Craig Holmes

Craig Holmes Midrand, South Africa Mobile: +27 (0) 82 - - (H) Email:-Nationality South African / British Personal Statement I am passionate about information security. I evaluate and interpret information and reach logical, fact-based conclusions, both business and technology related issues. This has been the driving aspect of my career. I started my career in Operational Auditing, moved into Computer / IT Auditing where I have spent most of my career (Over 25 years). From the overall IT Governance and sound knowledge of the different business units within the organisations, I moved into the Information security (ISO) domain five years ago, to become part of the solution implementation process and obtain exposure to cyber security. Aspirations / Goals Advance my career in the Information Security field and Cyber security. Career History Name of firm: Bayport International Group Support. Designation: Information Security Manager (ISO Manger) Period of work: September 2015 – January 2020 Reason for Leaving: Retrenchment (Section 189). Key Roles & Responsibilities: Policies and Procedures: Develop Information Security policies, standards, procedures and guidelines in line with ISMS 27002. CIS, ITIL and Cobit, Education and training awareness: Coordinate the development and delivery of an ISO and governance awareness and training program for employees by means of the use of the Online training tool. With the use of Wolfpack Training material and online Moodle on-line training. Monitoring of the status of completion, reporting on status of completion to Management. Complied and maintained IT Technical Risk register for BIGS all subsidy countries within BIGS in line with the approved Risk management Framework. Conducted BIGS IT technical risk assessment. The Technical risk assessment was performed to identity control shortcomings within the IT department. Implemented the process to identify monitor for all Incident and Problem issues and Monitor weekly all tickets logged, check that they are classified correctly and summarise into a register for monthly KPI reporting. Assist / Contribute to the compiling of management reports for ARC and SteerCo. Relating to the on-going Information Technology security monitoring items. Access Control Management Reviews (AD, OS, Firewall, Cloud services, MimeCast and business applications and databases.) User access and Privilege access Approvals on behalf of the section. (Daily, Weekly and Monthly monitoring and reviews). Co-ordinate and report on the mitigation of Internal Audit Findings raised within Bayport were the service is provided by BIGS. Co-ordinate the mitigation of internal and external vulnerability reviews. Internal and External Reviews/ Audits performed. Monitoring, follow-up and ensure that issues are addressed within the agreed timelines. Ensure compliance on Technical Security controls with IT infrastructure for Threat Detection, e-mail, data encryption, forensic requests etc. BIGS IT Risk CIS assessment Project. Ghana CIS PCI project. Previous employment Permanent: Data Governance specialist Ithuba National Lottery (April – September 2015) Senior IT Auditor Vodacom South Africa (October 2004 – December 2013) Uthingo Management (National Lottery) (April 2002 – September 2004) Office of the Auditor General of SA (July 1990 – March 2002) IT Audit Consulting: SKX Protiviti (March 2020 -Limited 1-month contact). A2Aakopano (January – March 2015) Details of work responsibilities on request. Professional Affiliations Institute of Internal Auditors [IIA] 2002 - 2013 Information Systems Audit and Control Association [ISACA] since 2003. Institute of Risk Management [RMSA] since 2014. Education, training, Certifications, and qualifications Certified in Risk and Information Systems Control [CRISC]; Information Systems Audit and Control Association [ISACA], 2011 Certified in the Governance of Enterprise IT [CGEIT]; ISACA, 2008 Certified Information Systems Auditor [CISA]; ISACA, 2003 B-Tech: Internal Auditing; University of Technology: Tshwane, 1999 National Diploma in Internal Auditing; University of Technology: Tshwane, 1989 Senior Certificate / Matric; Elizabeth Conradie School: Kimberley, 1984 References Available on Request.