Internship | Job Vacancies at Pharo Foundation

Internship | Job Vacancies at Pharo Foundation

Cloud Architect at Pharo Foundation

Cloud Architect

Nairobi, Kenya

Overview

Pharo Foundation (“the Foundation”) is a pioneering, mission-driven organisation working to build a vibrant, productive, and self-reliant Africa. Founded and fully funded by Pharo Management, an emerging markets hedge fund, the Foundation represents a new model of philanthropic capitalism: a private endowment using its own capital to design, fund, and operate development programmes with private-sector discipline and long-term commitment.

Over the next decade, the Foundation’s ambition is to deliver lasting impact across three interdependent missions:

  1. Empowering the next generation through affordable, high-quality education.
  2. Solving water scarcity by building and operating sustainable water infrastructure.
  3. Driving economic productivity by unlocking jobs, investment, and innovation through both non-profit and for-profit ventures.

The Foundation operates in Ethiopia, Somaliland, Kenya, and Rwanda, employing more than 750 people. It combines a not-for-profit engine: Pharo Development, with a for-profit engine, Pharo Ventures, which builds and operates sustainable businesses to create jobs and advance economic self-reliance.

Opportunity

You’ll design, secure, and improve our collaboration platforms (Microsoft 365 and Google Workspace) with a strong emphasis on networking fundamentals, security architecture, and data protection. You’ll translate business needs into pragmatic cloud designs, lead or support migrations and improvements, and partner with stakeholders across IT, security, and the business.

Key relationships

Role: Cloud Architect

Location: Nairobi, Kenya

Reporting to: Global Director, IT

Functional relationship: IT Teams (all countries)

Key Responsibilities

  • Design and implement M365 and Google Workspace tenant architectures (identity, access, collaboration, endpoint and device management).
  • Collaborate with other departments to build robust workflows within the M365 and Google Workspace environments.
  • Own the workspace administration, including access rights, on and off-boarding, and frequent reviews of collaboration platforms for Pharo’s ever-growing portfolio company.
  • Own identity and access patterns across platforms: Entra ID (Azure AD), SSO/federation, MFA, Conditional Access, privileged access, access reviews, lifecycle automation.
  • Build security-by-design controls: email and collaboration security, secure configuration baselines, secure sharing, external collaboration controls, mobile and endpoint posture.
  • Implement data protection and governance: Data Leak Prevention (DLP), information protection/classification/labels, retention policies, eDiscovery/legal hold, audit and alerting, encryption and key considerations.
  • Lead or support coexistence (Exchange/SharePoint/Teams; Google Workspace mail/drive), including risk management, and comms.
  • Apply strong networking knowledge to cloud connectivity and security outcomes: DNS, SMTP, routing, VPN/proxy concepts, firewalling, secure web gateways, and zero-trust access patterns.
  • Produce architecture artifacts: current/future state diagrams, High Level Documents/Low Level Documents, decision records, standards, and runbooks.
  • Monitor, troubleshoot, and improve service health, performance, and security posture; integrate logs with Security Information and Event Management (SIEM) and support incident response.
  • Collaborate with vendors/Managed Service Providers (MSPs) and internal teams; mentor juniors and contribute to platform roadmaps.

Qualifications & Experience

  • At least 2 to 5 years’ experience in cloud/infrastructure/security engineering with hands-on M365 and/or Google Workspace administration.
  • Bachelor’s degree in IT, Computer Science or any other relevant field.
  • Hybrid identity and migration tooling experience (e.g., Entra Connect, third-party migration tools, directory sync concepts).
  • Security certifications or vendor certificates (e.g., Microsoft, Google, CompTIA Security+, ISO 27001 familiarity).
  • Experience working in regulated environments or supporting audits.

Desired Skills

  • Strong networking foundations: DNS, TCP/IP basics, SMTP mail flow, certificates/TLS, proxies, firewall rules, troubleshooting connectivity and auth issues.
  • Security fundamentals with real implementation experience: MFA, conditional policies, least privilege, secure configuration, threat protection concepts, vulnerability/risk thinking.
  • Data protection experience: DLP principles, retention, audit logging, eDiscovery basics, data classification/labeling, GDPR/DPA-aware handling of personal data.
  • Practical scripting/automation mindset: PowerShell (M365/Entra), or equivalent; comfort with APIs and automation for user lifecycle and policy deployment.
  • Clear written communication and the ability to explain technical trade-offs to non-technical stakeholders.

Read More & Apply

Previous Post Next Post