Godfrey Kutumela
@godfreykutumela
I bridge executive cybersecurity governance and hands-on engineering execution for measurable resilience.
What I'm looking for
I bring over 27 years of experience leading cybersecurity governance, risk management, and technical security transformation across financial services, SaaS, and digital infrastructure. I’m known for integrating executive-level cyber risk clarity with engineering-level implementation, building coherent cybersecurity operating models that are measurable, defensible, and continuously improving.
I’ve led governance and assurance programmes in rapidly scaling, multi-jurisdictional environments, and I’ve helped organisations transition from ad hoc or compliance-driven security to structured, risk-based management. As CEO and Lead Practitioner at Nucleus Systems and co-founder/CEO of Paxley Software, I use practitioner-led frameworks (evidence-based maturity, code trust assurance, and AI governance assurance) to align board decision-making with practical security controls embedded into cloud and DevSecOps delivery.
Experience
Work history, roles, and key accomplishments
Cybersecurity Risk & Technical Advisor
Ringstone
Jan 2024 - Present (2 years 6 months)
Engaged on an ad hoc basis to provide independent cybersecurity and technology risk advisory. Conducted attacker-informed risk assessments across digital platforms and cloud environments and advised on governance, control design, and risk mitigation.
Provided ad hoc support to West Monroe on cybersecurity and compliance due diligence engagements. Assessed cybersecurity maturity and risk exposure, advised on risk prioritisation and remediation strategies, and contributed senior-level technical insight for investment committees.
Virtual CISO Advisor
Sedex
Jan 2024 - Present (2 years 6 months)
Built an enterprise-wide cybersecurity governance program for a global SaaS supply chain transparency platform. Established structured risk management and reporting for executive and board visibility and aligned security posture and controls with customer security expectations and regulatory obligations.
Fractional CISO and DevSecOps Champion
The Mifos Initiative
Jan 2019 - Present (7 years 6 months)
Established and led cybersecurity governance, DevSecOps, and software assurance initiatives for the open-source fintech ecosystem. Strengthened secure software delivery practices, code security assurance, cloud security governance, and risk management for community-led engineering teams.
Independent Global Cybersecurity Firm
Nucleus Systems
Jan 2014 - Present (12 years 6 months)
Founded and leads Nucleus Systems as an independent cybersecurity consulting practice delivering cybersecurity governance, digital trust, and technology risk advisory globally. Industrialises cybersecurity maturity assessment, code trust assurance, and AI governance into repeatable, evidence-driven delivery programmes.
CEO & Lead Cybersecurity Practitioner
Nucleus Systems
Jan 2013 - Present (13 years 6 months)
Leads Nucleus Systems as a cybersecurity advisory firm focused on governance, risk, compliance, and digital trust. Provides enterprise program design and implementation, maturity assessments and transformation roadmaps, DevSecOps/secure SDLC advisory, and board-level risk reporting using proprietary delivery frameworks.
Fractional CISO Advisor
Zenobe
Jan 2024 - Mar 2024 (2 months)
Built and established an enterprise-wide cybersecurity and risk management program aligned to ISO 27001. Designed an electrical grid security program aligned to NIST CSF and NIST industrial control system guidance, including technical security implementation blueprints for OT and related infrastructure environments.
Fractional CISO Advisor
Troon
Jan 2023 - Jan 2024 (1 year)
Designed and implemented business continuity planning (BCP) and disaster recovery (DR) frameworks to improve service resilience and recovery capability. Led re-architecture of business-critical application environments to strengthen resilience, recoverability, and operational trust across an interconnected ecosystem.
Fractional CISO Advisor
Training The Street
Jan 2021 - Jan 2024 (3 years)
Delivered cybersecurity governance for a global cloud-based SaaS learning management platform across financial services and professional services sectors. Implemented a data privacy and protection program for student PII and guided the organization through supplier security and assurance certification processes.
Cybersecurity & Compliance SME
Crosslake Technologies
Jan 2019 - Jan 2024 (5 years)
Led cybersecurity and technology risk assessments supporting investment transactions. Performed technical assessments of software architecture, cloud environments, DevOps maturity, engineering practices, and operational resilience, translating findings into investment-committee-ready risk insights and remediation priorities.
Strengthened cyber risk management and governance structures for a highly regulated digital banking and fintech SaaS environment. Improved cloud security posture and control frameworks to support secure scaling and regulatory readiness across US banking jurisdictions.
Fractional CISO and DevSecOps Champion
Mojaloop Foundation
Jan 2018 - Jan 2022 (4 years)
Established global cybersecurity governance for a distributed open-source payments platform operating across multiple countries and jurisdictions. Integrated security, compliance, and privacy into DevOps delivery pipelines and defined risk frameworks covering platform architecture, API security, and cryptographic controls.
Led regional security consulting and technical pre-sales activities across the MEA market. Focused on application security, API security, and enterprise identity management, including IBM AppScan implementations and API security solutions.
Payment Security Architect
Altron FinTech
Jan 2011 - Jan 2012 (1 year)
Designed secure payment architectures for regulated financial environments. Integrated HSM (Hardware Security Module) capabilities and implemented compliance frameworks aligned to PCI DSS and ISO 8583.
Chief Architect
Dimension Data
Jan 2001 - Jan 2011 (10 years)
Delivered complex enterprise architecture and security transformation programs across banking, telecommunications, and government sectors. Led mission-critical architecture and delivery programs, defined security architecture frameworks and standards, and mentored technical teams.
Software & Systems Engineer
Motcom (IBM EDP Company)
Jan 1999 - Jan 2001 (2 years)
Developed enterprise applications and infrastructure systems as a software and systems engineer. Supported large-scale system upgrades including the Y2K transition and contributed to software design, systems integration, and engineering operations.
CyberNet Expert Pool Member
EU CyberNet Expert Pool
Served as an EU CyberNet expert and advisor assigned to the LAC4 initiative. Advised the EU Hungarian Presidency on cybersecurity policy, including submarine cable infrastructure security.
G20 Digital Transformation Advisor
Brazil G20 Presidency
Provided high-level cybersecurity and digital transformation advisory to Brazil's G20 Presidency to shape digital inclusion and cybersecurity policy. Worked with the Secretary of Information and Innovation Ministry on global policy advisory.
Privacy Expert Group Member
Digital Public Goods Alliance (DPGA)
Advised DPGA on privacy requirements of the DPGA Standard as part of the Privacy Expert Group. Developed a privacy compliance evaluation framework for prospective digital public goods.
PCH Digital Payments Security Advisor
The People's Clearing House of Mexico
Performed confidential advisory roles supporting digital payment innovation roadmaps and security frameworks for PCH. Provided cybersecurity advisory aligned to payment platform security needs.
OpenG2P & GovStack Cyber Advisor
OpenG2P & GovStack
Provided in-source cybersecurity advisory for the OpenG2P and GovStack payment and security building blocks initiative. Supported digital payment innovation roadmaps and security framework advisory work.
Security Identity Alliance Advisor
Security Identity Alliance
Served on the Security Identity Alliance (SIA) advisory committee team under African NICC leadership. Contributed to international standards for secure, interoperable digital identity exchange.
DevSecOps Lead (MOSIP)
MOSIP
Advised MOSIP leadership on digital identity trust assurance, cybersecurity, privacy, DevSecOps, and data protection. Led MOSIP's DevSecOps team and evaluated the Alan Turing Digital Identity Trustworthiness System.
Co-founder & CEO
Paxley Software
Co-founded and leads Paxley Software, an enterprise application security SaaS platform providing integrated code security capabilities. Includes SAST, SCA, SBOM, IaC scanning, and remediation.
COMESA Payments Security Advisor
COMESA
Conducted a comprehensive compliance assessment of the COMESA digital retail payment platform. Delivered findings to the COMESA Central Bank Governors' Meeting Technical Team.
Education
Degrees, certifications, and relevant coursework
University of Stellenbosch Business School
Management Development Programme (MDP), Business Management
2010 - 2010
Completed a Management Development Programme (MDP) for executive leadership and business management.
University of Limpopo
BSc Computer Science, Computer Science and Artificial Intelligence
1997 - 1999
Studied Computer Science and Artificial Intelligence as part of a BSc program; studies were interrupted before final examinations due to prolonged illness.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Godfrey?
You can contact Godfrey and 90k+ other talented remote workers on Himalayas.
Message GodfreyGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
