Summary
Overview
Work history
Education
Skills
Accomplishments
Interests
Work availability
Timeline
Generic

Kelvin Kamau

Milton Keynes

Summary

A highly experienced Information Security manager, with a passion for leading security strategies with a goal of building high performance organizations and ensuring security goals and business goals align, highly proficient in vulnerability management, incident response, risk management and mitigation. Possesses excellent communication and interpersonal skills with strong relationship building, analytical, teambuilding, problem-solving, and organizational skills. Highly technical with the ability to understand and use the latest technology, but also able to consider the strategic risk and impact of decisions made.

Overview

6
6
years of professional experience

Work history

Information Security Manager

UKTV
London
08.2022 - Current
  • Oversaw execution of projects, PMO and technical support teams.
  • Responsible for establishing, implementing, monitoring and enforcing Information Security standards and policies for UKTV.
  • Responsible for coaching and mentoring staff and ensuring policies and procedures are aligned with company goals.
  • Served as expert advisor to IT team and responsible for escalations.
  • Established measures and targets to drive performance in alignment with security and other business strategies
  • Developed and grew staff competencies through implementation and support of specific Information Security training
  • Developed risk analyses to identify appropriate security mitigations.
  • Oversaw Information Security for the business and employees by enforcing and regulating Information Security policies and procedures. Responsible for monitoring and maintaining Information Security systems
  • Analysed system and software requirements to meet operational needs.
  • Recommended upgraded technologies to board members to meet evolving business requirements.
  • Advised on Information and communications technology policy and process improvements.
  • Controlled department budgets by sourcing cost-effective solutions.
  • Maintained system security through regular testing and servicing.
  • Led information and communications strategy development.
  • Upgraded hardware and software regularly for optimised systems performance.
  • Solely managed Information Security function, working across the business with heads of units to reach security maturity targets

Information Security Specialist

The Open University
Milton Keynes
05.2019 - 08.2022
  • Engaged in all facets of Information Security
  • Management of operational and technical security of the information held on Open University systems, working closely with stakeholders throughout the institution to ensure confidentiality, integrity and availability of university data is maintained
  • Heading strategic business projects to ensure the Universities security posture is continuously improving, as well as carrying out operational security responsibilities using a wide range of different technologies
  • Key Achievements
  • Head of Third-Party Risk Management at the University, providing leadership to University stakeholders, identifying and managing associated risks, resulting in the creation of new policy and increased security maturity at the University
  • Lead the development of the Universities Security Information and Event Management system (SIEM), providing the University with an elevated ability to respond to incidents and identify trends
  • Overseeing implementation of Information Security requirements within cloud computing migration
  • Lead efforts in embedding Information Security controls and requirements within Universities' big data platform
  • Analyzing vulnerability scan results from our Nessus scans, before delivering final report to board of directors
  • Lead log analysis of network traffic to determine the threat/impact on the University infrastructure
  • Lead efforts to conduct IT security risk assessments and develop security plans for departments, identifying gaps and communicating relevant recommendations
  • Oversaw the completion of penetration tests on key University systems, cataloguing vulnerabilities identified and ensuring mitigations were implemented
  • Lead and managed the ISO27001 supplier relationship workstream for the University, creating plans and actions to attain ISO27001 accreditation
  • Lead the creation and writing of security dashboards and management reports to be presented to governance groups across the University
  • Implemented security assurance plans, involving sourcing new technologies for the university to acquire to increase security posture
  • Developed Information Security requirements for the on-boarding of new third-party suppliers for the University
  • Lead incident investigations after monitoring data feeds for threats and initiated investigations when an incident occurred
  • Line managed a team of Information Risk Analysts, assigning tasks, monitoring performance, and setting goals/objectives
  • Facilitate multiple stakeholders to agree on appropriate solutions and verify required security controls are embedded in new products.

IT Security Analyst

Investec Wealth & Investment
London
05.2017 - 07.2018
  • Responsible for monitoring network traffic across the estate, gained a top-down view of the organization and was exposed to different threat investigation techniques, management documentation and incident response techniques, in addition to this providing progress updates during management meetings and providing input to the creation of new cyber resilience plans
  • Key Achievements
  • Communicate and promote training and awareness within the business, supporting information security understanding of all employees
  • Reporting on the status of Information Security, compliance, risk, and other key areas to senior leadership teams, including management review
  • Supported all facets of operations including physical security, communications security, personnel security, cryptography, asset management, software upgrades
  • Reviewed architectural documentation to be sent to governance boards for approval
  • Monitored alerts from network security devices for indicators of threats and investigated any anomalies
  • Completed remote repairs involving software solutions and hardware reports
  • Managed the deployment of Phishing Campaigns, identifying those most susceptible and ensuring they received further training
  • Heavy involvement designing, reviewing, and handling third party security evaluation questionnaires
  • Provided training to more junior colleagues, supporting their development.

Education

BSc - Forensic Computing

2016

Skills

  • Data Security
  • Strategic Direction
  • Risk Management
  • Team Leadership
  • Threat Management
  • Incident Management
  • Planning & Analysis
  • Analytics & Intelligence
  • Collaboration
  • Conflict Resolution
  • Compliance
  • Problem-solving
  • OTHER TECHNICAL PROFICENCIES
  • Software/Tools:
  • Operating Systems (Windows, Linux, MacOS)
  • Microsoft Office 365, Azure, AWS, ISMS, Splunk, WordPress, Wireshark, Burp Suite, Visual Studio, MySQL, Nessus, Nmap, PowerShell
  • Security Frameworks & Regulation: GDPR, ISO27001/2, HIPAA, NIST Cybersecurity Framework, Cyber Essentials, PCI DSS, CIS Controls and TISAX
  • Security Techniques: IAM, RBAC, MDM, SSO, SDLC, DLP and IDS/IPS

Accomplishments

  • Certified Information Security Manager (CISM)
  • Feb 2022

Interests

Helping and mentoring next generation of professionals, bouldering, working out, reading, live music and travelling

Work availability

Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
morning
afternoon
evening
swipe to browse

Timeline

Information Security Manager

UKTV
08.2022 - Current

Information Security Specialist

The Open University
05.2019 - 08.2022

IT Security Analyst

Investec Wealth & Investment
05.2017 - 07.2018

BSc - Forensic Computing

Similar Profiles

Create profile
Kelvin Kamau