Principal Officer – Information Risk at Safaricom Kenya

Brief Description:

We are seeking a highly skilled Principal Officer - Information Risk - to join our team. Reporting to the Head of Enterprise Risk Department, the successful candidate will be responsible for implementing a comprehensive program to assess and mitigate current and emerging risks that impact the integrity, availability, accountability, and confidentiality of information assets and the information environment in accordance with compliance and regulatory requirements. This position will be within the Enterprise Risk Management C.O.E while supporting Cyber Security C.O.E and various squads in providing 2nd line information risk assurance.

Key Responsibilities

• Develop and implement an information risk management framework and policies to ensure compliance with relevant laws and regulations, industry standards, and best practices.
• Review and ensure adequate policies are implemented to manage information risk across the company.
• Conduct regular risk assessments to identify and evaluate the company's information and cyber risks and develop mitigation strategies.
• Offer specialist guidance & advisory to the agile teams and other business units for timely assurance of new and existing products and other key projects.
• Offer guidance on the planning, implementation, monitoring, and review of ISMS Program.
• Conduct policy exception reviews.
• Develop and embed appropriate information risk awareness initiatives across the business.
• Extend the security awareness culture to the customers and other critical stakeholders.
• Coordinate and collaborate with other departments and stakeholders, such as IT, legal, compliance, and external auditors, to ensure the company's information and cyber risks are properly managed.

QUALIFICATIONS

• Degree in IT, Business Information Systems (or related technical field) from a recognized university
• Experience working with agile methodologies, such as scrum and Kanban
• Holder of at least one of the following certifications: CISA, CRISC, CISM or CISSP
• At least 5 years proven working experience in operational management of Information Systems / Cyber/Information Security / Information Systems Audit role, or proven experience in business process assurance and/or risk analysis preferably in a telecommunications or banking environment.
• Demonstrated experience in developing and implementing an information risk management framework and policies.
• Excellent knowledge of relevant laws and regulations, industry standards, and best practices related to information and cyber risk management.
• Strong analytical and problem-solving skills, with the ability to evaluate complex information and identify solutions.
• Excellent communication and interpersonal skills, with the ability to build relationships with stakeholders at all levels of the organization.
• Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
• Strong attention to detail and accuracy.