M-Pesa Senior Permanent Controller: IT, Cyber security and Data Analytics

• Design, monitor, test, and continuously improve the permanent control framework over IT processes, cybersecurity controls, fraud risk controls, and data-driven monitoring
• Maintain and update the IT permanent control plan and control library
• Perform control design review and operating effectiveness testing of ITGCs
• Assess segregation of duties and role allocation appropriateness
• Oversee permanent controls for security governance, vulnerability management, endpoint and network security, firewall rules, data security and security incident response
• Review cybersecurity dashboards and KRIs
• Coordinate with Information Security to ensure security-by-design controls
• Maintain a permanent fraud control framework across transaction monitoring rules effectiveness, account takeover and social engineering trends, agent/channel fraud and internal fraud controls
• Perform thematic reviews on fraud typologies and emerging risks
• Monitor the end-to-end fraud case workflow
• Track fraud losses, trends, and control gaps
• Build and maintain analytics-based controls and continuous monitoring for IT/security/fraud
• Define data requirements, validation checks, and lineage for reliable monitoring
• Implement a structured issue management and alert escalation mechanism
• Execute permanent control testing
• Issue clear results in Observation – Risk – Recommendation format with severity ratings
• Produce monthly/quarterly permanent control reports
• Escalate material risks to senior management and governance forums
• Ensure closure validation
• Contribute to the definition/updating of IT security policies, access standards, change management standards and fraud risk management standards
• Promote automation of controls
• Support regulatory examinations and internal/external audits

• Bachelor’s (or higher) in IT, Computer Science, Cybersecurity, Information Systems, or related
• 5 years’ experience in IT controls, cybersecurity governance, fraud risk, or IT audit
• Proven experience with ITGC, access governance, change management controls
• Cybersecurity control frameworks and monitoring
• Fraud controls and analytics-based detection methodologies
• Control testing, issue tracking, and remediation validation
• IT controls: access reviews, PAM concepts, RBAC/SoD, change governance
• Cybersecurity: vulnerability and patch management, endpoint/network controls, incident response lifecycle
• Data analytics: SQL (preferred), Excel advanced, dashboarding (Power BI/Tableau), basic Python (nice-to-have)
• Evidence-based testing discipline
• ability to write clear audit-style findings
• Strong independent challenge mindset (2nd LoD) with diplomacy and influence
• High integrity, confidentiality, and professional skepticism
• Structured thinking
• strong report writing and communication skills
• Ability to handle complex issues, multiple stakeholders, and tight deadlines

basic Python