SILAS MHEMBERE CISA, CISM
Mobile: -| Email:-
CYBER SECURITY and AUDIT PROFESSIONAL
An IT Security Professional with over a decade of solid experience and demonstrable record in technically managing IT related risks and providing the assurance functionExperienced Microsoft 365 Solutions Specialist with a deep technical understanding of Microsoft 365 services and security, including Exchange Online, SharePoint Online, Microsoft Teams, OneDrive, Viva Engage, and Defender for Office 365. Proven record in architecting, deploying, securing, and managing modern workplace solutions to optimize collaboration, communication, and compliance across enterprises. Strong knowledge of Microsoft 365 security frameworks, data loss prevention (DLP), conditional access, and threat protection.
Core Competencies and Skills:
Excellent understanding of Information security
Alignment of Information security functions with business goals
ISO 27001 implementation and maintenance
Microsoft 365 Administration & Architecture
Exchange Online Migration & Management
SharePoint Online Site Architecture & Governance
Microsoft Teams Deployment & Lifecycle Management
OneDrive for Business Implementation
Viva Engage (Yammer) Integration & Adoption
Defender for Office 365 – Threat Management & Policies
Data Loss Prevention (DLP) & Compliance Centre
Identity & Access Management (Azure AD, Conditional Access)
PowerShell Scripting for Microsoft 365 Automation
PERSONAL DETAILS
Date of Birth : 06th December 1980 Marital status : Married
EDUCATION & CREDENTIALS
Bachelor of Science (Honours) Information Systems;
MIDLANDS STATE UNIVERSITY, ZIMBABWE, 2009
Professional affiliations and certifications
INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION (ISACA), Member
INSTITUTE OF INFORMATION TECHNOLOGY PROFESSIONALS SOUTH AFRICA (IITPSA), Member
CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA)
CERTIFIED INFORMATION SECURITY MANAGER (CISM)
CERTIFIED INFORMATION SYSTEM SECURITY PROFESSIONAL(CISSP) exam pending
IT INFRASTRUCTURE LIBRARY FOUNDATION (ITIL) exam pending
PROFESSIONAL EXPERIENCE
Frontline Managed Services (USA)
Senior security Manager Jan 2023- date
Responsibilities
Develop and implement scripts and tools in ConnectWise automate to leverage from automation of patching
Regularly check and validate configured rule detection logic and triggers to ensure accuracy of detection
Review security alerts and logs to identify potential threats and vulnerabilities
Designed and implemented DLP, ATP, and Defender for Office 365 policies to protect against phishing, malware, and data leakage.
Managed the Migration of over 5,000 mailboxes to Exchange Online with zero downtime using hybrid configurations and PowerShell automation.
Developed SharePoint Online governance models, site templates, and automated provisioning scripts.
Design security playbooks to proactively reduce manual process of managing threats
Built conditional access policies and multi-factor authentication (MFA) strategies using Azure AD to enhance access control.
Led threat hunting and incident response initiatives using Microsoft 365 Defender and Security Centre.
Yoco Technologies
Security GRC officerDec 2021-Dec 2022
Reporting to Information Security Manager
Duties and responsibilities
Implementing standards DCC, ISO 27001:2013, NIST cybersecurity, SOC2
Implementing analytics tools logz.io,
Design controls for IaC tools and infrastructure deployment
Review secrets management and documentation
Enhance Microservice security posture
Proactive threat hunting using Mitre attck framework
Incidents response and investigation
Prioritizing Incidents and assigning work to junior SOC analysts
Reporting to senior management on security posture
IT risk management (maintain the IT risk register)
Managing IT security operations
Team building and Project management
Maintaining the PCI DSS compliance
Data management
Reporting on security posture to relevant steering committees
Design and implementation of security road Maps
Incident management
Information Security Consultant
IT Naledi assigned to City of Cape town & Old MutualJan 2019- Nov 2021
Reporting to the ICT security manager
Duties and responsibilities:
Managed Defender for Office 365 setup and incident workflows, reducing average threat response time by 40%.
Configured and monitored secure score metrics, implementing continuous improvements to align with CIS benchmarks.
Rolled out Microsoft Teams with lifecycle policies, app governance, and compliance controls for regulated industries.
Delivered end-user training and adoption programs for OneDrive, SharePoint, and Viva Engage.
Created custom compliance reports and alert policies using Microsoft Purview and audit logs.
Senior Network Security Engineer
Dimension data assigned to NSFAS
Jan 2017- Dec2018
Reporting to senior manager ICT projects
Duties and responsibilities
Implementing network configuration and management
Resolution of data conflicts between systems and within systems’ data universe.
Negotiating for effective risk treatment plans
Managing dynamic projects
Managing ICT network risks
Maintaining network hardware and configure software
Monitoring network resources and remediating any deviations
Monitoring and managing the network engineers
Managing application-level security (Barracuda WAF)
Risk profiling and communicating to management on all risks and non-compliance
Assisting with security escalations
Managing business process re-engineering
Implementing tools for security hardening
Security analysis and recommending to management on best practice
Network architecture design and implementation
SLAs negotiation and maintenance
Reporting on all IT security risks
HOBBIES
Aeroplane enthusiast, playing musical instruments, golf and boxing, Blogging on IT security related issues
https://www.cryptomathic.com/news-events/blog/the-role-of-an-hsm-for-pci-dss-compliance
https://content.hsm.utimaco.com/blog/pci-dss-technological-requirements-for-certified-devices
REFERENCES
Available upon request
