About Stephen Alaekwe & Co
SAC supports organisations at the intersection of regulatory compliance, digital trust, assurance, cybersecurity resilience, and financial advisory — delivering outcomes that hold under scrutiny, not just under internal review.
SAC enables institutions to convert regulatory obligations into governance capability, operational confidence, and stakeholder trust.
Most organisations face a governance paradox: the obligations placed on them by the NDPA, the CBN, their auditors, and their boards require coordinated action across privacy, cybersecurity, financial governance, and institutional assurance — but the advisory market is structured around separate specialisms that rarely communicate.
Stephen Alaekwe & Co was established to address this precisely. SAC operates as a single, integrated advisory model — holding licences and accreditations across five disciplines simultaneously, so that the relationships between data protection obligations and cyber risk, between financial governance and independent assurance, and between regulatory compliance and board accountability are addressed in one coordinated engagement rather than across three separate advisory relationships.
The result is advisory that is structurally different, not just rhetorically integrated. Our NDPA work accounts for financial implications. Our cybersecurity assurance feeds directly into board governance. Our financial advisory is calibrated to regulatory scrutiny. Our training builds capability that reduces long-term advisory dependency.
SAC is not a firm that does compliance. SAC is a firm that builds the institutional infrastructure — governance frameworks, documentation standards, evidence disciplines, and board reporting structures — through which compliant operation becomes a sustainable organisational capability.
Organisations should understand exactly what their regulatory obligations require — not a general sense of compliance direction, but the specific provisions of the NDPA, GAID, CBN guidelines, and sector frameworks that apply to their processing activities and governance structures.
Compliance must be demonstrable — not merely asserted. Every SAC deliverable is structured to the documentation standard that NDPC inspectors, external auditors, and board scrutiny committees apply: timestamped, attributed, formatted, and retrievable.
The obligations placed on Nigerian institutions by the NDPA, CBN, and corporate governance frameworks are board-level obligations — not operational management tasks. SAC's work produces board-reportable outputs: dashboards, KPIs, governance frameworks, and audit committee briefings.
Compliance that is technically correct but commercially disconnected fails organisations at the decision-making layer. SAC's advisory is designed for how institutions actually operate — calibrated to sector context, leadership capacity, and the commercial consequences of regulatory exposure.
Documentation is not compliance. Evidence is.
Most organisations produce documentation that satisfies internal review. SAC produces evidence that satisfies external scrutiny. The distinction is not semantic — it is the difference between a compliance posture that holds under NDPC inspection and one that does not.
SAC designs compliance frameworks as evidence systems — structured so that every processing record, DPIA, breach log, and governance report can be retrieved, attributed, and presented under inspection without preparation time.
Compliance that depends entirely on external advisers is fragile. SAC builds the internal governance structures — board reporting frameworks, DPO operational workflows, compliance calendars, and assurance cycles — that make compliance self-sustaining between advisory engagements.
SAC's deliverables are designed to be operated by the client's own team after the engagement closes — templates, registers, workflows, and dashboards that build institutional muscle rather than creating perpetual advisory dependency.
The NDPC's inspection framework does not distinguish between organisations that were compliant last year and those that are compliant today. SAC builds continuous compliance infrastructure — not a posture that degrades between annual audit cycles.
SAC's credentials are not marketing claims. Each is a current licence, accreditation, or professional certification issued by a named regulatory authority — with a reference number, an issuing body, and ongoing obligations that SAC meets and upholds. Every credential on this list is verifiable with its issuing body.
Licensed by the Nigeria Data Protection Commission under Section 33 of the NDPA 2023. Authorises SAC to deliver data protection advisory, audit, and compliance services — and to file Compliance Audit Returns with the NDPC on behalf of data controllers and processors.
Accredited by the Institute of Information Management (IIM) Africa and recognised by the NDPC as an Authorised Training Organisation for the IIM Certified Data Protection Officer (CDPO) programme. Graduates receive an IIM qualification — verifiable with IIM Africa and recognised by the NDPC for DPO registration.
Certified by ISACA as a Digital Trust Ecosystem Framework Adoption Facilitator and Trainer. Authorises delivery of DTEF assessments across all seven trust domains — Trustworthy Behaviour and Capability, Governance, Operations, Technology and Architecture, Ecosystem, Assurance and Transparency, and Ethics. Nigeria's only currently certified DTEF Facilitator in professional advisory services.
Financial advisory practice led by Fellows of the Institute of Chartered Accountants of Nigeria, registered with the Financial Reporting Council of Nigeria. FRCN registration is a legal requirement for signing financial reports in Nigeria. FCA designation requires examination, experience, and continuing professional development.
Principal-level CISA certification — the global standard for information systems audit and assurance professionals. Authorises IS audit, assurance, and control engagements at the governance layer. Verifiable with ISACA International.
Privacy solutions engineering certification — applied to technical NDPA compliance architecture, data protection by design implementations, and privacy-preserving systems. Verifiable with ISACA International.
IIM/NDPC-Certified Data Protection Officers on the SAC team — including the Lead DPO and Government Affairs Lead. The CDPO certification is recognized by the NDPC for DPO registration and is the baseline qualification for organizations subject to mandatory DPO designation under the NDPA 2023.
Information security management certification held by the Privacy Complaints & Assurance Lead. CISM addresses information security governance, risk management, incident management, and program development at the enterprise level — applicable to SAC's assurance and advisory engagements.
Risk and information systems control certification held by the Privacy Complaints & Assurance Lead and Lead Consultant Training Development. CRISC addresses IT risk identification, assessment, evaluation, and response — directly applicable to NDPA compliance risk management frameworks.
SAC doesn't staff engagements with generalists. Every professional holds at least one internationally recognized certification. The people here are the same ones who deliver your engagement — no bait and switch, no delegation to associates you've never met.
Founded Stephen Alaekwe & Co to close the structural gap in Nigeria's professional services market — the absence of a firm that holds both the regulatory licences and the multi-disciplinary depth to address the full scope of institutional accountability obligations.
Stephen is a Fellow Chartered Accountant (FCA), Certified Information Systems Auditor (CISA), Certified Data Privacy Solutions Engineer (CDPSE), and ISACA DTEF Certified professional. He holds an M.Sc. in Business Administration and is registered with the Financial Reporting Council of Nigeria (FRCN).
He is a multidisciplinary professional with a rare, complementary blend of expertise spanning accounting and financial advisory, commercial and development banking, information systems audit, data protection, and digital trust governance. Under his leadership, SAC operates a coordinated think-tank model — delivering board-level advisory and execution across digital trust, NDPA compliance, IS assurance, corporate finance, business modelling, and executive education.
With over 18 years of post-qualification experience — including Business Head, Branch Manager, and Lead Consultant roles — he brings financial discipline and execution realism to every engagement. He currently serves as Membership Director of ISACA Abuja Chapter. His leadership philosophy is anchored on professional ethics, integration, competence, and sustainable value creation.
“Trust is not assumed at Stephen Alaekwe & Co. It's demonstrably earned — through credentials that are verified, delivery that is senior-led, and outcomes that hold under the scrutiny of regulators, boards, auditors, and the organizations we serve.”
Uchenna is a seasoned compliance, privacy, and information systems assurance professional with over a decade of experience spanning operations management, financial risk analysis, regulatory compliance, and IT audit. As Lead Data Protection Officer at Stephen Alaekwe & Co, he plays a central role in strengthening client privacy governance, implementing robust data protection and security controls, and embedding a culture of compliance across engagements.
He is actively involved in NDPA compliance audits, privacy risk mitigation, training delivery, and cross-functional policy development. Previously, he held key roles at Union Bank, Ecobank, and Keystone Bank — contributing significantly to compliance monitoring, fraud prevention, and operational efficiency. A graduate of the University of Lagos, he combines analytical precision with strong execution capability, making him a core pillar of SAC's digital trust, privacy, and assurance delivery.
Chiderah is a highly respected data protection, cybersecurity, and technology policy professional with over a decade of experience across regulatory compliance, public-sector governance, and international data protection frameworks. She is an ISC²-certified cybersecurity professional, an IIM/NDPC-Certified Data Protection Officer, and a PECB-Certified DPO — with deep expertise in privacy governance, regulatory advisory, and stakeholder engagement across public, private, and international institutions.
At SAC, she serves as Trainer and Lead for Government Affairs and Technology Policy, supporting organizations in aligning with the NDPA, GAID, and ISO 27701. Previously, she served as Head of Innovation at the NDPC — contributing to drafting the NDPA, GAID, and the IIM National Certification Curriculum — and as Chief Legal Officer of a biometric identity company, leading ISO 27701 implementation for NIMC, NPC, and UNICEF.
Nwanne is a senior data protection, information systems audit, and cybersecurity professional with over 15 years of cross-sector experience spanning oil and gas, banking, diplomacy, and global technology environments. At SAC, he leads complex NDPA compliance engagements, privacy audits, DPIAs, policy development, and regulatory response initiatives across public and private sector clients.
He provides senior oversight on privacy risk management, incident handling, and assurance engagements — ensuring alignment with Nigerian and global privacy frameworks. His presence strengthens SAC's senior assurance capability, regulatory depth, and credibility in complex, high-stakes engagements.
Udonwa leads the Financial Advisory practice of Stephen Alaekwe & Co, bringing deep expertise in accounting, financial management, investment advisory, risk mitigation, and corporate finance. A Fellow of the Institute of Chartered Accountants of Nigeria (FCA) and a registered professional of the Financial Reporting Council of Nigeria (FRCN), she is recognized for her technical competence, diligence, and sound advisory judgment.
Her experience spans senior finance leadership roles and audit management within chartered accounting practice. She provides strategic leadership in investment planning, financing strategies, portfolio management, financial restructuring, and decision support for clients across sectors.
Kenneth is a DevSecOps Engineer and Cloud Solutions Architect with over five years of specialized experience designing, deploying, and securing enterprise-grade, cloud-native and containerized infrastructures. He holds an M.Sc. in Cyber Security Sciences from the Federal University of Technology (FUT), Minna, and a B.Sc. in Physics from FUT Owerri.
He currently leads the DevSecOps Deployment Programme at the Nigerian Revenue Service (NRS – Headquarters) — architecting mission-critical infrastructure supporting over 20 microservices across dual Kubernetes environments (GKE and RKE2). He also serves as Lead DevOps Engineer & CTO Project Lead at Easyspend.cc and Technical Consultant at Aitech.
Jonathan leads the Training Development function and is a highly experienced technology, risk, and control professional with over 18 years of cross-sector experience. He has delivered large-scale training and capacity-building programs for accountants, auditors, risk professionals, and public-sector institutions.
A long-standing CISA and CRISC trainer, he is an active member of ISACA Abuja Chapter and a recipient of the Outstanding Facilitator Award — bringing structured instructional design and deep subject-matter expertise to every training engagement SAC delivers.
Ndirpaya leads Strategy and Service Quality at SAC, bringing over 18 years of experience across commercial banking and development finance institutions. A seasoned business analyst and strategy professional, he has held senior roles including Head of Business Development, Cluster Head, Branch Manager, and Relationship Manager.
He plays a pivotal role in engagement structuring, service quality assurance, and strategic alignment — ensuring consistency, rigor, and value realization across every SAC engagement.
Progress Promise is the Certified Data Protection Officer (CDPO) and Senior IT & Information Security Consultant at SAC, providing professional IT and data protection consulting, infrastructure deployment, and service delivery support across firm engagements. He brings over 12 years of experience across banking, government, and project environments — with strong expertise in information security, IT service management, project management, and business analysis, having previously served in IT and operations roles across multiple commercial banks and development finance initiatives.
Jatto is the pragmatic Data Protection Officer & Business Development Manager at SAC, supporting data protection compliance, privacy audits, and awareness initiatives. With a B.Sc. in Computer Science and a deep-dive background in auditing, business development, and engagement management, he contributes to NDPA compliance reviews, information security practices, regulatory support engagements, and business development efforts. He is actively involved in privacy awareness programs and professional events in collaboration with ISACA Abuja.
Ebubechukwu is a seasoned Business Development and Digital Strategy professional with over eight years of experience supporting organizational growth, brand visibility, and client engagement. She holds a B.Sc. in Mass Communication and brings strong expertise in market development, strategic communication, and partnership management. A Certified AI Video Creator and Digital Promotion Specialist, she leverages modern digital and AI-driven tools to enhance corporate visibility and strategic messaging — delivering measurable value for Stephen Alaekwe & Co.
Nelson supports information systems coordination and business development operations at SAC. He serves as custodian of engagement templates, delivery models, and virtual facilitation infrastructure. With over 10 years of experience in administration, IT support, training facilitation, and business development operations, he plays a critical role in ensuring operational efficiency, documentation quality, and seamless virtual and hybrid service delivery.
Every SAC engagement follows the same disciplined sequence — from diagnostic to defensible. The output of each stage is the input to the next. No stage is skipped; no deliverable is issued without senior review.
A structured 20-minute conversation with a named SAC principal — identifying the specific regulatory exposure, governance gap, and institutional context before any engagement is scoped.
A scoped proposal delivered within three business days — naming the deliverables, timeline, credential authority for each element, and the evidence standard each output will meet.
Senior-led programme delivery — the same named practitioner who scoped the engagement leads the implementation. No hand-off to junior teams after the first meeting.
Deliverables structured to NDPC inspection, board reporting, and external audit standards — formatted, timestamped, attributed, and retrievable without preparation time.
Senior quality assurance review before every deliverable is issued. Board-level executive summary and technical detail pack produced as standard. Independent assurance available where required.
SAC engagements begin with a 20-minute diagnostic call — with a named senior principal, no screening, no sales process. The diagnostic is the first stage of the methodology, not a pre-sales activity. It is substantive, specific, and produces a clear view of what the engagement requires.
If you have read this far, you are conducting due diligence on SAC as a potential adviser. The next step is a 20-minute conversation with a named senior principal — substantive, specific, and at no obligation.