data Privacy good practice.• Publishes privacy notices and local procedures• Consult with business areas on Personally Identifiable Information (PII) collection, minimization, appropriate use, information sharing, proper handling, and disposal• Drive bank-wide PII inventory initiative• Provides data privacy training to bank staff and management• Leads and monitors Bank compliance with applicable Regulations (GDPR. NDPR, FFIEC, etc.)• Reviews data privacy controls and results with Information Technology teams• Advisor to Incident Response Team, Business Units, and Information Security Steering Committee• Drive cross-functional and effective communications throughout the program lifecycle, providing the visibility and transparency required to ensure cross-functional team and stakeholder alignment Show less • Performed IT security risk assessments and reported on ways to minimize threats.• Monitored security vulnerabilities and hacking threats in network and host systems.• Tracked latest IT security innovations and kept abreast of latest cyber security technologies.• Led technology risk management processes to identify, analyse, qualify, quantify, treat, accept, communicate, and monitor risks related to information technology.• Communicated Information security threats to key stakeholders in other to improve the security posture of the bank.• Developed strategies to handle security incidents and trigger investigations.• Enforced the execution of the Bank’s security strategy and policies and ensured continuous compliance with regulatory, business, legal, and contractual obligations relating to Information/cyber security in the bank. • Monitored the time controls requisite for recertification to the security standards; ISO 27001, PCI DSS, ISO 23000, NDPR data protection certification, and other related industry standards.• Facilitate risk management governance to define the scope of work and assess risk control strength.• Review the results of the control programme and provide guidance to the appropriate business units.• Evaluate risk factors and conduct gap assessment analysis as required.• Review the effectiveness of policies, procedures, processes, systems, and internal controls• Work with assigned business units and provide operational risk expertise and consulting for projects and initiatives• Performed risk assessments and analyzed the result of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies. Show less  Functioned as a highly skilled Forensic Fraud Investigator with the ability to multi-task, analyze and interpret data to demonstrate good judgment and independent decision-making.  Conducted investigations involving routine to complex matters in diversified operations including identifying organized criminal activities, internal abuse and fraud, and fraud committed against the Bank by external parties.  Conducted witness interviews and take statements in accordance with current legislation and codes of practice.  Participated in, or led investigative related task forces and/or special projects that represent significant loss exposure and/or are highly visible.  Identified control weaknesses and issues and made recommendations to line management to close process gaps, mitigate risks and address policy/procedure violations  Formulated and recommended action response to allegations, file crime reports, and testify in court proceedings, where required.  Prepared investigation reports for management covering investigative details, results and recommended loss and recovery  Investigated & Reported on fraudulent activities by staff and customers Show less

  • Information Security Manager/ Data Protection Officer

    Apr 2019 - Aug 2023

  • Head, Information System Security Assurance/Governance Risk and Compliance (GRC)

    Feb 2017 - Apr 2019

  • Head, Forensic Investigation & Fraud Management

    Sept 2016 - Mar 2019

  • Head, Audit & Inspection

    Sept 2014 - Aug 2016
• 

  Union Bank of Nigeria

  Aug 2023 - now

  Lead, Cyber Governance, Risk and Compliance/Data Protection