Senior Manager Governance, Risk and Compliance at Safaricom Kenya

JOB DESCRIPTION

We are pleased to announce the following vacancy for Senior Manager governance, risk and compliance in the Cyber Security Department within Corporate security Division. In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.

The Senior Manager Governance, Risk and Compliance will assist the company improve and demonstrated cyber security maturity. You will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage industry standards and regulations. You will assist with identifying opportunities to enhance security by design, developing a profound understanding of our business contexts to influence the company and security operations, and creating, updating, and integrating security policies and procedures. You will also lead the charge in ensuring the restricted environment team’s readiness for external audits, refining the cybersecurity program, and conducting systemic risk assessments.

As a Cybersecurity Risk and Compliance Senior Manager, you will take a lead role in creating a cyber aware community and developing a culture where colleagues understand the integral connection between our firm's values and information security, making your role instrumental in safeguarding our organization's assets and reputation. 

RESPONSIBILITIES

• Be part of the definition, development and implementation of Information Security, risk analysis, business continuity and data protection projects
• Assess the effectiveness of security controls for a system and its operating environment
• Attend meetings and workshops as required to provide security advice and guidance to stakeholders and customers
• Support both internal and external audits
• Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing
• information security and compliance metrics for management.
• Demonstrate compliance through regular user access reviews and attestation.
• Supports workforce security activities including culture, awareness, and training to help stakeholders understand the importance of cybersecurity and teach them how to identify potential threats and respond appropriately
• Spearhead delivery of Cyber Security Baseline across the organisation
• Promote widespread implementation of ISO 27001 standards
• Maintain and monitor a central repository for audit evidence
• Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
• Help company successfully achieve various required compliances
• Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
• Researches, recommends, and contributes to information security polices, standards, and procedures. 
• management of information security policies and supporting documents. Assist the department in responding to inquiries from the business units about ongoing operational compliance

QUALIFICATIONS

• Bachelor’s degree in Electrical Engineering/Computer Science/Information Technology
• Hands-on Ethical hacking Competencies. Possession of at least one ethical hacking certification will be an added advantage [CEH/CISSP/CISM/CISA/OSCP]
• 5+ years of direct experience in information security, with a main emphasis on risk, audit, and compliance
• 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses
• Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , NIST, CMMC, PCI, GDPR, etc.)