M-Pesa Africa Specialist – Cyber Security GRC

M-Pesa, is a pioneering fintech business and global market leader in mobile money. From starting in 2007 as a convenient means by which the unbanked and underbanked can make digital payments, M-Pesa has now grown to offer >50 million active customers financial services, enterprise, merchant and retail solutions. We are proud of our work in enabling the digital economy in our markets, and in driving financial inclusion. We are a united, energetic, and passionate team. A place where leaders coach, teams connect, and everyone is empowered to go further, faster. A place where heroes become superheroes through growth, opportunity, and the chance to work with the best minds in FinTech. As the Specialist –Cyber Security, you will be responsible for ensuring that the right individuals have access to M-Pesa Africa technology systems as well as be responsible for developing and implementing identity and access management systems, reviewing user access rights, and maintaining access policies.

• Continually review and update security policies, standards, and guidelines in response to the everchanging cyber threats in coordination with Enterprise Risk Management team 

• Monitor and drive compliance to internal and global cyber security related policies and standards, Vodafone Cyber Health Adaptive Risk Method (CHARM) controls and applicable Market laws and regulations.

• Coordinate stakeholders to deliver on targets or agreed business outcomes. Coordinate periodic independent assurance of critical products and services.

• Coordinating implementation of recommendations from independent assessments.

• Conduct cyber risk assessments to determine cyber risk profile and define treatment plans.

• Recommend cyber security services improvement plans.

• Coordinate projects handover process within the cyber security functions. Continually review, implementation and improvements of the user access governance process.

• Coordinate periodic cyber security knowledge transfer, awareness sessions and phishing simulations to staff in line with strategy.

• Participate actively in cyber security events and trade shows, reporting and presentations.

• Communications, reporting and presentations skills.

• Implement actions to close MPA risks, audits, and reviews (internal and external).

• Degree in Electrical Engineering, Computer Science, Information Technology, or equivalent technology-related degree. 

• At least one professional Information Security Qualification: • CISM/CISA/CISSP/CEH.

 • At least 2+ years proven experience with Cyber Security related Standards (ISO 27001, PCI-DSS, etc.). 

• Proven experience with GDPR, Data Protection laws, guidelines on Cyber Security amongst others.

 • At least 2+ years of hands-on experience in managing Cyber Security technologies and operations. 

• Proven experience in supervising, leading, or coordinating teams and managing stakeholders.

• Knowledge of the Vodafone Cyber Health Adaptive Risk Method (CHARM)

We are the leading telecommunication company in East Africa. Our purpose is to transform lives by connecting people to people, people to opportunities and people to information. We keep over 42 million customers connected and play a critical role in the society, supporting over one million jobs both directly and indirectly while our total economic value was estimated at KES 362 Billion ($ 3.2 billion) for the 12 months through March 2021. We are listed on the Nairobi Securities Exchange (NSE) and with annual revenues of close to KES 298 Billion ($2.5 billion) as at March 2022. We were founded in 1997 as a fully owned subsidiary of Telkom Kenya before a 40 percent acquisition by Vodafone Group PLC in May 2000, and a public offering of 25 percent shares through the NSE in 2008. Under the management of Vodafone Group PLC, we welcomed Michael Joseph, as our first CEO, a few months later in July of 2000. He led the company’s growth to accommodate 16.71 million subscribers from the previous 20,000, largely owing to innovative products like M-PESA in 2007.