M-Pesa Africa - Manager – Cyber Security Governance Risk & Compliance at Safaricom Kenya

About the Role

Reporting to Exec. Head of Cyber Security M-Pesa Africa (MPA), as the Manager, Cyber Security Governance Risk & Compliance, among your key responsibilities will be to; Coordinate MPA risks, Audit & Reviews (Internal and External) and closure of risks and Audit gaps, Manage all the inter group or inter-company reporting related to Cyber security , ensure overall compliance & governance management of the MPA Technology environment, with core focus on technology and the related processes and procedures, lead Improvement of the Cyber security posture of the company through several initiatives, including but not limited to Cyber Security Baselines , facilitate implementation, management and optimization of Cyber Security policies, standards and procedures , ensure adequate budget, resource and management focus is on cyber security risks and Audit issues, Coordinate implementation of actions to close MPA risks, Audit & Reviews (Internal and External),  and lead in Governance for hand-over of project systems from Architecture and Assurance team to Cyber Prevent and Defense team

RESPONSIBILITIES

• Coordinate delivery and assessment of cyber security baselines (CSBs) across all MPA relevant business areas and processes
• Design effectively and efficiently implement Cyber Security controls and requirements across MPA environments.
• Ensure all M-Pesa and third-party systems’ products, services and projects are compliant to the MPA minimum security requirements and Cyber Security Baselines (CSBs)
• Management of the Policies guiding vulnerability scanning, patching and penetration tests
• Coordinate all internal and external audits around Technology systems and processes, ensure these systems are free from known Technology audit findings and ensure all audit findings in these systems are closed within agreed timelines
• Perform risk assessments across Technology areas, provide risk reports (including risk management committee reports and audit committee reports) to management as and when requested
• Ensure compliance with Legal, Regulatory and key stakeholders’ requirements across the Technology domains
• Responsible for validation, timely completion and accuracy of user access rights reviews
• Ensure proper implementation, projects and change management Governance processes compliance for Technology systems
• Manage the Cyber security subordinate resources (Full Time Employees and contractors) for their tasks/job descriptions effective implementations
• Skills development & Performance Management within Cyber security department
• Develop, Implement and create awareness for Cyber Security Policies and requirements on Technology security methods and technologies
• Implement and measure compliance of the MPA cyber code across all users
• Provide regular and accurate management reporting on Cyber security service performance
• Build and manage relationships with key stakeholders to disseminate information and drive mitigating actions.
• Continually assess and review security policies and controls, to support business requirements and changing security landscapes
• Perform information security awareness and training to all MPA users and third-party vendors, and monitor effectiveness of the awareness and trainings

QUALIFICATIONS

• Bachelor’s Degree in Electrical Eng./Computer Science/ Information Technology (or equivalent) from a recognized university.
• At least one professional Information Security Qualification: CISM/CISA/CISSP/CEH/CRISC.
• At least 2+ years of hands on experience in leading the implementation of Group-wide Cyber Security Compliance requirements
• At least 4+ years proven experience with Cyber Security related Standards (ISO 27001, PCI-DSS, etc.).
• Proven experience with GDPR, Financial guidelines on Cyber Security amongst others.
• At least 2+ years of hands on experience in managing Cyber Security GRC operations.
• Proven experience in supervising, leading or coordinating teams and managing stakeholders.
• Proven experience with Cyber Security Technologies.
• Expert level analytical and problem-solving skills are required.
• Good report writing and communication skills.
• Analytical Thinking. Customer focused.