IT Governance Risk Compliance (GRC) Analyst (Nairobi). at MasterCard

THE WORK AT THE FOUNDATION  

We have entered a very exciting time at the Foundation as we scale up our operations across Africa to realize our Young Africa Works strategy. Our role at the Mastercard Foundation is to be a catalyst. Our Young Africa Works strategy focuses on working with others to spur systemic change so young people have the opportunity to find work that is dignified and fulfilling.  

The Foundation has opened offices in Rwanda, Kenya, Ghana, Senegal, Ethiopia, Nigeria and Uganda, building a broader leadership presence in Africa to develop specific strategies that support youth employment.  Within a country, we work with governments, the private sector, educators and other funders to improve the quality of education and vocational training, prepare young people for the work force, expand access to financial services for entrepreneurs and small businesses, and connect job seekers to dignified and fulfilling work. 

We are ambitious and driven. Our values transcend and rise above everything else as our guide. We encourage you to bring your bold ideas, curiosity, and expertise to your work. We laugh at ourselves and with each other. We are a team. Our journey together makes our impact even more meaningful. 

If you are an experienced IT GRC professional ready to build something new and increase your impact, read on! 

THE OPPORTUNITY  

Reporting to the Head of Cybersecurity, Africa, the IT Governance Risk Compliance (GRC) Analyst will be responsible for driving the Foundation’s IT GRC activities across our country offices within Africa which helps the Foundation achieve its objectives by evaluating the effectiveness of its IT governance, risk management, operational effectiveness, and internal controls and fostering an environment of continuous improvement. 

The role requires an individual that can support a dynamic and evolving environment helping implement IT security best practices that enable business and program leaders. 

This role supports the Foundation’s growth and strategy by helping to build a sophisticated, world class, global cybersecurity function, while addressing the increasing complexity of the organization’s regional cybersecurity needs.  

WAYS YOU CAN CONTRIBUTE  

Technology & Information Risk Management 

• Develop IT risk management processes, procedures and contribute to the development of Foundation-wide IT policies and standards. 
• Manage IT risks through their lifecycle (evaluate, identify, triage, rate, engage stakeholders, remediation, and reporting). 
• Perform IT related risk assessments on IT controls, information assets and third parties. 
• Maintain an IT risk register and develop risk profiles for each business unit and operating country. 
• Maintain a schedule of Business Continuity Plans and IT Disaster Recovery (DR) tests performed by the infrastructure teams. 
• Track, report and drive IT incidents, risk mitigation activities and audit related remedial actions. 
• Research and incorporate best practices including leveraging technology, third party relationships and data analytics to identify trends and potential risk areas. 
• Participate in meetings and perform an IT risk advisory role to the Foundation, projects, and vendors & third-party suppliers. 
• Engage with Internal and external stakeholders as required, including but not limited to, Audit & ERM. 

Education & Awareness 

• Drive Cybersecurity awareness in line with the cybersecurity strategy. 
• Promote IT risk through education and awareness including phishing simulations, new employee onboarding, and annual security awareness training for all Foundation staff. 

IT policies and controls framework 

• Develop and maintain IT controls framework. 
• Implement IT controls framework and educate infrastructure and Enterprise Applications teams on the controls requirements. 
• Review and maintain IT policy framework and policies annually.  

Decision–making and accountabilities 

• Provide audit reports to management that articulate the potential impact of issues identified and provide practical recommendations. Collaborate with management on implementation and track progress.  
• Report on the status of IT audit activities, emerging risks and potential exposures, and provide guidance with respect to IT risk management and IT control best practices. 
• Ensure IT controls are documented and establish an internal monitoring function to ensure compliance. 
• Other duties and responsibilities as required. 

 WHO YOU ARE 

• Bachelor’s degree in Information Technology, Information Security, Chartered Accounting, or related fields. 
• Minimum 3 – 5 years’ experience in accounting, audit, or risk roles within large and/or global organizations. 
• You have experience building capabilities of an IT risk management function in high growth organizations including multi-jurisdictional and multi-regulated environments.  
• You have a deep technical understanding of different technology stacks and IT service model types including Cloud, On-premises infrastructure, PaaS, SaaS, Network Security, etc. 
• Experience working with best practice control frameworks (e.g., NIST, COBIT, ISO27K, etc.). 
• You are able to ‘connect the dots’ and successfully identify anomalies in data and systems. 
• Intellectually curious and receptive to new ideas and open to change, when presented with best options. 
• You are innovative, entrepreneurial, and able to formulate and develop new or creative approaches to solve problems and inspires others on the team to do so. 
• You are results driven and motivated by a high sense of performance excellence and a sense of urgency; possesses a proactive and ‘self-starter’ mentality. 
• Demonstrates high comfort level with supporting the business through transformational change and championing for continuous improvement. 
• Possesses a high degree of integrity and forethought in their approach to making decisions and driving results while always considering what is best for the organization.  
• A natural collaborative and encourages others to share the spotlight and visibly celebrates and supports the success of the team. 
• Creates a sense of purpose for the team, which generates followership beyond his/her own personality and engages others to the greater purpose for the organization. 
• An excellent collaborator who interacts with all levels organization-wide, and with external vendors. 
• An understanding of organizational mission, values, and goals and consistent application of this knowledge. 
• Fluency in English is required. Ability to speak local language(s) and/or French are an asset. 
• Flexible, adaptable, and able to execute a range of job duties and changing priorities. 
• Excellent verbal, written, and presentation skills with the ability to articulate information to a variety of constituents across cultures. 
• Professional maturity, sensitivity with different cultures, and impeccable integrity that exemplify the Foundation’s values. 
• You have a commitment to Mastercard Foundation’s values and vision.