Summary
Overview
Work History
Education
Skills
Professional Role
Passion & Values
Career Goals
Certification
Other Notable Trainings
Accomplishments
Languages
Referees
Work Availability
Quote
Timeline
Generic
Stanley Kaaya

Stanley Kaaya

Head Information & Cyber Security
DFCU Towers, Plot 26, Kyadondo Road. Nakasero Kampala,Central

Summary

Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals.

Overview

12
12
years of professional experience
7
7
Certifications

Work History

Head Information & Cyber Security

Dfcu Bank
11.2022 - Current
  • Budgeting.
  • Assess cost and benefit of controls and decommission products or processes where cost exceeds the benefit.
  • Implement the bank’s Information Security Strategy by aligning it with IT & Information Security strategies.
  • Work closely with Risk, Compliance, and IT to ensure appropriate security guidance and assurance is rendered to all projects in accordance with the organization's policies and industry best practices.
  • Drafting and operationalising of policies and other governance documents.
  • Enforcement of Security standards within the organization through regular security risk assessments.
  • Overseeing of all technology audits and penetration testing activities at the organization with emphasis placed on timely closure and avoidance of repeat findings respectively.
  • Enhancement and delivery of key technology security solutions.
  • Stay on top of the external threats by identifying then implementing the required risk mitigation measures.
  • Work with IT to develop, implement and maintain secure solutions.
  • Effective management oversight by sharing monthly reports to senior management detailing the organizational and third party security posture.
  • Oversee security awareness for the organizational employees & customers.
  • Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is done and offer lasting solutions to incidents.
  • Identify new solutions in the industry to enhance the organization's security posture, ensuring minimal impact to the bank’s assets.
  • Change approval Board input to provide proper oversight on all technology changes before they are implemented in SIT & the production environment.
  • Access management for total bank.

Manager Cyber Security Ops & Digital Forensics

Standard Bank (Stanbic Bank Uganda)
06.2017 - 11.2022
  • Cybersecurity resilience assessments and attack path mapping to determine the Bank’s ability to detect, respond and recover from cyber incidents.
  • Implementation of cybersecurity capabilities that includes but not limited to Endpoint Detection and Response (EDR) across numerous platforms (Windows PCs and Servers, RedHat Linux), Identity Based Detection with Microsoft's Defender for Identity (MDI),firewalls, Intrusion Prevention & Detection, Events Monitoring (SIEM) and logging with Qradar, Splunk and SLAM respectively.
  • Managing a 24 by 7 Security Operations Center (SOC) and addressing all suspicious activities identified in the process.
  • Maintain an up to date case management tool with evidence trails from all analyzed incidents.
  • Implementing effective logging for threat detection and supporting any investigations.
  • Overseeing log management for the organization and ensuring that logs are protected and retained in accordance with the bank’s policies and regulatory expectations.
  • Routinely reviewing all mission critical audit trails for material exceptions like Fraud and abuse of bank assets in accordance with the Bank’s security policies and industry best practices.
  • Report and solution for new attack types and suspicious activities.
  • Vulnerability and patch management.
  • Support the Investigation and Fraud Risk Unit in collecting digital forensic evidence in the event of abuse while adhering to the chain of custody and oversee the evidence gathering process ensuring it aligns with the judicial system expectations of the country.
  • Document and report on all findings of each investigation conducted.
  • Support all penetration tests and technology audits while ensuring timely closure of all findings.
  • Follow up on the closure of all communicated technology Risk Control Self Assessments (RCSAs) and Key Risk Indicators (KRIs).
  • Continuously monitoring the environment for critical technology incidents and supporting the bank's cyber incident detection and response plans.
  • Privileged User Access Management.

Forensic & Information Security Analyst

MTN Uganda
11.2014 - 06.2017
  • Information security assurance.
  • Conducting digital investigations and security reviews.
  • Conducting risk assessments for solutions to be rolled out to the production environment.
  • Testifying to findings under cross-examination in the courts of law with respect to cases that make it to court.
  • Collecting and analyzing security events information, analyzing security breaches, assessing affiliated damage and loss.
  • Creating scripts to detect and avert internal and cyber security breaches to the Mobile operations infrastructure.
  • Review internal financial systems and mobile money logs.
  • Forensic practices including evidence gathering from computers, phones, and network memory devices, fluent with forensic artifacts typically found in Linux and windows systems.
  • Business Continuity Planning and Disaster Recovery tests and assessments.

Network & Data Communications Engineer

Huawei Technologies
01.2014 - 11.2014
  • Carrying out network security assessments at the customer premises (MTN, Airtel and Africell).
  • Conducting 2G, 3G, WiMAX, WI-FI and LTE site surveys.
  • Supervising subcontractors as they do equipment installation at the various customer sites.
  • Network installations and configurations across all routers and switches.
  • Service and other configurations across the network for our customers among these being 2G, 3G, WiMAX, WI-FI and LTE services.
  • Assessing and replacing faulty equipment.
  • Troubleshooting the IP Radio Access Network in case of outages and advising customers on how to proceed with relevant solutions.
  • Changing existing configurations as requested by the customers on the network with the aim of improving network performance.
  • Network patch management on the nodes with aims of correcting errors and improvement on the overall service performance.
  • Regularly coming up with solutions as required by customers, e.g., L2 and L3 VPN solutions.
  • Ensure to plan and solution for redundancy and test it through the annual Business Continuity Planning and Disaster Recovery exercises.
  • Reporting.

Command Center Engineer

Wipro Technologies
05.2012 - 11.2014
  • Offering level 1 support for UNIX, Windows, Network and Oracle.
  • 24/7 monitoring of the Data center systems and the hosted systems as well as services to ensure maximum availability and minimum downtime of all the services as per the contracted SLA.
  • Log and follow up on closure of all tickets associated with incidents (major and minor) in the Remedy service management tool.
  • Perform legitimate escalations to level 2 support for cases where level 1 support has failed to mitigate the incident.
  • Participate in the Business Continuity Planning and Disaster Recovery activities in compliance with organizational policy and ensure the organization can continue serving customers in the event of a disaster.
  • Drafting and reporting of capacity management reports to aid business and management forecast and plan for future IT infrastructure requirements.

Education

Bachelor of Science - Computer Science

Makerere University, Kampala (MUK)
Kampala
04.2001 -

High School Diploma -

Mengo Senior School
Kampala, Uganda
04.2001 -

Ordinary Level Certificate -

St. Mary’s College Kisubi (SMACK)
Wakiso
04.2001 -

Primary Leaving Examination Certificate - PLE -

St. Savio Junior School Kisubi & Iganga Boys
Wakiso & Iganga, Uganda
04.2001 -

Skills

Friendly & Positive Attitude, Teamwork and Collaboration, Customer Service, Leadership, Operating Systems, Risk management, Network security, Information and cyber security risk management, Vulnerability assessment, Analysis, Cloud computing, Incident response, Adaptability, Collaboration, Programming, Database, Encryption, Firewalls, Intrusion detection, Networking, Regulatory guidelines & compliance, Troubleshooting, Automation implementation, Communication skills, SIEM administration, Access management

Professional Role

My role as the Head Information and Cyber Security at DFCU bank largely entails overseeing all aspects of Information security at the bank including the timely delivery on operational unit targets derived from the bank wide strategy, making the right decisions, careful planning, monitoring and protection of critical data, assets and systems from unauthorized destruction, changes & disclosures.

Passion & Values

I am passionate about serving others and this is what motivated me to pursue a career in Information Security. I am driven by an “Always on, Always secure” mindset and motivated to bridge the gap between Business, Technology and InfoSec ensuring that security succeeds in enabling the delivery of stable, well-designed and secure solutions for our customers.

Career Goals

My career goal is to make sure Information Security is part and partial of every individual’s daily work activities as well as personal experiences.

Certification

ISO/IEC 27001:2013 (Lead Implementer) - Certificate No. IN/12171/121542.

Other Notable Trainings

  • ToastMasters & Super leadership training.
  • SIEM administration with Qradar, Splunk & Fortinet FortiSIEM.
  • Checkpoint & Palo Alto FW administration, NAC with Portnox & Cisco ISE.
  • Microsoft Certified: Security Operations Analyst Associate - Ongoing.
  • Microsoft Azure Security Technologies (AZ-500) - Ongoing.
  • OffSec Certified Professional (OSCP) - Ongoing.

Accomplishments

  • Switch replatforming from ITM to CR2 at DFCU Bank in 2024.
  • Cyber security maturity assessment at DFCU Bank in 2023.
  • Pioneering and creation of an organizational risk register at DFCU in 2022 upon joining the organization to track and close raised risks.
  • ISO 27001:2013 certification awarded to Stanbic Bank Uganda in 2022. First bank in Uganda to get certified with the Information Security Management Standard.
  • Pioneering third-party cyber risk management at Stanbic in 2022 ensuring oversight on critical controls status on critical partners (3rd parties).
  • Pioneering and creation of an organizational risk control self assessment register at Stanbic Bank in 2018.
  • Successful completion of the Data Center remediation project in 2017.
  • Setting up a Digital Forensics Laboratory in 2016 at MTN Uganda.
  • Mobile Money replatforming and product change from Fundamo to Ericsson’s ECW platform wallet in 2015.
  • Pioneering Continuous Controls Monitoring at MTN in 2016.
  • Implementation of 3G and 4G networks while at Huawei in 2014 for our clients in MTN Uganda, Airtel Uganda and Africell Uganda respectively.

Languages

English, Luganda
Native language
German
Elementary
A2

Referees

Name:- Mr. Abdul Rahman.

Position & place of work:- CEO at Stellarix TZ

Email:- Abdul-Rahman.Ahmed@Stella-ix.com

Tel  :- +256-772120256


Name:- Mr. Keith Kayondo

Position & place of work:- Head Enterprise Architecture at Stanbic Bank Uganda.

Email:- kayondok@stanbic.com

Tel  :-+256-740259113


Name:- Naturinda Makuru Hosea.

Position & place of work:- Chief Cyber Analyst at the African Development Bank Group.

Email:- H.NATURINDA@AFDB.ORG

Tel  :- +256-774546226

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Quote

Waste no more time arguing about what a good man should be. Be one.
Marcus Aurelius

Timeline

Head Information & Cyber Security

Dfcu Bank
11.2022 - Current

ISO/IEC 27001:2013 (Lead Implementer) - Certificate No. IN/12171/121542.

12-2021

AZ-900 - Certificate No. H401-8436

04-2020

Certified Information Systems Security Professional (CISSP) - Certificate No. 697643.

12-2019

SAFE® 4d Practitioner

12-2018

Manager Cyber Security Ops & Digital Forensics

Standard Bank (Stanbic Bank Uganda)
06.2017 - 11.2022

Certified Fraud Examiner

05-2016

Forensic & Information Security Analyst

MTN Uganda
11.2014 - 06.2017

ITIL v4 Cert in 2014

07-2014

Network & Data Communications Engineer

Huawei Technologies
01.2014 - 11.2014

Cisco Certified Network Associate (CCNA) - Certificate No. 414854171307BOXN

07-2013

Command Center Engineer

Wipro Technologies
05.2012 - 11.2014

Bachelor of Science - Computer Science

Makerere University, Kampala (MUK)
04.2001 -

High School Diploma -

Mengo Senior School
04.2001 -

Ordinary Level Certificate -

St. Mary’s College Kisubi (SMACK)
04.2001 -

Primary Leaving Examination Certificate - PLE -

St. Savio Junior School Kisubi & Iganga Boys
04.2001 -

Similar Profiles

  • Shiba Aijuka

    Shiba AijukaShiba Aijuka

    Banking Officer at DFCU BankBanking Officer at DFCU Bank

    View Profile
  • Jimmy Joseph Opio

    Jimmy Joseph OpioJimmy Joseph Opio

    Direct Sales Representative at Dfcu BankDirect Sales Representative at Dfcu Bank

    View Profile
  • Victor Rugeiyamu

    Victor RugeiyamuVictor Rugeiyamu

    Chief Risk Officer at DFCU Bank LtdChief Risk Officer at DFCU Bank Ltd

    View Profile
Stanley KaayaHead Information & Cyber Security