Principal Systems Auditor - Financial Systems And Information Security
Principal Systems Auditor - Financial Systems And Information Security 1 PositionSafaricom Plc
Safaricom is a leading communications company in Kenya with the widest and strongest coverage. The home of the famous Mobile Money service- M-PESA
We are pleased to announce the subject career opportunity within the CEO’s Office under Internal Audit. In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.
Detailed Role Description
Reporting to the Senior Manager – Networks and M-PESA Audits the position holder will be responsible for for leading, planning, performing and documenting Cyber/IT Security reviews and advisory assignments as well as audits of Financial Services Systems in accordance with the internal audit plan. These audits shall include but not be limited to Vulnerability Assessments, Penetration testing, audits of Mobile Money systems and Pre/ Post-Implementation reviews.
The position holder will also be responsible for supporting strategic business initiatives by advocating and enhancing the risk and control environment, and when appropriate, engaging, managing and reviewing the work of external consultants/advisors.
- Participation in the overall development and delivery of the audit plan
- Review of the mobile money systems from a technical standpoint to provide assurance on the adequacy of controls are adequate to mitigate and/or manage the technology risk to acceptable levels
- Review of security controls around key network elements (BSS, MSC, HLR/AUC, IN, NGN, GGSN/SGSN)
- Prepare deliverables/reports for senior management that include thematic issues, trends and other micro/macro level risks identified through the execution of IT audits within the Financial Services space
- Serve as an on-going subject matter expert in the area of information security controls and technologies
- Present, discuss and follow-up on audit recommendations with management
- Delivery of continuous information security assessments and penetration testing.
- Articulation of security risk exposure to various stakeholders.
- Review security control frameworks/guidelines to ensure consistent application of security controls
- Review procedures for investigating and closure of technology security incidents in line with industry best practices
- Keep abreast with the latest technology security trends and provide input to mitigate emerging threats
- Degree in Computer Science, IT, Business Information Systems (or related technical / business field) from a recognized university.
- 5-7 years working experience in information systems and cyber security assurance
- Demonstrated deep interest in IT Security and broad IT expertise coupled with good understanding of financial services and impacting laws and regulation
- Strong working knowledge of penetration testing tools and methodologies including but not limited to Application Security, Database Security, Web services security, Network Security, Mobile Security and VAS systems security
- Knowledge of common IT and networking technologies (operating systems, relational databases, network/mobile technologies) including Oracle or MS SQL databases, Unix / Linux / Windows etc.
- Detailed understanding of frameworks, principles, practices, and techniques related to IT Security
- Holder of Certified Information Systems Auditor (CISA) or equivalent
- Security qualification (CISSP or CISM or other information security certification)
- Experience in use of CAATs a must
- Strong relationship, communication and stakeholder management skills
- Ability to evaluate risks, articulate issues, develop consensus, raise awareness and recommend practical solutions
- Strong Written and Verbal language skills
- Ability to initiate and build effective stakeholder relationships
- The ability to work under pressure and be resilient and tenacious to get results
Note to Applicants
As part of our recruitment process we will request the below documentation which will be required as soft copies at a later stage of the process.
- An updated CV with a confirmation of three referees- 2 must be professional and must have supervised you at some point, the other referee can be a colleague in the same professional field. If the referees are within the same organization that you are working with, you will need to confirm to us that it’s okay to contact them in writing (via email). This also includes all references within the Human Resources department.
- Scanned copy of certificate of good conduct from the CID (Less than 1 year old) - Applicable to Kenyans Only
- Scanned copy of certificate from Credit Reference Bureau (CRB) – Applicable to Kenyans Only
- Scanned copy of University Certificate or letter from the University requesting for internship
- Scanned copy of your National ID / Passport-Legal Form of Identification