www.isaca.co.ke

ISACA KENYA ANNUALCONFERENCE11th to 13th APRIL 2018

DIANI BEACH RESORT & SPA, UKUNDA

THEME “ENABLING TRUST IN A DIGITAL ECONOMY”

Preconference Workshops

TIME Workshop SPEAKER / FACILITATOR

Monday, 9th April- Tuesday 10th April 2018

Cybersecurity (CSX) Fundamentals Training

Facilitator - Raymond Bett – Vice President, ISACA Kenya Chapter

Monday, 9th April- Tuesday 10th April 2018

IT Governance for the Board & Senior Executives

Facilitator - Mark Thomas – Escoute Consulting , USA

Wednesday, 11th April 2018

TIME TOPIC SPEAKER / FACILITATOR

07:30 – 08:30 Registration Open

Conference MC – Juffali Kenzi, CISA, CISM, CRISC, CGEIT Technology Manager, African Economic Research Consortium

08:30 – 08:45 Welcome and Opening Preston Odera – CEO, ISACA Kenya Chapter

08:45 – 09:15 Enabling Trust In a Digital Economy

Denis Mutinda–President, ISACA Kenya Chapter

09:15 – 9:45 Opening Address- Chief

Guest

Mrs Sheila M'Mbijjewe - Deputy Governor- CBK

09:45 – 10:30 Comments on Deputy

Governor-CBK Speech Moderator: Denis Mutinda - President, ISACA Kenya Chapter

10:30 – 11:00 Break

11:00 – 12:00 Session 1 (Plenary)

GDPR and COBIT 5

Speaker: Mark Thomas – Escoute Consulting , USA

12:00 – 13:00 Session 2 (Plenary)

Building Cyber Resilience

Speaker: John Edokpolo, MEA

Emerging Markets, Head of Legal.

13:00 – 14:30 Lunch

14:30 – 15:00 Session 3

(Plenary)

Internet of Things and Competitive Advantage

Speaker: Major Henry Kinyua Mwenemeru, OGW

15:00 – 16:00 Session 4 (Plenary)

National Cybersecurity; A Multi-stakeholder Approach

Speaker: Speaker: Vincent Ngundi - Assistant Director, Cyber Security & E-Commerce (Communication Authority of Kenya)

16:00-17:00 Session 5 (Plenary) KPMG: Kees-Jan van der Molen -

17:00 – 17:30 Tea Break

18:30 – 21:00 DINNER Sponsored by Microsoft

Thursday, 12th April 2018

TIME TOPIC SPEAKER / FACILITATOR 08:00 – 08:30 Registration

08:30 – 08:45 Welcome & Agenda Introduction MC- Juffali Kenzi

8:45 - 09:45 Session 6 (Plenary)

Trusting the Digital world- Who still needs the Auditor?

Speaker: Denish Osodo - Director Internal Audit, Safaricom Ltd.

9:45 – 10:45 Session 7 (Plenary)

BlockChain and Cryptocurrencies

Speaker: Dr. Joseph Sevilla - Director @ILabAfrica Strathmore University

10:45 – 11:15 Break

11:15 –12:15 Session 8 (Plenary)

GRC in the Cloud

Speaker: Mark Thomas – Escoute Consulting , USA

12:15 –13:00 Session 9 (Plenary)

Data Privacy in a Digital Era

Speaker: Sharon D’Souza Holi – Head of Department, Enterprise Risk, Safaricom Ltd.

13:00 – 14:30 Lunch

14:30 – 15:30 Session 10 (Plenary)

SheleadsTech – Actionable Strategies for Increasing Diversity in Tech.

Chair: Rufina Achieng - Membership Director- ISACA Kenya

Panelists: 1) Otilia Phiri - Microsoft 2)

15:30 – 16:30 Session 11 (Plenary)

Is Kenya Ready for Cyber Warfare? Speaker: Dr. Bright Gameli, PhD

Perspective on DigitalTransform.Governing Digital Trust &Innovation

16:30 – 17:30 Session 12

(Breakout)

Optimizing Data Loss Prevention in Government Institutions: Practical Approach to Data Loss Prevention

Speaker: Collins Oduor - Cybersecurity Consultant

Measuring the Performance and Effectiveness Critical Security Controls.

Speaker: William Makatiani – MD, Serianu Limited.

Cybercrime and the Legal and Regulatory Framework

Speaker: Juliet Maina – Head, Telecommunications, Media and Technology law (TMT) (TripleOKLaw)

17:30 – 18:00 Tea Break

19:00 – 21:30

Friday, 13th April 2018

TIME TOPIC SPEAKER / FACILITATOR 08:00 – 08:30 Registration

08:30 – 8:45 Welcome & Agenda Introduction MC – Juffali Kenzi

8:45 – 09:45 Session 13 (Plenary)

Towards a Paperless Office :

A case of OAG –Kenya.

Speaker: Edward Ouko – Auditor General (OAG)

9:45 – 10:30 Session 14 (Plenary)

Using ICT to Build Public Trust in Government

Speaker: Dr. Katherine Getao - ICT Secretary, Ministry of ICT

10:30 – 11:15 am Session 15. ( Plenary)

"The Importance of Data Protection/Governance for Enabling Trust in the Digital Economy and Key Learnings from the EU GDPR".

Chair: Otilia Phiri, Commercial Attorney, Emerging Markets and D&I Lead.

Panelists:

1. Dr. Katherine Getao

2. Mark Thomas

3. Kees-Jan van der Molen

11:15 – 11:45 Break

COCKTAIL

11:45 – 12:30 Session 16 (Plenary)

Closing Keynote Speaker: Jona Owitti–Chief Trainer – ISACA Kenya Chapter.

12:30 – 13:00 (Plenary) Summary and Recommendations (+ Gifts & Certificates)

Rapporteurs

13:00 –13:15 Conference Closure

Raymond Bett – Vice President, ISACA Kenya Chapter

SPONSORS

SPEAKERS’ PROFILES.

WEDNESDAY 11th April 2018

Mrs Sheila M’Mbijjewe MBS, ACCA (UK) was appointed Deputy Governor in June 2015. She holds a BA degree in Accounts and Finance and is a Chartered Accountant, England and Wales.Mrs M’Mbijjewe has had a long career in accounting and audit. She worked in senior positions in the banking sector and was the first woman to be appointed executive director of a publicly quoted commercial bank in Kenya. She has served as a board member in several companies, including the Capital Markets Authority, the Nairobi Stock Exchange, Old Mutual Insurance Company

Kenya, the Financial Reporting Centre of Kenya, Pricewaterhouse Kenya and Deloitte Touché Kenya, amongst others.

Mrs M’Mbijjewe was a founding member of the Monetary Policy Committee and the Crime and Anti-Money Laundering Act Advisory Committee of Kenya. In 2008 she was awarded the Moran of the Burning Spear (MBS), a Presidential medal for service to her country.

Mark Thomas – (CGEIT, CRISC) - President Escoute Consulting

U.S.A. As an internationally known governance, risk, and compliance expert in the areas of Cybersecurity, IT Service Management, Assurance and Audit, and IT Controls, Mark’s background spans leadership roles from CIO to Management and IT Consulting in several Federal and State Agencies, Private Firms, and

Fortune 500 Companies. With over 25 years of professional experience, Mark has led large teams in outsourced IT arrangements, conducted Service Management and information governance/risk activities for major project teams, managed enterprise applications implementations, and implemented cybersecurity and governance processes across multiple industries. Mark has also earned the ISACA John Kuyers award for Best Speaker/Conference contributor in 2016-17.

John Edokpolo. John acts as the Lead Commercial Attorney for all Emerging Markets across the Middle East and Africa for Microsoft, as well as being the General Legal Counsel for Microsoft in Nigeria, with his major focus being the removal of both legal and perception blockers to digital transformation of governments and enterprises in general and Microsoft Cloud technology in particular. This requires one to one and one to

many engagements with CXOs, Legal and Risk/Compliance/Security practitioners, advocacy groups, corporate associations and regulators to promote trust in Cloud technology.He is responsible for providing general legal advisory services to Microsoft and transactional and commercial legal support to all business groups for commercial enterprises, public sector, small and medium scale businesses, consumer group and ICT consulting transactions. His corporate career spanning over 14years, has entirely been in the telecoms and ICT sector in Company secretarial, compliance and ethics, corporate legal advisory, contracting, financing and commercial legal roles. His previous roles include acting as Legal Counsel for Nokia Corporation (later Microsoft Mobile Devices and Services business) for Sub-Sahara Africa, managing the Corporate Legal Services and Commercial Legal Drafting Departments at Etisalat Nigeria and Company Secretarial/Corporate Governance positions at Airtel Nigeria. John have an LL.B degree from the Ambrose Ali University, Nigeria and a B.L from the Nigerian Law School.

Major. Henry Mwenemeru, OGW is a PhD (Management Information Systems) candidate at Kenyatta University; He is a holder of Msc IT (System Security & Auditing) from Strathmore University, Bsc IT (Information Technology) from the Jomo Kenyatta University of Agriculture & Technology, Bsc Military Science from Egerton University. Major. Henry Mwenemeru is a consultant on security issues. He has 15 years of local and international experience on security (Logical & Physical security).

Mr. Vincent Ngundi has over 12 years’ experience in the ICT industry, mainly in information security, ICT regulation and Internet governance and management. He holds a Bachelor of Science degree in Computer Science from the University of Nairobi, a Global Executive MBA from USIU -Africa, and is currently studying for a Master’s degree in Computer Science at the University of Nairobi. Vincent is a Certified Information Systems Security Professional (CISSP), a Certified Ethical Hacker (CEH), a Certified Security

Analysts (ECSA) and a Project Management Professional (PMP). Vincent works for the Communications Authority of Kenya (CA), Kenya’s ICT regulator. As the Assistant Director in -charge of Cyber Security & E -Commerce, he oversees ICT industry issues and coordinates the implementation of Kenya’s national cyber securit y framework. He is also the Head of the National KE-CIRT/CC, Kenya’s national point of contact on cybersecurity matters. Prior to CA, Vincent was the General Manager of KENIC (Kenya’s ccTLD registry manager). Mr. Ngundi is the Chair of the National KE -CIRT/CC Cybersecurity Committee (NKCC) and the Chair of the East African Communications Organization (EACO) Cybersecurity Working Group. Vincent is a former Chair of the AfriNIC Policy Development Process Moderator Group (PDP -MG), a representative of Africa in the ICANN Address Supporting Organization Address Council (ASO-AC), Director of Capacity Building for the AfTLD, member of Kenya’s national IPv6 taskforce and member of the East Africa Internet Governance Forum (IGF) steering committee.

Kees-Jan van der Molen, is a Senior Manager in KPMG’s IT Advisory practice in East Africa, based in Nairobi. Kees-Jan heads the IT Board Advisory Practice in the region, focussing on IT and Digital Transformations, IT Performance and IT Service Management. Before, he worked as a Senior Project and Program Manager in the Global CIO-office of Royal Dutch Shell and was a Senior Manager at KPMG in The Netherlands for IT Board Advisory.

He has over 12 years of experience and ran multiple large scale programs around the globe in the area of Digital Transformation, IT Strategy, IT Service

Management and IT Infrastructure Service Development. He has supported clients in various countries around the globe, in Europe (Netherlands, Belgium, UK, Greece), in the Middle East (UAE, Turkey), in Asia (India, Malaysia, Singapore, Japan) and in the region (Kenya, Ethiopia), in various sectors (Banking, Payments, Insurance, Government, Energy, Media, Gambling. Also he has a background in IT Audit, as he worked as an IT Auditor for several years at one of the largest banks in The Netherlands. Kees-Jan holds a Masters degree in Economics from the University of Groningen, is a Certified Payments Specialist by the Kenya Payments Association, a Certified PRINCE2 Practitioner and Certified Lean Practitioner.

THURSDAY 12th April 2018

Denish Osodo works at Safaricom Limited as the Internal Audit Director. He has wide and deep experience in Assurance, Governance and Risk Services. Prior to joining Safaricom, he worked at PricewaterhouseCoopers (PwC) for several years, offering audit and business advisory services to Companies in different industries during his stints in Kenya and United Kingdom offices. He left PwC as a Director in t he Risk Assurance Services

team focusing on the provision of Internal Audit and business Controls Advisory Services to clients across Africa. Denish, a certified public accountant is a member of the Audit Committee of the Kenya National Commission for UNE SCO and an elected member of the Council and Chair of the Audit, Risk and Compliance Committee of the Institute of Certified Public Accountants of Kenya (ICPAK). He also sits in the Board of Kenya Paediatric Research Consortium (KEPRECON). He holds a Bache lor of Commerce degree from the University of Nairobi and has attended several leadership and management courses.

Dr. Joseph Sevilla is currently Director of @iLabAfrica, a Research and Innovation Centre at Strathmore University (Nairobi, Kenya). He is also the Director of @iBizAfrica, a business incubator at Strathmore. He graduated as an Industrial Engineer (Universidad del País Vasco, Spain, 1980) and holds an MSc in Computer Science (University College London, UK, 1995) and a PhD in BioInformatics (Tecnun, Universidad de Navarra, Spain, 2005). As a member of several committees formed by the Ministry of Education, the

Ministry of Research, Technical Training and Technology, the Ministry of Telecommunications, the Commission of Higher Education and the Kenyan ICT Board, he has advised on issues like the drafting of national policies in ICT, ICT and Education, Cybersecurity, development of National CS/IT Syllabus for secondary and university education, and the adoption of a National ICT

Strategy. He has also acted as an advisor to the Directorate of Industrial Training in issues related to IT training. He has been an active member of the “East African Internet Association” and the “Computer Society of Kenya” where he has been a member of the Executive Board and the Education Committee respectively. He is currently Chairman of the “Description and Processing Languages Technical Committee” of the Kenya Bureau of Standards (KEBS). Since 2011, he has also served as a member of the Innovation Board at Safaricom (K) Ltd. In February 2013, he was appointed member of the Advisory Council for the IBM Innovation & Client Centre in Nairobi. In 1991 he spear-headed the creation of the Information Technology Centre (ICT) at Strathmore and served as its first Director until October 2002. He has been a member of the Management Board of Strathmore University for over 20 years, Dean of the Faculty of Information Technology and Deputy Vice-Chancellor for Research and Quality Assurance. Dr.Sevilla’s research interests cover Mobile Technologies, Cybersecurity, ICT in Education and Development, Entrepreneurship and Business Incubators, Managerial Decision Modelling, Internet Governance, eLearning, Bioinformatics and FOSS (Free and Open Source Software) applications.

Otilia Estere Phiri. Otilia holds an LLB from the University of Cape Town, South Africa (2006), a Post-Graduate Diploma in Construction Project Management from Heriot Watt University, Dubai Campus (2014) and completed the Legal Practice Certification under the Council of Legal Education, Zimbabwe (2014). Otilia has experience in

the Construction, Telecommunications and Technology industries having worked for Samsung C&T (Constr uction and Engineering), Nokia and Microsoft covering Middle East and African countries over the period 2009 to date. Her current role is Commercial Attorney at Microsoft supporting Emerging African markets. In addition, Otilia serves as the Diversity & Inclusion Lead for the Middle East and Africa Corporate, External and Legal Affairs team responsible for driving

Sharon Holi has over 20 years’ experience working with Corporates in Kenya in managing their risks, optimizing their processes and strengthening their controls. She has worked for a total of 10 years with PwC in audit and risk advisory services, was a Chief Accountant for AfricaOnline and joined Safaricom in 2007 to set up the Enterprise Risk function.

Over the years at Safaricom she has provided assurance on products and projects, developed and implemented our business continuity and information security programmes, winning the coveted ISO 22301 and ISO 27001 certifications for the company and has established and led Safaricom’s Crisis Management Team. She is a graduate of the University of Nairobi B.Comm (Hons), a Certified Public Accountant of Kenya and a member of ISACA. In keeping with her passion to lead change through high performing teams, she is a certified coach and believes in working with others to tap into every team member's potential to achieve organic growth and results. Data privacy and data protection, she believes, is an integral part of the information security challenge and a fast changing frontier that needs to be focused on, which is why she has chosen to Speak on it.

initiatives –both internally within the company and externally within the region, with a primary focus on gender, accessibility, unconscious bias and generational diversity. Otilia is driven by a passion for the law, technology and community engagement and in her spare time can be found supporting career development programs for young women.

Dr. Bright Gameli Mawudor, Phd.

Dr. Bright Gameli Mawudor is a Cyber Security Consultant with a PhD in IT Convergence and Application Engineering with concentration in Information Security from Pukyong National University, South Korea. He has over 12 years of professional experience in Cyber Security industry with strong expertise in Cyber security strategy building, resilience and system penetration testing. Bright has also presented at over 20 Cyber Security conferences, lectured at various universities and contributed to cyber security publications.

Dr Gameli, has performed various evaluations and selections of Cyber Security tools and successfully implemented IT security systems to protect the Confidentiality, Availability and Integrity of critical business environment to curb and mitigate risks. Highly skilled in various environments, especially in the Cyber Security space, dedicated and a team player with excellent leadership qualities. He is a current Head of Cyber Security Services at Internet Solutions Kenya.

Collins Oduor, CISM, CEH, ECSA, IG, CHFI

Mr. Collins Oduor is a cybersecurity consultant, researcher and speaker. He has considerable experience in information security and IT Governance. He has provided extensive cyber security training and consultancy to industry practitioners across vertical spectrum in over 20 countries. Collins holds Master of Science in Mobile Telecommunication Innovation (Strathmore University) , Bachelor of Science in Information Technology Management (Maseno University) and a Post -graduate certificate in Digital

Forensic and Network Security from Brno University of Technology, Czech Republic. He is a Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), Computer Hacking Forensic Investigator (CHFI) and Certified EC-Council Instructor (CEI). He is currently pursuing Master of Law in Information Technology Laws at University of Strathclyde.

Collins established the IT Security Centre at @iLabAfrica and served as IT Security Manager for five years. He has presented in over 40 global conferences in United Kingdom, Slovakia, Singapore, South Africa, Mauritius and Malaysia among others. Collins was very instrumental in establishing Master of Science in Information Security at Strathmore University. He has shared platform with tech leaders such as Raj Samani, Eddie Schwartz, Richard Quest and Dr. Simon Moore. He currently consults for @iLabAfrica and CyberPro Africa.

Juliet Wangui Maina is the head of the Telecommunications, Media and Technology law (TMT) practice at TripleOKLaw Advocates, a leading law firm in Kenya. She has experience dealing with regulation and compliance matters across sectors. Juliet also leads on issues of cyber - security and data protection which are of more concern to most organisations as we move towards a digital economy. To this end, she advises clients on how to safeguard their data and ensure compliance with various data protection laws in various jurisdictions.

Juliet received her LL. B with Honors from the University of Birmingham, UK in 2010 and later completed a Master’s program in ICT Policy and Regulation (with distinction) at University of Witwatersrand, South Africa.

William Makatiani is the Managing Director and Founder at SerianuLimited, a Cyber Security consulting firm that helps organisations collect, extract value from and protect critical business data. William has over 15 years’ experience in the ICT industry - focusing on ICT Strategy, Analytics, Risk and Compliance. He h as led numerous engagements across the world

including Kenya, United States, Israel, Ireland, Singapore, China, Egypt and India.

William is a Certified Information Systems Auditor and a member of ISACA and IIA. He has completed over 200 hours of Informat ion Security and ISO 27001 focused training delivered by the MIS Training Institute. He periodically writes on technology in different local newspapers. William holds a Bachelor’s degree in Computer Science, a Masters in Science of Finance from Clark University, Worcester, MA USA and is also a graduate of EMC Corporation’s Management leadership . FRIDAY 13th April 2018

FCPA Edward (Eddie) Ouko is the Auditor-General of the Republic of Kenya from August, 2011. He previously served as the Auditor - General at the African Development Bank where he directed the audit function and was also in charge of the anti - corruption and fraud function up to June 2010. He worked with the African Development Bank (AfDB) for over 24 years in various capacities.

Prior to joining the African Development Bank, he worked in London and Nairobi for Deloitte, Haskins and Sells, one of the Big Six accounting firms in the world then, as a staff accountant and later Audit Manager at Deloittes’ Kenya Office.

He is a Fellow Member of the Institute of Chartered Accountants of England and Wales (FCA) and is a co-opted Council Member of the Institute representing Africa. He is also a Fellow Member of the Institute of Certified Public Accountants of Kenya.

Mr. Ouko is the current President of the Technical Committee on Knowledge Sharing and Management of the African Organisation of Supreme Audit Institutions (AFROSAI) and he also chairs the Capacity Building Committee of the English speaking Supreme Audit Institutions of Africa (AFROSAI-E).

The AG has over 30 years’ experience in matters of auditing, accounting and investigations.

He has served as a member of the Audit and Risk Committee of the African Capacity Building Foundation (ACBF) and is a member of the Advisory Board of the Vienna-based International Anti-Corruption Academy (IACA).

Mr. Ouko has also served as a member of Audit Committees in various UN Agencies. He is the immediate former chairman of the Audit Committee of Food and Agricultural Organization (FAO) for 5 years. He served as an external member of the Audit Committee of United Nations Relief and Works Agency for the Palestinian Refugees (UNRWA) from May 2006 to May 2011.

He was involved in close networking with Multi-lateral Development Banks (MDBs) and UN Agencies for over 12 years on matters of investigations and audit. He was a working group member of the MDBs and the UN Heads of Internal Audit on revising the Institute of Internal Auditors (IIA) standard for a new definition of Internal Auditing.

In 2003, he was a contributor in drawing up the first Standards of Investigation for the UN, Multi-lateral Development Banks (MDBs) and the European Union Anti-Fraud Office.

In 2005, he was a member of the International Financial Institutions Anti-Corruption Task Force set up by the leaders of the African Development Bank Group, Asian Development Bank, European Bank for Reconstruction and Development, European Investment Bank Group, International Monetary Fund, Inter-American Development Bank Group and the World Bank to work towards a consistent and harmonized approach to combat corruption in the activities and operations of the member institutions.

Dr. Katherine W. Getao serves the Government of Kenya as the ICT Secretary, Ministry of Information, Communication and Technology. Between 2014 and 2017 she was an active member of the United Nations Group of Governmental Experts in the field of security in the context of information and communication technology. In this context she has presented several papers at meetings in the domain of Cybersecurity and diplomacy. In 2017 she was appointed to the Government Advisory Committee of the Global Commission on the Stability of Cyberspace. From 2013 to 2014, Dr. Katherine Getao supported the formation of the newly created ICT Authority – providing strategic planning expertise, transition and change management guidance.

Dr. Katherine Getao was appointed the ICT Secretary in charge of the eGovernment Directorate in August 2010. The eGovernment Directorate was the strategic advisor on ICT issues to the Government of Kenya and manages the ICT operations of the government. Katherine prioritized the implementation of the constitution through the use of ICTs to deliver public services to all Kenyans and the achievement of Vision 2030 through improving the efficiency and effectiveness of government. Katherine led the design phase of the Huduma Kenya Initiative which has transformed the way citizens access Government services. The Directorate was subsequently merged with other agencies to form the ICT Authority. In December 2011 Katherine was awarded the Elder of the Burning Spear by the President of Kenya for her services to the nation. Prior to this responsibility between 2008 and 2010, Katherine was a project manager in the NEPAD e-Schools Initiative, a priority project of the NEPAD e-Africa Commission. Katherine joined the Initiative in early 2008. Other roles she has played include Director of the School of Computing and Informatics, 2001 to 2007, University of Nairobi, Kenya. Her work in education was recognised when she was elected to the ICT Hall of Fame in Kenya in 2007. On December 12, 2011 Katherine was installed as an Elder of the Burning Spear (EBS) in recognition of her contribution to the Government and people of Kenya. Katherine holds a B.Sc. (Hons) in Combined Sciences (Chemistry and Computer Studies) from Brighton Polytechnic, U.K. an M.Sc. in Intelligent Knowledge-based Systems from the University of Essex, U.K. and a Ph.D. in Computing from Lancaster University, U.K. She is a Commonwealth Research Fellow (2005.)

Kingdom, and an honours Bachelor of Education (Science) degree in Mathematic

________________________________________________________________

Jona Owitti is the current Chief Trainer of ISACA Kenya Chapter. He is a founder and a past-president of ISACA Kenya Chapter.

Jona has 32 years of practical experience in the areas of Computer Science and Information Security, focussing primarily on Information Systems (IS) auditing; risk management; control; IT governance and assurance. During the last 30 years, Mr. Owitti has performed, supervised and managed several IS audit, risk, and IT security-related professional assignments and projects in over thirty countries across the globe; covering Africa, The Americas, Asia, Australia/Oceania, and Europe.

The global, regional and local IT Audit projects that Jona has handled include quality assurance reviews, audits, and risk-assessment of major ERP projects such as SAP, JDEdwards, Pastel Evolution, and Great Plains. He has also conducted and managed several technical IT Infrastructure, Operating Systems, Database systems audits, and general IT Project risk assessments across the globe.

Jona is a former Regional IT Audit Manager (in-charge of Africa, Middle East and Pakistan Region) at Chevron (Caltex) Corporation; and a former public servant in the Government of Kenya. In his work and professional life, Mr. Owitti has received many awards and recognition for excellence, professionalism and diligence. Among the prestigious Awards and Recognition received so far include: Chairman’s Award – Caltex Corporation, Dallas, Texas, USA; and Corporation Auditing Department’s Award – Chevron Corporation, Concord, California, USA. Mr. Owitti is also a frequent speaker at various National and International Conferences, such as events organized by ISACA Kenya Chapter; The Institute of Certified Public Accountants of Kenya (ICPAK); The Institute of Internal Auditors (IIA) – Kenya; MIS Training Institute – United Kingdom; and The Institute of Certified Public Accountants of Rwanda (iCPAR). Jona Owitti is a Certified Information Systems Auditor (CISA), an internationally recognised professional certification examined and certified by ISACA International, Chicago, USA. Jona also holds a Master of Science degree in Computer Science from the University of Dundee, United

s from the University of Nairobi, Kenya. Mr. Owitti is married to Monica, and they are blessed with children.

ISACA KENYA BOARD PROFILES Chapter President

Denis Muli Mutinda, CIDA, CISA is the Manager, Data & Analytics at KPMG, and serves East African region that includes Kenya, Uganda, Tanzania, Rwanda, Ethiopia, Djibouti, Eritrea, Burundi, Mauritius and South Sudan. He has undertaken special assignments in Nigeria, championed and managed a team for Business Intelligence / Continuous Monitoring through the use of CaseWare Analytics Software, Qlikview, Tableau, R, Microsoft Azure, Python and

have over the years gathered significant experience in data analysis, migration, continuous monitoring, exceptions analysis, IT project advisory (requirements definition and selection) and IT security audit. He has built considerable experience working with ISACA Kenya Chapter as a member of the education committee and has undertaken presentations at various ISACA Conferences.

Vice President Raymond Bett, CPA, CISA, CEH is an experienced information assurance professional. He has over 8 years’ experience in carrying out risk based review of IT environments in some of the most complex organizations with large ICT systems. The systems he has reviewed ranged from Mobile money payment systems, core banking systems, enterprise resource planning systems such as Oracle, Microsoft Dynamics Nav and SAP.

Raymond Bett is currently the Vice President of the ISACA Kenya Chapter. He is also the Principal Cybersecurity Consultant at Stract Consulting Limited. Raymond is not only a member of ISACA but a member of theInstitute of Certified Public Accountants (ICPAK) and International Council of Electronic Commerce Consultants (EC-Council) Raymond has previously worked for Safaricom Limited for more than 5 years, where he was the Principal Information Systems Auditor and prior to that with PricewaterhouseCoopers (PwC) as a Systems and Process Assurance Associate.

Secretary Nancy Muturi is an active member of ISACA since 2006 with over 10 years of experience in Information Security and Business Continuity Management. Holder of Masters of Arts in Advanced Disaster Management from Nairobi University and Bachelor of Business Information Technology from Strathmore University .Nancy is a certified member of the Business Continuity Institute. Nancy has served in the Board of ISACA as Secretary from 2014-2016.

She is currently the Manager Business Continuity & Strategic Risk at Kenya Commercial Bank (KCB) where she is responsible for ensuring that the banks disaster recovery capabilities are enhanced. She previously worked at Equity Bank Kenya where she was responsible for setting up and institutionalizing the Information Security and Business Continuity Management functions. These resulted in operational efficiencies, decreased information risk exposure, regulatory compliance and business-centric IT systems and operations. Prior to this, she worked at Co-operative Bank of Kenya as an Information Security Officer where she was involved in various roles including ensuring systems availability, user systems access management and Information Systems strategic advisory and training on these.

Treasurer Evanson Ng’ang’a Thuo is a qualified and competent professional with over12 years working experience currently working at Mazars Kenya as an Associate Partner. He has over the years acquired invaluable skills and expertise in accountancy, taxation, audit and investigation services with clients from diverse sectors of the economy. In addition, Evanson has a strong orientation for strategicthinking, strategy formulation and policy direction; and possesses a profile of decisiveness, courage and dedication to duty obliged. These attributes coupled with his professional

competencies have enabled him serve effectively in boardsand committees where he has been nominated or elected. Evanson is an active memberof the following professional bodies: Institute of Certified Public Accountantsof Kenya (ICPAK); ISACA; Association of Certified Fraud Examiners (ACFE); TheInstitute of Directors (IOD) Kenya; and Kenya Institute of Management (KIM).

Certification Coordinator

Fredrick Bitta is an IS Audit & Risk Management professional with over ten years’ of experience having worked with various organizations in both the public & private sector including Banking, Oil and Manufacturing industries. He is the Current Director in-charge of Certification at ISACA Kenya Chapter. Fred holds a Master of Science Degree in Computer Science from University of Nairobi, a Bachelor of Science Degree in Information Technology from JKUAT.

He is a Certified Information Systems Auditor and published an article on “Multi-Agent Model for User Access Rights Audit” in the ISACA Journal Vol.3, 2013. He has been attached at the Federal Reserve Bank of Chicago in the United States and trained on auditing different Networks & Operating System environments. He has successfully undertaken the Risk Certification Program examined by the Global Association of Risk Partners (GARP). He is also a certified COBIT 5 Assessor and Implementer.

Membership Director

Rufina Achieng is serving as the Membership Director of ISACA Kenya Chapter and is a member of the ISACA International SheLeadsTech Chapter Engagement Working Group. She previously served as the ISACA Kenya Board Secretary (2012 to 2014). Rufina is a practising IS audit and risk management professional who has provided over a decade of IT audit, risk management and project assurance services to various organisations and industries in Eastern and Southern Africa. She is the Principal Consultant at Moindi Consulting Company. Rufina was previously the head of IT Audit at KenGen, a Senior

Consultant at Security Risk Solutions and Business Analyst at Ernst & Young. She is a Certified Information Systems Auditor (CISA) and a Certified Information Security Manager (CISM). Rufina holds an MBA from Edinburgh Business School and a Bachelor of Business IT from Strathmore University. Rufina is passionate about mentoring young professionals, entrepreneurs and women in leadership; and is a champion for diversity in STEM.

Research Director

David Kyalo Musyoka is a Computer Engineering Graduate. He is currently serving with Safaricom, an organization whose complex IT environment has played a role in shaping his IT audit career. Prior to his joining Safaricom, David served with KPMG, one of the Big 4 Audit firms as an IT Advisor within KPMG’s Risk Consulting Advisory arm. David has gained wide experience in IT Audits through offering Audit and Advisory services

to companies in different industries including Airline, Banking, Manufacturing and Public Sector Development in Kenya, Rwanda, Tanzania and Uganda. David is currently pursuing a Masters in Information Systems Security (M.Sc. ISS) at Strathmore University.David has taken part in ISACA activities including ISACA AGM, ISACA’s Annual Conference in Mombasa. David assisted in the COBIT 5 Foundational training that was hosted at KPMG offices in March

Academic Relations Director Paula Musuva-Kigen serves on the ISACA Kenya chapter board as the Academic Relations Director and is also a full -time faculty member at the United States International University - Africa (USIU-A) specializing in the -areas of Information Systems Audit, Security, Cybercrime and Digit al Forensics. She has been at USIU- A for 6 years and has had over 10 years of Information Systems industry experience having worked for Deloitte East Africa and Seven Seas Technologies.

She is currently pursuing a PhD in Information Systems at the University of Nairobi School of Computing and Informatics and holds an MSc in Network Systems from the University Of Sunderland, UK and a BSc in Computer Science from Jomo Kenyatta University of Agriculture and Technology (JKUAT). She has held her full Certified Information Systems Auditor (CISA) status since 2012. She holds other key industry certifications namely Certified Ethical Hacker (CEH), Linux Professional (LPIC-1), Cisco Certified Security Professional (rtd.). She is also an IBM Certified Cyber Security Professional (Security Intelligence QRadar and Application Security); IBM Big Data Specialist (Hadoop, Predictive Modeler, Business Intelligence Cognos) and IBM Mobile Application Developer (Mobile First). She has also participated in and also facilitated various Digital Forensic courses and workshops in Kenya, Tanzania and Ethiopia. She is an author and contributor to the Serianu Kenya Cyber Security Report 2014, 2015, 2016 and leads the Information and Cyber Security research stream of at the Center of Informatics Research and Innovation (CIRI) in USIU-A.

Chief Executive Officer Preston Odera is the Chief Executive Officer of ISACA Kenya Chapter. He is a founder member of ISACA Chapter. He was the CEO of K- Ninety East Africa Ltd; a training and consulting company on information systems and project management. Prior to that, he had been the Regional IT Manager for Total c overing nine (9)

African Countries. Preston was a founder and board member of Kenya Information Federation (KIF) and Computer Society of Kenya. He has been extensively involved in training on Project Management and Information Security for several years.

Immediate Past President

Paul Roy has been working for ISACA Kenya as the President of the Chapter from Oct. 2014 – Nov 2016 and currently is serving in the ISACA Kenya board as Immediate Past President. Paul Roy has advanced skills in IT Security, Software Development, Cloud Infrastructure, Networking, Data Analytics & IT Audits. He has facilitated several training courses for ISACA Kenya. Further Paul Roy has also consulted for several ISACA Kenya partners.

Paul was nominated by ISACA Kenya to serve in the Electoral Technology Advisory Committee (ETAC) for Independent Electoral & Boundaries Commission of Kenya due to his vast technical and security experience.

Master of Ceremony

Juffali Kenzi

Phares K. Chege

Anthony Muiyuro, CISA, CRISC.

Currently Technology Manager at the African Economic Research Consortium with over 10 years’ experience in wide ranging IT management and consultancy services spanning different industry verticals. He has a proven track record in IT value delivery with a penchant for information systems risk and controls underpinning his passion for leveraging information technology to drive economic development across Africa. Juffali additionally has veritable experience

within ISACA Global ranks as a long standing member of the CRISC Certification Working Group, CRISC Test Enhancement Sub-committee and a certification trainer.

Phares K. Chege is an Audit, Risk management, Governance and Financial Reporting professional with over 15 years’ experience in Internal Audit, Risk and Compliance. He is currently the Group head of Internal Audit, Risk and Compliance at Siginon Group. He has served in the same capacity in other organizations including KPMG, Office of the Auditor General, KENHA, HELB among others.

Anthony Muiyuro is the Cyber security Manager within Ernst & Young’s Risk Advisory division providing business-driven Cyber security consulting services for different clients across East Africa. He has extensive experience in Information Risk Assurance, Cyber security Strategy & frameworks development, Data security & privacy, Security Operations Center (SOC) management, Cyber Threat intelligence, Cyber Program Management, Vulnerability Assessments & penetration testing.

Anthony holds an MSc degree in Information Technology from Strathmore University and a Bachelors degree in Business Information Technology. He is a Certified Information System Auditor (CISA), Certified Risk and Information Systems Control (CRISC) and a Certified Ethical Hacker (CEH). He is a member of the ISACA Education committee and a World Economic Forum Global Shaper for the Nairobi hub.

Phares holds an MBA in Accounting and BA Economics from the University of Nairobi.He is a CISA, CRISC, CPA-K, CORP among others.

Primary M

essage

ISAC

A advances global business leaders in technology, inform

ation and cyber security, governance, risk

and innovation.

Information

& C

yber Security ISAC

A partners w

ith individuals and organizations to grow

the w

orld’s situation-ready inform

ation and cyber security w

orkforce. The C

SX

Training Platform

m

anages skills assessments,

training and performance-

based development for

enterprise cyber security team

s. C

ybersecurity Nexus (C

SX

) offers insights, training, certification and events for all levels.

Digital Transform

ation and Innovation ISAC

A’s global comm

unity helps all business technology professionals and enterprises

navigate digital disruption and deliver on the positive potential of technology.

ISA

CA

provides unique guidance, research and standards on technology adoption, im

pact and risk.

Technology W

orkforce ISAC

A’s more than

520,000 engaged professionals

depend on ISACA for

ideas, insights, know

ledge, best practices, education,

credentials and com

munity.

ISA

CA

’s expertise, experience and

engagement inspires the

confidence to drive technology innovation.

ISA

CA

’s portfolio is essential to building

successful long-term

business technology careers. .

Redefining G

overnance

Business technology dynam

ics demand a

reset in the perception, practices and leadership in governance, audit and assurance.

ISA

CA guides leaders on how

to effectively govern today’s digital system

s and tomorrow

’s emerging technologies.

ISAC

A C

ore Message B

ox

Established: 1969 Members and Certification Holders: 165,000+Members: 135,000+ in 188 Countries Engaged Professionals: 450,000+ISACA Student Groups: 95 Chapters: 217 New Members Recruited: 26,367 Average ISACA Member Tenure: 6 Years2017 Membership Renewal Rate: 81.92%

Four Core Certifications: Certified Information Systems Auditor (CISA). More than 130,000 CISA certified since established 1978

Certified in Risk and Information Systems Control™ (CRISC™). More than 20,000CRISC certified since established 2010.

Certified Information Security Manager (CISM). More than 38,000 CISM certified since established 2002

Certified in the Governance of Enterprise IT (CGEIT). More than 7,000 CGEIT certified since established 2007

The Cybersecurity Nexus (CSX) portfolio provides training, performance-based assessments, research, networking, conferences and content. It includes the Cybersecurity Nexus™ Training Platform, the Cybersecurity FundamentalsCertificate, CSX Practitioner Certification (CSXP), and The Nexus e-newsletter

COBIT, (www.isaca.org/cobit), the leading IT management and governance framework, has delivered value to enterprise stakeholders and shaped industry standards for more than 20 years.

In 2016 ISACA acquired CMMI Institute from Carnegie Mellon University, including the Capability Maturity Model Integration (CMMI®) framework.

ISACA Training: At least seven conferences each year www.isaca.org/educationITAF: Regular updates to ITAF, the IT Assurance Framework (www.isaca.org/itaf)ISACA Industry Standards: Standards, guidelines, tools, techniques for technology audit and controlISACA Journal Bi-monthly, peer-reviewed technical magazine ISACA Research: 20 white papers, nine audit programs, four Tech Briefs, two books

BOILERPLATE: Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its more than 450,000 engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters and offices in both the United States and China, and more than 135,000 members.

ISACA International Headquarters: 3701 Algonquin Road, Suite 1010, Rolling Meadows, Illinois, 60008 USA; Phone: +1.847.253.1545; Fax: +1.847.253.1443

Last updated 1/2018

FACTS AND FIGURES BRIEF2017 YEAR-END DATA

www.isaca.co.ke

ISACA Kenya Chapter

Vision Plaza, 3rd �oor suite 4

P.O. Box 10384 – 00100

Nairobi Kenya

Tel: +254 (0) 20 5100001

Cell: +254 (0) 717 116 518

+254(0) 786 249 357

Email: admin@isaca.or.ke/ Events@isaca.or.ke