M-Pesa Africa: Manager – Cyber Security Governance, Risk & Compliance


We are pleased to announce the subject career opportunity within Technology (M-Pesa Africa) reporting to the Senior Manager-Cyber Security.

Role Description

As the Manager-Cyber Security Governance, Risk & Compliance, you will be responsible for:

  • Coordinating overall Cybersecurity governance and reporting to the wider Cyber Security and Technology team
  • Coordinating M-Pesa Africa (MPA) risks, Audit & Reviews (Internal and External), and closure of risks and Audit gaps
  • Managing all the intergroup or inter-company reporting related to Cybersecurity
  • Overall compliance & governance management of the MPA Technology environment, with a core focus on technology and the related processes and procedures
  • Lead Improvement of the Cybersecurity posture of the company through several initiatives, including but not limited to Cyber Security Baselines.
  • Facilitating implementation, management, and optimization of Cyber Security policies, standards, and procedures
  • Ensuring adequate budget, resource, and management focus is on cybersecurity risks and Audit issues
  • Coordinating implementation of actions to close MPA risks, Audit & Reviews (Internal and External)
  • Improvement of the Cybersecurity posture of the company through several initiatives, including but not limited to Cyber Security Baselines.
  • Leading in Governance for the hand-over of project systems from Architecture and Assurance team to Cyber Prevent and Defense team
  • Developing and implement User Access Governance and user Review process for all MPA Technology Systems
    Key Role Responsibilities

Impact on the business

  • Coordinate delivery and assessment of cybersecurity baselines (CSBs) across all MPA relevant business areas and processes
  • Design and efficiently implement Cyber Security controls and requirements across MPA environments
  • Ensure all M-Pesa and third-party systems’ products, services and projects are compliant with the MPA minimum security requirements and Cyber Security Baselines (CSBs)
  • Management of the Policies guiding vulnerability scanning, patching, and penetration tests
  • Coordinate all internal and external audits around Technology systems and processes, ensure these systems are free from known Technology audit findings and ensure all audit findings in these systems are closed within agreed timelines
  • Perform risk assessments across Technology areas, provide risk reports (including risk management committee reports and audit committee reports) to management as and when requested
    Customers, supplier, and third parties
  • Ensure compliance with Legal, Regulatory and key stakeholders’ requirements across the Technology domains
  • Responsible for validation, timely completion, and accuracy of user access rights reviews
  • Ensure proper implementation, projects, and change management Governance processes compliance for Technology systems
    Leadership, Planning and Human Resource Management
  • Manage the Cybersecurity subordinate resources (FTEs and contractors) for their tasks/job descriptions effective implementations
  • Skills development within the Cybersecurity department
  • Performance Management of the Cybersecurity team
  • Develop, Implement and create awareness for Cyber Security Policies and requirements on Technology security methods and technologies
  • Implement and measure compliance with the MPA cyber code across all users
  • Provide regular and accurate management reporting on Cybersecurity service performance
  • Build and manage relationships with key stakeholders to disseminate information and drive mitigating actions.
    Innovation and change
  • Continually assess and review security policies and controls, to support business requirements and changing security landscapes
  • Drive continuous improvement through simplification of key cybersecurity processes
  • Make recommendations for Cybersecurity Service Improvement Plans and ensure actions are followed through to completion in a timely manner
  • Perform information security awareness and training to all MPA users and third-party vendors, and monitor the effectiveness of the awareness and training.

Apply if you have:

  • Bachelor’s Degree in Electrical Eng./Computer Science/ Information Technology (or equivalent) from a recognized university.
  • At least 3+ years of hands-on experience in IT Risk or Cybersecurity Governance, Compliance Processes / IT Audit
  • At least 3+ years of hands-on experience in leading the implementation of Group-wide Cyber Security Compliance requirements
  • At least one professional Information Security Qualification: CISM/CISA/CISSP/CEH/CRISC.
  • At least 3+ years of proven experience with Cyber Security related Standards (ISO 27001, PCI-DSS, etc.)
  • Proven experience with GDPR, Financial guidelines on Cyber Security amongst others is A MUST.
    We are happy if you have:
  • At least 5+ years of hands-on experience in managing Cyber Security GRC operations.
  • Proven experience in supervising, leading, or coordinating teams and managing stakeholders.
  • Proven experience with Cyber Security Technologies.
  • Expert-level analytical and problem-solving skills are required.
  • Good report writing and communication skills.
  • Analytical Thinking. Customer-focused.
    What you can expect from us:
  • We believe in a fair and robust interview process
  • We have a robust flexible total reward scheme
  • Dedicated support and mentoring/coaching
  • Opportunity to develop and progress – plus a solid dedication to work-life integration. It all means you’ll have everything you need to advance your career and achieve your full potential.
    Note to Applicants

As part of our recruitment process, we will request the below documentation which will be required as soft copies at a later stage of the process.
An updated CV with a confirmation of three referees- 2 must be professional and must have supervised you at some point, the other referee can be a colleague in the same professional field. If the referees are within the same organization that you are working with, you will need to confirm to us that it’s okay to contact them in writing (via email). This also includes all references within the Human Resources department.
Scanned copy of certificate of good conduct from the CID (Less than 1-year-old) – Applicable to Kenyans Only
Scanned copy of certificate from Credit Reference Bureau (CRB) – Applicable to Kenyans Only
Scanned copy of University Certificate
Scanned copy of your National ID / Passport-Legal Form of Identification


Click “APPLY FOR JOB” button above to apply for this job.


About Safaricom Kenya

Safaricom is a leading communications company in Kenya with the widest and strongest coverage. The home of the famous Mobile Money service- M-PESA