Open to opportunities

Wamaitha Mwangi

@wamaithamwangi

GRC and cybersecurity executive building operational resilience through security-by-design and automated control execution.

Kenya

Message

What I'm looking for

I’m looking to lead security-by-design technology governance and operational resilience, partnering across engineering, compliance, and business. I want roles where I can drive continuous execution—improving incident outcomes, audit readiness, and vendor risk discipline.

I’m a Technology Governance, Operational Resilience, and Cybersecurity Executive with progressive experience leading enterprise GRC, information security frameworks, and corporate IT operations across regional environments. I act as the strategic bridge between engineering execution, corporate compliance, and business leadership—turning complex standards into repeatable control procedures and automated guardrails.

In my current role as Manager GRC at HEVA FUND LLP, I provide executive leadership across high-stakes digital platforms serving 10,000+ beneficiaries. I’ve engineered and benchmarked CERT/CSIRT incident playbooks, cutting MTTD by 40% and MTTR by 35%, and integrated privacy and cyber risk assessments into high-risk initiatives to reduce AI-misuse and compliance incidents by 30%.

Previously, as Head of Assurance Services at CYBER1 Solutions, I led regional governance and technology assurance across 10 industries, driving client technology control maturity above 90%. I translate ISO 27001, PCI-DSS, GDPR, and Kenya DPA into actionable platform policies, and I’ve supported remediation outcomes and exposure reductions through disciplined, continuous execution—backed by rigorous audit readiness, vendor due diligence, and business continuity testing.

Experience

Work history, roles, and key accomplishments

Current

Manager GRC

Current

Heva Fund LLP

Jan 2025 - Present (1 year 4 months)

Provided executive leadership for technology governance, risk management, and operational resilience for digital platforms serving 10,000+ beneficiaries, establishing 100% compliance for cross-border data-sharing arrangements. Reduced MTTD by 40% and MTTR by 35% via CERT/CSIRT structures and incident playbooks while improving audit readiness through ROPA, IT risk registers, and vendor due diligenc

Technology Governance GRC ISO 27001 GDPR Kenya DPA CERT CSIRT Incident Response MTTD MTTR Optimization Vendor Risk Management

Head of Assurance Services

Cyber1 Solutions

Sep 2022 - Dec 2024 (2 years 3 months)

Led regional GRC and technology assurance across 10 industries, achieving client technology control maturity above 90% on remediation reviews. Translated ISO 27001, PCI-DSS, GDPR, and Kenya DPA into enterprise guardrails, remediated 80% of high-risk findings within SLAs, and reduced critical exposures by 90% year-on-year.

GRC ISO 27001 PCI DSS GDPR Kenya DPA Vulnerability Management Penetration Testing Vendor Risk Management

GRC Officer

Cyber1 Solutions

Mar 2020 - Sep 2022 (2 years 6 months)

Executed end-to-end information security and data protection risk assessments across critical infrastructure, third-party environments, and customer-facing applications. Authored security standards and helped establish data breach response and incident escalation playbooks supporting 30+ enterprise transformation projects per year.

Data Protection Escalations Enterprise Architecture

GRC Lead

eKraal Innovation Hub

Sep 2018 - Apr 2022 (3 years 7 months)

Developed and embedded end-to-end IT risk management and foundational IT governance policies across multiple business units in 2 countries, increasing control maturity scores by 60% year-on-year. Managed 100% completion of planned Business Continuity and IT Disaster Recovery tests and delivered GRC capability-building for 300+ professionals.

IT Risk Management IT Governance Business Continuity Planning IT Disaster Recovery Control Maturity Monitoring