Information Security Risk Management
– Drive the implementation, maintain, adoption & continuous improvement of the Information Security Management System according to EIC/ISO27001
– Conduct regularly Information Security risk assessment with relevant stakeholders when needed by the policies or
– Develop & Maintain the Information Security Risk Register & all mandatory documents required by ISO27001
– Measure & report on Information Security risks
– Evaluate and manage outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information;
– Drive the adoption of 3rd Party Information Security Policy & Information Security Annexure by all 3rd Party.

Controls Design
– Work with planning teams (Network, IS Architecture, Project) to integrate Security by Design in all projects and initiatives
– Design security controls to prevent Information Security risks and track their effective implementation
– Develop a Dashboard to evaluate the Information Security Risk Dashboard
– Manage the development of information security architectures (people, processes, technology); and architectural and development standards for all application security.
– Be the interface of the Enterprise Information Security & IT Governance Department with Technology Planning: This implies to be familiar with the Demand Planning process, SDLC, Budget & Financial processes.

Data Privacy
– Ensure implementation of the Privacy Program.
– Work as part of the Privacy Team to improve, develop, and maintain MTNC global privacy program.
– Conduct data inventory reviews, privacy assessments, and compliance reviews of internal systems and third-party data feeds.
– Ensure Definition and Implementation of  controls on Data Privacy risks .
– Work cross-functionally to help Records Coordinators, IT System Owners and IT Business Owner in each department to implement best practices
– Ensure Technology activities compliance with relevant (defined by top management) Internal & External requirements
– Provide guidance ensuring future focus and current efficiency;
– Coach and mentor champions and cross-functional unit to improve culture & ensure efficiency;

Training/Certification
o CRISC (Certified in Risk and Information Systems Control)
o ISO 27001 Lead Implementor Certification
o ISO 27001 Lead Auditor Certification
o Data Privacy
o ITIL Certification
o REACH
Other preferred certifications are: CCNA, CISSP

Fluent in English
Telecommunications industry experience
Global mindset to service worldwide operations

Additional Details:

• Analytical
• Conflict management
• Continuous improvement
• Data interpretation
• Dealing with ambiguity
• Dealing with complexity
• Business development
• Global awareness
• Leadership
• Negotiation

• Decisive Problem Solver
• Value Creator
• Culture and Change Translator
• Inspiring People Leader
• Stakeholder Influencer
• Executer
• Results Achiever

Knowledge
– Knowledge and understanding of the information technology environment in a telecommunication industry.
– Knowledge of IT technology domain including application platform development, application support, infrastructure platforms, data management and database technologies and security frameworks and tools
– Risk and Information Systems Control Management
– Audit process
– Policies, process & procedures development, monitoring & improvement
– Knowledge on Legal and regulation environment
– ICT industry and benchmarking practices

– Complex structures
– Operational management
– Marketing best practices and trends
– Financial / Numeracy
– ICT industry and benchmarking practices
– Business Performance Management
– Resource Management
– Customer Satisfaction