Cyber Security GRC Specialist

.

M-Pesa is a pioneering fintech business and global market leader in mobile money. Starting from 2007 as a convenient means by which the unbanked and underbanked could make digital payments, M-Pesa has now grown to offer over 60 million active customers Financial Services, Enterprise, Merchant and Retail solutions. We are proud of our work in enabling the digital economy in our markets, and in driving financial inclusion.

M-Pesa Africa is the largest FinTech providing services to more than 60 million customers and 5 million businesses solutions across Financial Services, Enterprise, Merchant and Retail. We are now well on our way to becoming the preferred digital payment method across the markets that we serve, for both in-store, remote and online payments. With headquarters in both Nairobi and Johannesburg, we serve markets that include Kenya, Tanzania, DRC, Lesotho, Ghana, Egypt, Ethiopia, and Mozambique.

We are a united, energetic and passionate team. A place where leaders coach, teams connect, and everyone is empowered to go further, faster. A place where heroes become superheroes; through growth, opportunity, and the chance to work with the best minds in FinTech.

Role Purpose:

Reporting to Manager – Cybersecurity - GRC, as the Cyber Security GRC Specialist, the successful candidate will be responsible for ensuring that the organization’s Cyber Security risks are under explicit management control and as well coordinate strategic integration of Cyber Security programs within M-Pesa Africa. They will be part of the team that drives compliance to internal and global cyber security related policies and standards, Vodafone Cyber Health & Adaptive Risk Method (CHARM)controls and applicable Kenyan laws and regulations.
 

Your responsibilities will include:

• Continually reviewing and updating security policies, standards, and guidelines in response to the ever-changing cyber threats in coordination with the Risk Management team.
• Monitoring and driving compliance to internal and global cyber security related policies and standards, Vodafone Cyber Health & Adaptive Risk Method controls and applicable Kenyan laws and regulations.
• Coordinating stakeholders to deliver on targets or agreed business outcomes.
• Coordinating periodic independent assurance of critical products and services.
• Coordinating implementation of recommendations from independent assessments.
• Conducting Cyber Risk Assessments to determine cyber risk profile and define treatment plans.
• Recommending Cyber Security services improvement plans.
• Coordinating projects handover process within the cyber security functions.
• Continually reviewing, implementing and proposing improvements of the user access governance process.
• Coordinating periodic cyber security knowledge transfer, awareness sessions and phishing simulations to staff in line with strategy.
• Participating actively in cyber security events and trade shows, reporting and presentations.

.

Experience with the Vodafone Cyber Health & Adaptive Risk Method (CHARM) Program is mandatory.

Below are the details for the CHARM Activities:

• Drive maturity and compliance of the Vodafone Cyber Health & Adaptive Risk Method (CHARM) Program to 100% effective and beyond.
• Evaluate and carry out CHARM gap assessments across all relevant MPESA Africa business processes
• Defining and Monitoring CHARM risks & gaps treatment plans 
• Utilising data driven results e.g using KRIs to assess the controls are operating as intended
• Ensure new products and implementations are CHARM Compliant before Go Live
• Conducting deep dive control reviews and providing follow up remediation support
• Continually review and keep track changes in CHARM requirements 
• Facilitate a close working relationship with Vodafone CHARM QA team  
• Facilitate workshops and meetings with MPA process owners for CHARM controls awareness, implementations and evidence collection
• Lead in planning and prioritization of CHARM Evidence collection and submission to the CHARM QA team
• Preparation and documentation of quality CHARM evidence work papers
• Supporting any CHARM external assessments within MPA

.

Impact on the business

• An inception report with a project management plan at the commencement of the consultancy with the following components
  • Procedures and processes for executing the tasks
  • Understanding of the objectives, scope and deliverables
  • Methodologies, CHARM gaps & risks management plan, compliance plan, communication and planning plan

• CHARM compliance gap analysis. Deliverables are 
  • A report with gaps arising out of CHARM non-compliance
  • Documented and signed off CHARM gaps & risks treatment plan

• CSB Controls requirements awareness to process owners

• Drive compliance to CHARM 100%. Deliverables are: -
  • Document quality CHARM evidence work papers
  • Submit evidence and validate to an effective score for the conforming and gaps free CHARM controls.

The ideal candidate for this role will have:

Qualifications

• At least one professional Information Security Qualification: CISSP/CISM/CISA
• Advanced competencies in Network Security: CCNP or CCIE (Security)
• Advanced competencies in Microsoft, Linux or Unix Operating Systems administration
• Advance competencies experience in Information Security Technologies

Skills and Experience

• Experience with the Vodafone Cyber Health & Adaptive Risk Method (CHARM) Program is mandatory.
• Minimum of 3 years Information Security Governance and Compliance Frameworks.
• Experience in design, delivery and support of Information Security solutions to customers will be and added advantage.
• Good communication skills and team player.
• Experience in the use of security tools.
• Project management skills, and proven task execution (getting things done).  
• Superior Report writing skills.
• Analytical Thinking.

Closing date for Applications:  04 December 2024.

The base location for this role is, Vodacom Techno Centre, Cape Town. 

The Companys approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.