Your advisory team Paul F. Odong Place image here. Refer to guidelines Paul F. Odong Manager IT Risk & Assurance Services Tel Mobile Fax Email +256 414 343520 +256 752 222598 +256 414 251736 paul.f.odong@ug.ey.com Background Professional experience ► 2009 - Led a multi-national team from Nigeria, Kenya, Uganda & South Africa in a co-sourcing Network Security assessment for MTN Nigeria. Reviewed the core GSM switching network (MSC, SMSC) and the Charging System nodes comprising SDP, VS, AIR, MINSAT, HLR, mediation and billing systems. Performed Internal Attack & Penetration testing of the core network and switches ► 2010 - Team lead for an information systems audit and forensic investigation into computer fraud for a leading mortgage finance bank in Uganda ► 2009 - Team lead for a business process analysis and requirements definition for an Electronic Content Management System for the Finance Ministry ► 2007 - Security assessment of the Safaricom Ltd core network systems involving attack & penetration testing, ISO 17799 (27001) review , implementation, and certification 2012-URANET managed telecom service contract review for Uganda Revenue Authority ► 2011-Value for money audit for Post Bank’s SLA with Map Switch the service provider for ATMs, Point of Sale and Mobile phone Banking services. 2008 – project managed a co-sourced black box attack & Penetration testing and vulnerability assessment for Bank of Uganda. ► 2010 – Team lead for an IT Security Audit for the National Social Security Fund (NSSF) Uganda, involving penetration testing and vulnerability assessment ► 2007 - Assisted in a pre-live assessment of the Equity Bank internet banking application and perimeter network related to e-Banking infrastructure ► 2010 - Team lead for Fuel Debit (Advantage) Card security assessment for a Standard Chartered bank in Uganda, involving penetration testing of POS links and internal vulnerability assessment. ► 2009 - Assisted in an Oracle ERP implementation project security review and application controls testing for the Kenya Airways ► 2009 - Team lead for an information systems audit and revenue assurance for the Rwanda Revenue Authority ► 2006- Team lead for comprehensive data analytics (Claims and premiums) performed for INVESCO Insurance Company in Kenya 2011 – Application controls and security assessment for the ASYCUDA++ customs application for Tanzania Revenue Authority ► 2006 - Cyber Process Certification (WebTrust) of the commercial Bank of Africa’s e-Banking product ► 2010 - Corporate security assessment of MTN Uganda infrastructure including offices, warehouses, BTS sites & residences ► ► 2010 – Team leader for post implementation review of core banking application at Bank of Africa which included business process ► analysis 2009 - Facilitated a training workshop in E-Banking strategies, payment systems, and PCI DSS compliance for a leading bank in Uganda ► 2010 - Team lead for MTN Uganda network traffic data analysis to ensure that information relevant for billing is flowing through from the switching/ network elements to the IN and the billing system. ► Manager in Advisory Practice focussing on IT Risk & Assurance Services. Joined Ernst & Young in ► 2005 and is based in Uganda ► BSc. (Hons) Agriculture (Economics Option) – 2005 ► 2012 – Special audit of the national backbone infrastructure and E-government Infrastructure for government of Uganda. ► Certified Information Systems Auditor (CISA) – 2008 ► ► Certified Information Security Manager (CISM) – 2009 2012 – IT security assessment and capability building involving penetration testing and vulnerability assessment for internet banking for Bank of Kigali Rwanda ► ► Certified Computer Hacking Forensic Investigator (CHFI) - 2010 2012 -Barti Airtel Uganda - Information systems audit and financial audit integration ► 2012 – Orange Uganda Ltd - Information systems audit and financial audit integration ► ACCA (Part 1) ► 2012-Business Process Review for National Medical Stores. ► Ernst & Young eXtreme Hacking Class ► ► Member of ISACA ► ► Proficient in English Language ► Skills 2011-Development of requirements for implementing a financial management system for National Curriculum Development Centre ► Attack & Penetration testing, Internal vulnerability assessment, web application security review, IT governance, Enterprise Risk Assessment and BCP/DRP 2011– East African Community customs Interconnectivity study for customs network integration across involving customs process analysis ► 2011 – National Information Technology Authority Uganda e-Government readiness assessment and survey tool development ► Lead trainer at the ISMS Academy, Nairobi, 2007 ► 2011- BCP development for Centenary Rural Development Bank Ltd, Uganda. ► Lead trainer at the FAIT Academy, Nairobi, 2007 ► ► E-banking Payment Systems and PCI DSS compliance 2011 - Team lead for British American Tobacco (Africa) – Attack and penetration testing, wireless testing and vulnerability assessment. ► Member of the team that developed and delivered Ernst & Young Extreme Hacking course, Nairobi, 2007 ► 2011 – IT security assessment for Opportunity Bank Ltd. ► ► Proficiency in Data quality assessment and Data analytics (ACL), business process analysis and IT General Controls (ITGC) review 2011 – IT security audit of Uganda Finance Trust Ltd involving process analysis, controls testing, and attack and penetration testing of the network ► ► ► Proficiency in ISO 27001/27002, COBIT, ITIL, SOX, PCI DSS compliance ► Revenue Assurance (CDMA, GSM, PSTN and Data Networks) ► Computer Forensic Investigation ► E-banking/EFT systems, e.g. SWIFT, Mobile Money, RTGS 2012 – External and internal attack and penetration testing and vulnerability assessment for mobile banking and internet banking for DFCU Bank 2007 - Team lead for SOX (404) Compliance and data analysis review for a Del Monte Kenya. 1