M-Pesa Africa: Manager – Cybersecurity Architecture & Assurance at Safaricom Kenya

DESCRIPTION

We are pleased to announce the subject career opportunity within Technology (M-Pesa Africa) reporting to the Senior Manager-Cybersecurity.

Role Description

As the Manager – Cybersecurity Architecture & Assurance, you will be responsible for:

• Overall planning, supervising, coordinating, advising, and managing Cyber Security, Architecture & Assurance stakeholders and team
• Managing the Security and Privacy by Design Assurance (SPDA) processes
• Ensuring all new and existing systems/products/services comply with Company's security policies & standards and other industry best practices
• Defining, analyzing, and implementing the cybersecurity strategy and roadmap based on the evolving threat landscape and ensure risks identified are mitigated
• Architect and design cybersecurity systems in line with best practices to ensure they meet user requirements including adequate security, capacity, and performance.
• Managing Cybersecurity Planning and execution of the company and Group strategy, Capex budgets, and Project deliverables, specifically related to Cybersecurity
• Delivering the Cybersecurity posture of the company through Project initiatives, including but not limited to Cyber Security Baselines.
• Through projects, facilitate implementation, management, and optimization of Cyber Security policies, standards, and procedures
• Ensuring adequate CAPEX budget, resource, and management focus is on cybersecurity risks
• Driving standards of excellence to achieve the Cyber Security strategy
• Implementing Cyber Security Projects and review Company Technology Projects to close MPA risks, Audit & Reviews (Internal and External)

Key Role Responsibilities

Impact on the business

• Coordinate Project delivery and assessment of the Long-term cybersecurity baselines (CSBs) across all MPA relevant business areas and processes
• The design effectively and efficiently implement Cyber Security controls Projects and requirements across MPA environments
• Own demand planning and forecasting for Cybersecurity, for all systems, services, and processes within the portfolio, working together with vendors and internal customers
• Ensure all M-Pesa and third-party systems’ products, services and projects are compliant with the MPA minimum security requirements and Cyber Security Baselines (CSBs) before Go-Live
• Management of the vulnerability scanning, patching, and penetration tests for technology projects before Go-live
• Coordinate all internal and external Pentest around Technology systems and processes and ensure all audit findings in these systems are closed within agreed timelines
• Support risk assessments across Technology areas and input into risk reports (including risk management committee reports and audit committee reports) to management as and when requested

Customers, supplier, and third parties

• Ensure Cyber compliance with Legal, Regulatory and key stakeholders’ requirements across the Technology domains for all technology projects
• Ensure Security is embedded in Technology Infrastructure (Mobile and Fix)including planning, designing, building, and reviewing cycle
• Create execution strategies that focus on embedding Tech Security controls into existing developer and tester practices and methodologies to enhance the effectiveness
• Responsible for validation, timely completion, and accuracy of Pre go-live Technology audit checklists and user access rights reviews
• Ensure proper implementation, projects and change management processes compliance for all planned and emergency changes in Technology systems projects

Leadership, Planning and Human Resource Management

• Manage all the Cybersecurity CAPEX budgets and planning, in alignment with the company and Group strategy
• Manage the Cybersecurity subordinate resources (FTEs and contractors) for their tasks/job descriptions effective implementations
• Skills development within Cybersecurity department
• Performance Management of the Cybersecurity team
• Provide input to Security Policies and requirements on Technology security methods and technologies
• Provide regular and accurate management reporting on Cybersecurity Projects and Strategy
• Build and manage relationships with key stakeholders to disseminate information and drive mitigating actions.

Innovation and change

• Drive continuous improvement through simplification and automation of key cybersecurity processes

Communication

• Work closely with the projects management team to ensure secure development of software codes and products is adhered to and maintained throughout the software development life cycle
• Make recommendations for Cybersecurity Service Improvement Plans and ensure actions are followed through to completion in a timely manner
• Provide SME input to Cyber Security Policy requirements and procedures

QUALIFICATIONS

Apply if you have:

• Bachelor’s Degree in Electrical Eng./Computer Science/ Information Technology (or equivalent) from a recognized university.
• Minimum of 3 years working experience in Information Systems Security testing – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, Pre-and-Post Implementation System Reviews, etc.
• At least one professional Information Security Qualification: CISM/CISA/CISSP/CEH/CRISC.
• At least 3+ years of hands-on experience in Cyber-Architecture designing, Cybersecurity Audits, Technology Audits, IT Risk assessments, etc
• Certifications in the use and administration of cybersecurity tools e.g. Firewalls/IDS/Content Filters/Antivirus
• Demonstrate competency in the use and administration of ethical hacking tools e.g. KALI Linux, Metasploit, Nexpose, Nessus, Nmap, BurpSuite, etc

We are happy if you have:

• At least ONE certification in Networks (CCNP or CCIE (Security)) or CLOUD or Microsoft, Linux or Unix Operating Systems administration.
• Working knowledge and experience in DevOps and Microservices technologies i.e. Docker, Kubernetes, Jenkins, Gitlab/Github, etc… will be an added advantage
• Excellent communication skills and team player
• Excellent project and time management skills (getting things done in a timely manner) 
• Excellent report writing and presentation skills
• Very analytical and logical thinker
• Self-driven with minimal supervision
• Customer-focused

What you can expect from us:

• We believe in a fair and robust interview process
• We have a robust flexible total reward scheme
• Dedicated support and mentoring/coaching
• Opportunity to develop and progress – plus a solid dedication to work-life integration. It all means you’ll have everything you need to advance your career and achieve your full potential.

Note to Applicants

• As part of our recruitment process, we will request the below documentation which will be required as soft copies at a later stage of the process.
• An updated CV with a confirmation of three referees- 2 must be professional and must have supervised you at some point, the other referee can be a colleague in the same professional field. If the referees are within the same organization that you are working with, you will need to confirm to us that it’s okay to contact them in writing (via email). This also includes all references within the Human Resources department.
• Scanned copy of certificate of good conduct from the CID (Less than 1 year old) - Applicable to Kenyans Only
• Scanned copy of certificate from Credit Reference Bureau (CRB) – Applicable to Kenyans Only
• Scanned copy of University Certificate
• Scanned copy of your National ID / Passport-Legal Form of Identification