Wamaitha Mwangi
Nairobi
Summary
Innovative, results‑driven and ethical cybersecurity leader with progressive experience from junior consultant to Senior GRC Consultant, Head of Assurance and Chief Information Security Officer. Combines deep IT governance, risk and compliance expertise with hands‑on experience overseeing complex technology deployments, evaluating control effectiveness and aligning security programs to organizational strategy. Adept at performing IT risk assessments, building risk profiles and designing end‑to‑end control frameworks that strengthen resilience and drive continuous improvement. A transformational leader with strong interpersonal skills, known for collaborating effectively with executives, regulators, vendors and cross‑functional teams to embed robust governance and deliver measurable security outcomes.
Overview
12
12
years of professional experience
Work History
Chief Information Security Officer
HEVA FUND LLP
01.2025 - Current
- Advised executive leadership and board on alignment between cyber policies, donor requirements and national strategies, ensuring 100% of major programs (10+ annually) documented and tracked cyber risk and resilience objectives.
- Coordinated cyber diplomacy with local, national and external stakeholders, representing the organizations in 3–5 multistakeholder forums or working groups per year and contributing to at least 2 joint communiqués or policy inputs.
- Translated emerging cyber norms and international law into 8–12 internal policies and MOUs, maintaining 100% compliance for all cross‑border data‑sharing arrangements and creative‑sector funding schemes under management.
- Designed and tested CERT/CSIRT structures and incident playbooks for the fund and partner organizations, defining roles for 20+ stakeholders and leading 2–3 joint simulation exercises per year with documented improvements in response scores of 20–30%.
- Led cyber incident readiness for digital grant platforms serving 100000+ beneficiaries, cutting Mean Time to Detect by ~40% and Mean Time to Respond by ~35% against agreed fintech benchmarks through targeted tabletop exercises and post‑incident reviews.
- Implemented governance for cyber crime and AI‑misuse risks across a portfolio of 5 funded projects, integrating AI risk assessments into 100% of high‑risk proposals and reducing AI‑related security or integrity incidents by at least 30% over the grant cycle.
Head of Assurance Services
CYBER1 Solutions, East and West Africa.
10.2023 - 12.2024
- Resolved an average of 20 operational and stakeholder issues per week, improving process efficiency by approximately 60% and maintaining a 90% satisfaction rating from internal teams.
- Supported day-to-day operations across 13 departments, consistently meeting 75% of task deadlines and contributing to a 99% reduction in backlogs or pending items.
- Adapted to diverse organizational challenges by taking on new responsibilities or projects annually, successfully delivering 100% of them on time and within scope.
- Applied technical and analytical skills to streamline workflows, helping reduce processing time for key activities by approximately 80-90% and lowering error rates by 90%.
- Maintained courteous and effective working relationships with a cross-functional group of 400+ colleagues, partners and stakeholders, reflected in 80 % positive feedback in performance and 360° reviews.
- Collaborated in team initiatives that improved overall team productivity by about 100% and contributed to achieving or exceeding 95% of annual departmental KPIs.
GRC Consultant
CYBER1 Solutions
09.2022 - 10.2023
- Led implementation of client technology risk and compliance initiatives across 10 industries, improving compliance with internal policies and external regulations (PCI DSS, ISO 27001, GDPR, Kenya DPA) to above 90% on remediation reviews.
- Conducted end‑to‑end security risk assessments on 30+ client environments annually (infrastructure, applications, third parties), identifying and tracking remediation of 80% of high‑risk findings within agreed SLAs through clear management reporting and guidance.
- Assessed and interpreted threats, vulnerabilities, patching, secure baselines, penetration tests, phishing and social‑engineering results for portfolios of up to 100 clients, contributing to a 90% reduction in critical exposures and notable incidents year‑on‑year.
- Supported senior team members in designing clients’ security architectures and control frameworks, delivering work streams and helping raise average audit or certification scores by 87-90 percentage points across assigned engagements.
- Authored and maintained security standards, procedures and technical advisory outputs, providing on‑demand regulatory and best‑practice guidance that informed at least 30 client change or transformation projects per year and strengthened their overall security posture.
Outdoorer Adventure Guide
Outdoorer Kenya
01.2021 - 12.2024
- Taught basic mountain hiking skills such as pace, breathing techniques, hydration, taking breaks and demonstrated how to walk up a mountain.
- Motivated clients and ensured that they remained steadfast through the great outdoors.
- Oversaw, managed and maintained assigned groups during their experiences in line with the set guidelines.
- Provided safe and supportive environments for education, cooperation and fun during outdoor activities.
- Assessed clients and ensured that they all had safety gear before going out for hiking.
IT GRC Lead
e. KAAL Innovation Hub
09.2018 - 04.2022
- Developed and embedded end‑to‑end IT risk management processes and foundation‑wide policies, covering 3+ business units across 2 countries and driving a 60% improvement in control maturity scores year‑on‑year.
- Managed the full lifecycle of 5+ IT risks annually (identification, assessment, triage, remediation and reporting), maintaining an up‑to‑date risk register and unit/country risk profiles that informed quarterly leadership decisions.
- Performed detailed IT risk assessments on 10+ applications, infrastructure components and third parties, reducing high‑risk findings by approximately 70% through targeted remediation with internal teams and vendors.
- Maintained and tracked a Business Continuity and IT DR testing schedule for 4 critical systems, achieving 100% completion of planned tests per year and closing identified gaps within an average of 17 days.
CyberGovernance Analyst
SheHacks KE
03.2014 - 07.2017
- Organized and facilitated a governance risk compliance (GRC) training and awareness framework to 300+ women in the tech space.
- Generated reports on emerging IT risks, articulated their impact and provided guidance on how to implement remediation and direct business goals.
Education
Bachelor of Arts - Political Science And Government
Madsen Univeristy
Siaya, Siaya District, Kenya01-2012
Toastmasters Club
NairobiSkills
- Policy design
- Cyber diplomacy
- Legal analysis
- Norms governance
- Risk assessment
- Incident coordination
- Capacity building
- Stakeholder engagement
- Strategic communication
- Research analytics
- Training and Capacity Building
Timeline
Chief Information Security Officer
HEVA FUND LLP
01.2025 - Current
Head of Assurance Services
CYBER1 Solutions, East and West Africa.
10.2023 - 12.2024
GRC Consultant
CYBER1 Solutions
09.2022 - 10.2023
Outdoorer Adventure Guide
Outdoorer Kenya
01.2021 - 12.2024
IT GRC Lead
e. KAAL Innovation Hub
09.2018 - 04.2022
CyberGovernance Analyst
SheHacks KE
03.2014 - 07.2017
Bachelor of Arts - Political Science And Government
Madsen Univeristy
Toastmasters Club