Job Vacancies at Safaricom Kenya

Job Description

Reporting to the Chapter lead, Fraud Investigations, the individual is responsible for carrying out Fraud Investigations, data analysis, Systems Forensic acquisitions & analysis and manage customer fraud related escalations. 

Responsibilities

Risk Analysis, and Audit  

• Proactively conduct Fraud Reviews in critical or high fraud risk areas across the business. 
• Able to develop workflows for new and existing data. 
• Can develop standard monitoring reports to monitor KPI performance. 
• Can engage internal and external partners to review and present insights. 

Forensic reviews and Investigations 

• Able to conduct forensic acquisition, storage and analysis of electronic evidence from electronic devices. 
• Analyze jailbroken/rooted devices for exploits and offer solutions on security of the devices.  
• Detect and investigate SIM box fraud, call termination fraud interconnect bypass  and other GSM Telecommunications fraud. 
• Assist in reverse-engineering fraudulent telecom apps or scripts used in revenue leakage and fraud exploitation. 
• Able to conduct and manage fraud investigations of cases assigned. 
• Able to identify links between objects, events, people and location using link analysis methods to develop evidence flow. 
• Able to prepare planned and Adhoc reports on insights arising out of investigations done. 
• Able to represent Safaricom before court on fraud related matters. 
• Can propose recommendations to improve control weaknesses identified during investigations. 
• Understands and utilizes Chain of custody principles while handling evidence. 
• Able to conduct forensic acquisition and storage of electronic evidence from electronic devices. 
• Able to coduct analysis and reporting of electronic evidence. 
• Can report to law enforcement agencies, cases of staff engaged in Fraud against customers and/or Safaricom. 
• Able to engage and guide law enforcement agencies with relevant legally acceptable information to apprehend and prosecute suspects. 
• Able to create and maintain a robust and risk-based intelligence-gathering network in all areas of business. 

Data analytics and Mining 

• Able to query/mine data from different sources  using  different scripting tools e.g. SQL, Python etc. 
• Able to develop workflows for new and existing data. 
• Uses a variety of analytical tools to give insights and derive trends for given fraud scenarios. 
• Ability to carry out second level analysis on emerging fraud trends. 
• Highly proficient in data analysis using multiple toolsets. 
• Can develop audience specific insights using presentation tools. 
• Can develop standard monitoring reports to monitor KPI performance. 
• Can engage internal and external partners to review and present insights. 

Automation, reporting and tooling 

• Understanding of fraud risk landscape for GSM/MPESA frauds. 
• Specialized fraud risk knowledge in one specific business area. 
• Ability to engage different stakeholders required in automation journey. 
• Can identify opportunities in collaboration with Stakeholders to minimize manual handshakes of data and reports. 
• Ability to design practical automated solutions. 

Must have technical / professional qualifications

• Minimum education qualifications required - Bachelor's degree in a Business or Computing related discipline. 
• Good working knowledge of Agile methodology ways of working. 
• Certification in a fraud related discipline, such as Certified Fraud Examiner (CFE). 
• Certification in Digital forensics and/or incident response will be an added advantage. 
• Proven hands-on fraud investigations experience in a GSM Company, Fintech and/or Systems Forensic systems audit firm environment for a minimum period of three (3) years. 
• Knowledgeable in identifying indicators of fraud through data-mining and analysis exercises. 
• Good knowledge of GSM network business models and processes. 
• A conceptual thinker able to work independently. 
• Good communication skills - written and verbal - to succinctly present findings and communicate with a variety business partners.

go to method of application »

About the Role

The Senior Officer, Data Protection will take ownership of driving M-PESA Africa’s data protection and privacy initiatives. This role is responsible for leading the execution of the Compliance Programmes with a specific focus on embedding privacy by design within the Safe Agile product implementation. The Senior Officer will coordinate compliance monitoring activities, ensuring robust data protection practices are in place and aligned with regulatory requirements. With a high level of accountability, and working closely with the Manager, Risk & Compliance, you will proactively identify and mitigate privacy risks using a risk-based approach, ensuring the organization maintains the highest standards of data protection and privacy throughout its operations.

Responsibilities

• Review and offer advice on data governance, processing activities and/or data breaches for M-pesa Africa;
• Monitor compliance with applicable national and international laws and regulations pertaining to data protection and privacy across the markets we operate in;
• Provide advice on the implementation of appropriate policies and guidelines to establish and maintain data protection compliance;
• Contribute towards establishing a strong culture of data protection across stakeholders through carrying out appropriate training and awareness;
• Identify, evaluate and maintain records of M-PESA Africa’s data processing activities;
• Provide advice and conduct Data Protection Impact Assessments (DPIAs), and Risk and Compliance reviews as required;
• Monitor data management procedures and ensure privacy compliance within M-PESA Africa;
• Share advice and guidelines for implementing privacy by design and privacy by default in all products and systems;
• Ensure that compliance and privacy by design is embedded within the SAFE Agile product implementation framework;
• Implementation of the data protection and Compliance Policies and Procedures across the organization;
• Coordinate data protection and compliance awareness trainings across the organization, and participate in those organized by the group privacy team;
• Carry out monitoring and assurance activities on data protection and compliance programs on a regular basis;
• Report on the state of M-PESA Africa privacy program & compliance with the control management and other policies and regulations governing the organization on a quarterly basis;
• Support to Co-ordinate the data protection and Compliance Champions to ensure a controls and compliance culture is inculcated throughout the organization;
• Driving behavioral change by inculcating a culture of compliance within the organization through engaging and influencing stakeholders.

Qualifications

• A Bachelor’s degree or its equivalent in Law, Business, Engineering, IT, or a related field is required.
• Professional certification in privacy, risk management, or information systems is highly preferred (e.g., CIPP/E, CIPM, CRISC, or ISO 27701).
• A minimum of 4 years of experience in data protection, privacy, risk management, or a related field, with a strong understanding of the relevant regulatory landscape.
• Proven expertise in auditing, compliance, or data protection, with a demonstrated ability to manage complex data privacy projects and initiatives.
• Strong working knowledge and experience with data protection regulations across various markets, including but not limited to GDPR, POPIA, and other regional data protection laws.
• Experience in providing expert advice on data protection matters and conducting Data Protection Impact Assessments (DPIAs) to ensure privacy risks are mitigated effectively.
• Ability to conduct comprehensive Risk and Compliance reviews as needed, identifying potential areas for improvement and ensuring regulatory compliance.
• A results-oriented approach, with the ability to work independently and take ownership of key tasks and projects.
• In-depth understanding of fintech and the specific data privacy challenges faced within the sector.
• Excellent oral and written communication skills, with the ability to effectively articulate complex privacy and data protection concepts.
• A collaborative team player who thrives in a dynamic environment and works effectively with others to resolve issues and ensure compliance.

go to method of application »

Job Description

Reporting to the Cluster Lead/Chief Corporate Security Officer the position holder's overall purpose will be to:

• Lead the organization’s anti money laundering (AML), counter terrorist financing (CTF)and counter proliferation financing (CPF) operations. 
• Ensure that M-PESA and any other qualifying service offered by the organization is/are compliant with provisions of POC & AML Act 2009 and related legislation.
• Ensure that the subscriber network is compliant with applicable legislation governing subscriber registration. 
• Ensure that agent, staff and supplier due diligence is in compliance with the AML/CPF/CTF Regulations 
• Ensure controls are in place to prevent the M-PESA service and related products from being used by criminals to launder money, fund terrorism, or commit other crime.

Responsibilities

Overall Responsibilities and Accountabilities 

• Ensure the business has the appropriate level of controls to meet local and group policies as well as local and international regulatory AML/CPF/CTF requirements.
• Maintain a detailed knowledge of current AML/CFT/CPF regulations, legislation requirements, as well as future developments within the AML, CFT& CPF space and update Safaricom’s internal AML/CFT/CPF policies and procedures as appropriate.
• Assess the effectiveness of AML and CTF controls within the business – (Mpesa, Sub registration, Agent Staff and Supplier Due Diligence)
• Assess the effectiveness of the AML team’s Sanction and Politically Exposed Person (PEP) screening program.
• Assess the effectiveness of the AML team’s transaction monitoring program.
• Assess the effectiveness of the AML team’s Suspicious Activity Reporting (SAR) management program and ensure compliance with regulatory reporting requirements.
• Develop and maintain an effective sanctions/watch list screening process based on international and local watch-lists.
• Develop and maintain an effective AML and KYC training program across the operation function.
• Develop and maintain a team of analysts and AML professionals ensuring adequate cover, and succession planning.
• Own the SAR reporting, Sanction/PEP Screening, transaction monitoring and training requirements.
• Produce annual reports and biannual updates to senior management detailing the activities and effectiveness of the AML team, company controls and significant breaches of AML defences and make recommendations for remedial action. 
• Develop and manage regular reporting of AML issues to the Financial Reporting Centre and the Regulator as stipulated in POC and AML act or as per regulatory requirements.
• Develop and maintain a Proactive AML risk assessment policy with clear advice to business on KYC requirements, AML risks and mitigating controls.
• Follow-up of implementation of recommendations made by the annual Vodafone AML audit team or any other regulatory audit.
• Strengthen the AML Function by maintaining and developing a strong working relationship with appropriate bodies including LEAs, Regulators, other MLROs, business and financial industry partners and AML professionals etc. are addressed.

Qualifications 

• Bachelor’s degree in law / Business or Technical field 
• AML Qualification-Diploma level/CAMS/CFE Professional certifications
• An experienced AML professional with 7 or more years’ experience at Least 3 of which should be in AML and/or financial crime compliance in a financial institution or similar organizations.
• Highly developed knowledge of techniques to identify indicators of money laundering, terrorist financing and financial crime prevention and investigation techniques, legislation, and regulations.
• Thorough in work with a high level of attention to detail with a keen mind and positive outlook. 
• Demonstrable data analytics skills 
• Knowledge of Mobile Money and financial services is essential.
• High degree of personal integrity
• QA/Audit experience – Desirable
• Experience of policy and procedures development and implementation
• Ability to influence senior management, and act autonomously where required