M-Pesa Africa – Head of Cyber Security - (21000037) at Safaricom Kenya

Description

We are pleased to announce the subject career opportunity within Technology (M-Pesa Africa) reporting to the Director-Technology (M-Pesa Africa).

Role Description

With 5 direct reports and 6 indirect reports, as the Head of Cyber Security, you will be responsible for:

• Overall planning, supervising, coordinating, advising, and managing all operations related to MPA risks, Audit & Reviews (Internal and External)
• Managing all the intergroup or inter-company functions related to Technology security
• Planning and execution of the company and Group strategy, budgets, and deliverables, specifically related to Cybersecurity
• Overall compliance & governance management of the MPA Technology environment, with a core focus on technology and the related processes and procedures
• Improvement of the Cybersecurity posture of the company through several initiatives, including but not limited to Cyber Security Baselines

Key Role Responsibilities

Impact on the business

• Coordinate delivery and assessment of cybersecurity baselines (CSBs) across all MPA relevant business areas and processes
• Design effectively and efficiently implement Cyber Security controls and requirements across MPA environments
• Own demand planning and forecasting for Technology security, for all systems, services, and processes within the portfolio, working together with vendors and internal customers
• Ensure all M-Pesa and third-party systems’ products, services and projects are compliant with the MPA minimum security requirements and Cyber Security Baselines (CSBs)
• Responsible for the set-up, execution, and maintenance of the security incident management and coordination process in conjunction with incident management capabilities
• Management of the vulnerability scanning, patching, and penetration tests and tracking resolution of vulnerabilities and patches in MPA systems, per the relevant MPA security policies
• Coordinate all internal and external audits around Technology systems and processes, ensure these systems are free from known Technology audit findings and ensure all audit findings in these systems are closed within agreed timelines
• Perform risk assessments across Technology areas, provide risk reports (including risk management committee reports and audit committee reports) to management as and when requested.

Customers, supplier, and third parties

• Ensure compliance with Legal, Regulatory and key stakeholders’ requirements across the Technology domains
• Responsible for monitoring of compliance of the Cybersecurity managed services contract, to ensure it is within agreed SLA
• Responsible for validation, timely completion, and accuracy of Technology audit checklists and user access rights reviews
• Coordination of analytical processes and incident response measures
• Ensure proper implementation, projects and change management processes compliance for all planned and emergency changes in Technology systems

Leadership, Planning and Human Resource Management

• Manage all the Cybersecurity budgets and planning, in alignment with the company and Group strategy
• Manage the Cybersecurity subordinate resources (FTEs and contractors) for their tasks/job descriptions effective implementations
• Skills development within the Cybersecurity department
• Performance Management of the Cybersecurity team
• Provide input to Security Policies and requirements on Technology security methods and technologies
• Implement and measure compliance with the MPA cyber code across all users
• Provide regular and accurate management reporting on Cybersecurity service performance
• Build and manage relationships with key stakeholders to disseminate information and drive mitigating actions

Innovation and change

• Manage the Security and Privacy by Design Assurance (SPDA) processes of the GDPR and business requirements
• Continually assess and review security policies and controls, to support business requirements and changing security landscapes
• Drive continuous improvement through simplification of key cybersecurity processes
• Set-up of analytics framework and tools

Communication

• Work closely with the projects management team to ensure secure development of software codes and products is adhered and maintained throughout the software development life cycle
• Drive internal and third-party service review meetings covering performance, service improvements, quality and processes
• Make recommendations for Cybersecurity Service Improvement Plans and ensure actions are followed through to completion in a timely manner
• Perform information security awareness and training to all MPA users and third-party vendors, and monitor the effectiveness of the awareness and training
• Driving incident planned and emergency communication processes to both internal and external audience

Qualifications

Apply if you have:

• Bachelor of Science Degree in Telecommunications, Information/Cyber Security, Information technology or Computer Science
• Security certifications (CEH, GCIA, CISM, CISA or equivalent)
• MSc or MBA and CISSP will be an added advantage
• Minimum of over 7 years’ experience in Technology and Network Systems security and atleast five years in the Cyber security field
• Demonstrated understanding and application of the Technology security internationally recognized frameworks, such as ISO27001
• Experience with budgeting for Cyber Security unit

We are happy if you have:

• Experience from the Banking Industry
• Good business acumen
• Project Management skills
• Leadership skills
• High-level negotiation skills

What you can expect from us:

• We believe in a fair and robust interview process
• We have a robust flexible total reward scheme
• Dedicated support and mentoring/coaching
• Opportunity to develop and progress – plus a solid dedication to work-life integration. It all means you’ll have everything you need to advance your career and achieve your full potential.