I am a dedicated Information Security and Privacy expert specializing in Governance, Risk, and Compliance (GRC). With expertise in standards, frameworks, laws, and directives such as ISO 27001, ISO 27701, ISO 42001, ISO 27002, ISO 27003, ISO 27004, ISO 27005, ISO 27035, ISO 27032, ISO 27017, ISO 27018, ISO 27031, ISO 27110, Ghana Cybersecurity Act 2020 (ACT 1038), Ghana Data Protection Act 2012 (ACT 843), PCI DSS, NIST CSF, NIST AI RMF, NIST PF, NIST SP 800-53, NIST SP 800-30, NIST SP 800-145, NIST SP 800-55, NIST SP 800-61, NIST SP 800-50, SOC 2, SWIFT CSCF, the Ghana Cybersecurity Authority Directive for CII protection, and the Bank of Ghana's Cyber and Information Security Directive, I develop and implement security and privacy management systems that align with organizational goals and regulatory mandates. As the CISO/DPS of Zenith Bank (Ghana) Ltd, I lead risk management initiatives, drive critical certifications, and enhance cyber resilience. My expertise includes spearheading ISO 27001, ISO 27701, and PCI DSS certification projects, conducting compliance assessments for NIST CSF, NIST PF, SWIFT CSCF, Ghana Cybersecurity Act 2020 (ACT 1038), Ghana Data Protection Act 2012 (ACT 843), Ghana Cybersecurity Authority Directive for CII protection, and the Bank of Ghana's Cyber and Information Security Directive, as well as leading VAPT assessments and cybersecurity awareness programs. I design robust GRC frameworks to ensure compliance and risk mitigation, lead cross-functional teams, and collaborate with stakeholders to navigate regulatory complexities and achieve key milestones. In addition to my professional role, I am currently serving as the Head of the Security Group Wing of the Institute of ICT Professionals of Ghana (IIPGH) and Vice President of the group of CIOs and CISOs of Banks in Ghana. In these capacities, I advocate for cybersecurity awareness, capacity building, mentorship, compliance, and adopting best practices. Some of my notable accomplishments at Zenith Bank (Ghana) Limited include: (1) Establishing the Information Security Department. (2) Establishing the Security Operation Center (SOC). (3) Establishing the Incident Response Team (IRT) using the ISO/IEC 27035 and NIST SP 800-61 guidelines. My achievements demonstrate my ability to establish and maintain robust security and compliance frameworks, ensuring the protection of critical data and information assets while fostering resilience and regulatory compliance across diverse environments.

Hier finden Sie eine detaillierte Beschreibung der Kurse, auf die sich der Trainer spezialisiert hat, sowie seine/ihre Berufserfahrung für die jeweiligen Kurse.