Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic
Musa Wesutsa

Musa Wesutsa

Risk Consultant
Nairobi

Summary

A seasoned Information Security and Risk management expert with a proven track record at Sentinel Africa Consulting Limited, who excels in enterprise risk management and cybersecurity, enhancing frameworks across various industries. Renowned for analytical prowess and dynamic training abilities, including significantly advancing clients' security postures, demonstrating exceptional problem-solving and communication skills.

Overview

19
19
years of professional experience
8
8
years of post-secondary education
15
15
Certifications

Work History

Managing Consultant

Sentinel Africa Consulting Limited
10.2016 - 11.2024
  • As a Certified Enterprise Risk Manager (CERM) I led advisory projects with numerous clients to design and implement their enterprise risk management frameworks against frameworks such as ISO31000 and COSO.
  • As lead consultant, I have conducted risk assessments for clients across various industries such as telcos, banks, fintechs and public sector.
  • As a certified trainer, I have conducted trainings on risk management for clients as well as, as an external trainer for British Standards Institute (BSI) in UAE and the Professional Evaluation and Certification board (PECB)
  • As a consultant I have advised clients on how to enhance their risk management frameworks including designing key risk indicators using a scoring methodology adapted from the balanced scorecard.
  • I have been a speaker on risk topics for the Institute of Internal Auditors (IIA) Kenya, Institute of Certified Public Accountants of Kenya (ICPAK), Business Continuity Institute (BCI) Eastern Africa as well as guest lecturer for the University of Sarajevo
  • As a certified ISO Management Systems Auditor, I have audited organisations' Information Security Management Systems (ISMS) against ISO27001:2013, ISO27001:2022, Business Continuity Management System (BCMS) against ISO22301:2019, Privacy Information Management System (PIMS) against ISO27701:2019 and Quality Management System (QMS) against ISO9001:2015; for MSECB and Certi-Trust ISO Certification Bodies
  • As a trainer, I have designed content tailored to clients and delivered to Senior Management, Executives and Boards
  • I have also acted as an outsourced Chief Information Security Officer for a bank in Kenya for a duration of 1 year on contract where I led the Information Security program

Senior BCM and Information Security Manager

Bharti Airtel Africa
04.2015 - 01.2017
  • Led the ISMS implementation for Airtel Ghana to ISO27001:2013 certification in 2015 which included designing a risk assessment methodology and conducting details risk assessment against it following the ISO27005 Risk Assessment Guideline
  • Was responsible for tracking and reporting on the progress of Cybersecurity solutions deployment across 17 operating companies in the 17 countries Bharti Airtel had a presence
  • Worked with various outsourced vendors such as IBM, Mahindra and Comviva to aid delivery against their SLAs
  • Conducted risk assessments across the 17 OpCos and compiled the risk report for the entire Africa business bringing out unique country risks as well as cross border risks
  • Monitored Key Risk Indicators and compiled trending reports especially on risks related to cybersecurity and data privacy
  • Made presentations to board and senior managers of the OpCos on risks and mitigation actions trackers
  • Represented the OpCos as an expert during external audits and regulator assessments, as well as second party audits by the banks.

Principal Information Risk Officer

Safaricom Public Limited
11.2012 - 04.2015
  • I was the Project Manager for the ISMS implementation for Safaricom and successfully attained ISO27001:2005 Certification in 2013.
  • Successfully expanded the scope of the ISMS and led the upgrade from ISO27001:2005 to ISO27001:2013 in 2014.
  • I conducted organisation wide risk assessments and prepared risk registers and risk reports.
  • I conducted Data Center assessments across the country in all the data centers preparing reports and recommendations for enhancing their performance against Uptime Institute guidelines.
  • I prepare information security awareness content and pushed quizzes organisation wide after which I prepared reports and recommendations

Information Security Manager

Mumias Sugar Company Limited
01.2008 - 11.2012
  • Was the project manager for the ISMS and certification against ISO27001:2005.
  • Ensured that penetration tests are conducted regularly to identify vulnerabilities before they could be exploited by malicious actors.
  • Mentored junior security staff members to develop a strong and skilled information security team within the organization.
  • Coordinated with external vendors to procure cutting-edge cybersecurity tools that enhanced organizational defenses.

System Administrator and Security Administrator

Mumias Sugar Company
05.2006 - 12.2007

· Day-to-day responsibility for Information Security and in-charge of the Information Security unit

· Responsibility for the effective functioning of the Information Security process within the organization

• Identifying and classifying information assets, risk owners and assigning risks to risk owners.

• Carrying out periodic Risk assessments to assess the ever-changing risk landscape and/or before a

major change is introduced into the organization and subsequent control selection.

• Advising Management on Information Security Issues through scheduled and ad hoc reporting especially on new risks or where existing controls are failing

• Information Security Risk Assessments on the information assets

• Developing, revising, and managing Information Security Policies and Procedures

• Managing Business Continuity Planning

• Co-operating with other Organizations on Information Security Issues for compliance.

• Information Security Planning and program development.

• Secretary to the Information Security Steering Committee, ensure regular meetings are recorded and

action points noted and reviewed.

• Handling Information Security Incidents

• Reviewing Information Security Problems

Education

MBA - Strategic Management

Strathmore Business School
Nairobi, Kenya
04.2020 - 06.2023

Bachelor of Science - Computer Science

Jomo Kenyatta University of Agriculture & Tech
Kenya
05.2001 - 07.2006

Skills

Risk assessor

Cybersecurity management

Problem solving and analytical skills

Excellent communicator and trainer

Certification

Certified ISO27001 Master

Timeline

ISO/IEC 20000 Lead Implementer

06-2024

ISO/IEC 27701 Senior Lead Implementer

05-2024

ISO 31000 Senior Lead Risk Manager

09-2023

ISO/IEC 27001 Senior Lead Implementer

05-2023

Certified Data Protection Officer (CDPO)

12-2021

Certified Management Systems Auditor

04-2021

Certified Data Protection Solutions Engineer (CDPSE)

12-2020

MBA - Strategic Management

Strathmore Business School
04.2020 - 06.2023

Senior Lead Disaster Recovery Manager

06-2019

Certified ISO27001 Master

03-2018

ISO 22301 Senior Lead Implementer

03-2018

Managing Consultant

Sentinel Africa Consulting Limited
10.2016 - 11.2024

ISO/IEC 27001 Senior Lead Auditor

06-2016

Senior BCM and Information Security Manager

Bharti Airtel Africa
04.2015 - 01.2017

Certified Information Systems Security Professional (CISSP)

11-2013

Certified Information Security Manager (CISM)

10-2013

Principal Information Risk Officer

Safaricom Public Limited
11.2012 - 04.2015

Certified Information Systems Auditor (CISA)

08-2011

Microsoft Certified IT Professional (MCITP)

12-2010

Information Security Manager

Mumias Sugar Company Limited
01.2008 - 11.2012

System Administrator and Security Administrator

Mumias Sugar Company
05.2006 - 12.2007

Bachelor of Science - Computer Science

Jomo Kenyatta University of Agriculture & Tech
05.2001 - 07.2006
Musa WesutsaRisk Consultant