Ritasha KalidasDirector: IT Security, Risk and Governance at Tiger Brands
Ritasha has close to 16 years of experience in leading both strategic and tactical Group wide initiatives pertaining to information security, cyber, privacy, IT governance, Risk and Compliance across a multitude of industries, from Banking, to Telecommunications, Entertainment & Leisure, Petro-chemicals, Manufacturing, Retail, Military, Manufacturing and the Oil & Gas industries. She has presented on the topics of Information Security, Cyber and Privacy as well as ran panel discussions at over 30 conferences, both locally and internationally and was the first female in South Africa to be awarded her CIPP (Certified Information Privacy Professional) certification in South Africa.
Ritasha has played various strategic roles throughout her career at both a local and international level. She is currently the Director of IT Security, Risk and Governance for Tiger Brands. She is responsible for driving these 3 portfolios along with the IT Resilience portfolio across the Tiger Brands Group, including its subsidiaries.
Previously, she was the Head of IT Risk and Resilience at the RMB Corporate and Investment Bank, which is part of the First Rand Group. Here she was responsible for the implementation, management, monitoring and reporting of IT risk, BCM (Business Continuity Management and Disaster Recovery) and IT Service Enablement related matters across RMB, including its subsidiaries for the London, Nigeria and India Offices. She reported into the CRO, CTOO and CTOO: Functional Areas and played an integrated 1st and 2nd line of defence role.
Prior to her role at RMB, she was the Group Information Privacy & PAIA (Promotion of Access to Information Act) Officer for Nedbank Limited where she was responsible for the rollout of the Group Privacy Programme and was accountable for a budget of approximately R150M over a 3 year period.
Prior to her role at Nedbank, she was the GRC (Governance, Risk and Compliance) Lead for the Group Process & Technology Division within Liberty Group where she strategically led the IT Risk and Governance initiatives in alignment to the Cobit5 international framework.
She plays a leading role around ensuring privacy practicality through the BASA (Banking Association of South Africa) forums, to the extent that she was able to secure a 3 year extension which was incorporated into the Act for financial institutions, given their scale and complexity.
Prior to her role at Liberty, she was in the Management Consulting industry, where she was the Head of Information Privacy, Security & Cyber for Accenture SA and the Head of Cyber Security and Privacy for Deloitte SA. She was also the Deputy Chair of the NCAC (National Cyber security Advisory Council) which reported to the Minister of Telecommunications and Postal Services of South Africa.
Prior to re-joining the Management Consulting industry, she was the Chief Operating Officer for Barclays Africa’s Compliance function. Her scope covered the Africa Compliance environment spanning 14 countries across the African continent, where she defined the target operating models and the related structures.
Whilst at Absa, she was also the Head of Information Privacy for the Absa Group. She also played key roles in 3 strategic Group Risk initiatives across the Barclays Africa environment. The 3 programmes included:
- The Risk and Control Assessment Enhancement Programme, reporting to the Group CRO;
- The Business Optimisation Programme for Group Risk, reporting to the Group CRO; and
- The KRS (Key Risk Scenarios) Audit closure, which ran group wide, reporting to the Group Head of Operational Risk.
In order to further contribute towards her skills development, she graduated Cum Laude, with her MBA in October 2015.
- ITIL v3 Foundations
- ITIL v3 Certified Trainer
- CIPP (Certified Information Privacy Professional)
- Deloitte Global Privacy Methodology Training
Training Courses Attended:
- Understanding South African Financial Markets
- Introduction to Operational Risk
- Management Development Programme
- Performance Coaching
- Absa Leadership Development Initiative – 3 year leadership programme
- Strategic Women Leadership Programme
- Tech Central – Cyber Resiliency
- Brainstorm – cyber Resiliency and Privacy
- Witness Article – Identity Theft
- Servamus – Translating PPI into Business Practices
- Servamus – The Overlap between Security & Privacy
- Sunday Times – Identity Theft
- Classic FM Privacy Broadcast
- IT Web Security Summit (2007) PCI DSS @ Edcon
- Various presentations as external conferences across South Africa
- Trusting the information chain – 2010 IT Web Security Summit
- International Association of Privacy Professionals (IAPP)
- Information Security Group
- Security Interest Group
- IT Web
- Information Security Forum
- Bank Info Security
- BASA (Banking Association of South Africa)
Common Practices, Laws & Regulatory Knowledge:
- South African IT Legislation (i.e., Cybercrimes Bill, ECT, RICA, PROATIA, PoPI (Protection of Personal Information), NCA, CPA, FAIS, Code of Banking practice, etc.);
- GDPR (Global Data Protection Regulations)
- Cobit (Control Objectives for Information Technology) v5;
- ITIL (Information Technology Infrastructure Library) v3;
- ISO (International Standards Organisation) 27000 series;
- Generally Accepted Privacy Principles (GAPP);
- American Institute of Certified Public Accountants (AICPA) / Canadian Institute of Chartered Accountants (CICA) Framework; and
- Payment Card Industry Data Security Standard (PCI DSS).