Department Description:

Technology 

 

Brief Job Description:

To support in implementation of Information Security & IT Governance Strategy through Controls Framework Management, Audit Handling & Response, Compliance & Risk Management and Related KPI management within Technology Department.

 

Context:

 

MTN vision has grown toward new business stream such as Mobile Financial, Digital, ICT and Enterprise business services. This revolution comes with wonderful opportunities for communication, knowledge sharing, but also with cyber criminality risks leading to new challenges and threats on information security. The regulation environment has also became dynamic, specific (Data privacy) and there is an urgent need comply and maintain compliance with external and internal requirements. Noncompliance to relevant Technology internal & External will affected MTNC ability to achieved intended objective on reputation, Customer experience and finance.

 

Key Job Responsibilities:

 

Strategy Development & Implementation

-      Lead the creation of sub-divisional strategy in line with IT vision and changing Business needs

-      Define robust strategy to ensure brand, company and customers security while delivering the bold digital word

-      Maintain risk and threat landscape knowledge across business orientation and review security strategy to enable trust in the digital word

-      Ensure effective implementation of the Information Security Risk Management Frameworks by means of providing direction, structure, frameworks, models, plans and roadmaps;

-      Identify, evaluate and adopt an information model for Threat Intelligence to allow for threat intelligence to be aggregated, standardized and used in a uniform manner to understand risk and make informed cybersecurity decisions.

-      Drive the adoption and implementation of the Cyber Security Framework (Detect, Respond and Recover) to prevent cyber criminality.

-      Responsible for understanding dependencies and impact of the information security program in relations to other programs/projects and initiatives in the entire organization;

-      Plan, manage and implement strategic security initiatives, maintain group-wide program of all security projects aligned to risk register;

Develop Strategy to Integrate information security requirements into the organization’s processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g., development, employment, procurement);

 

Staff Leadership and Management

-      Source, induct and manage talent in accordance with IT Governance guidelines;

-      Ensure open communication channels with staff and implement change management interventions where necessary;

-      Provide definition of roles, responsibilities, individual goals and performance objectives for the team;

-      Set KPIs and provide regular performance feedback through a well-defined and implemented performance review program;

-      Performance manage resources in accordance with HR policy and legislation where necessary;

Actively participate in leadership team and develop skills of own team.

 

Governance:

 

Adhoc, Operational and Tactical Meeting

-      Set up / participate in adhoc and operational meetings

-      Participate and provide input into tactical meetings

-      Report at process and functional level

 

Opco Operational

Review and identify key risks, issues and dependencies and set mitigation actions

-      Develop and maintain IT control framework

-      Follow up Policies/Procedures development and Implementation related with sub-division activities.

-      Sign-off / make decisions regarding operational changes

 

Opco Tactical

-      Provide input on all projects initiated

-      Review key risks, issues and dependencies and set mitigation actions

 

Performance

-      Review performance against agreed KPIs and their compliance to SLAs and reverse SLAs

-      Review and monitor plan for continuous improvement

 

Reporting

-      Review reports on a monthly basis relating to progress made within the sub-division and in accordance with the measurement metrics set by the organisation

-      Review reports on an adhoc basis on specific projects

-      Provide daily, weekly performance reports in accordance with the condition set by the top management of the sub-division.

 

Operational Delivery:

 

Data Privacy

• Ensure implementation of the Privacy Program. 
• Work as part of the Privacy Team to improve, develop, and maintain MTNC global privacy program.  
• Conduct data inventory reviews, privacy assessments, and compliance reviews of internal systems and third-party data feeds.
• Ensure Definition and Implementation of controls on Data Privacy risks.
• Work cross-functionally to help Records Coordinators, IT System Owners, and IT Business
• Owner in each department to implement best practices

 

Information Technology Governance

• Develop and maintain plans to implement the information security strategy.
• Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT);
• Communicate and maintain information security policies that support the security strategy.
• Plan, manage and implement strategic security initiatives, maintain group-wide program of all security projects aligned to risk register.
• Establish metrics to evaluate the effectiveness of the information security program.
• Implement the Information Security Risk Management Frameworks and ensure cross
•  Adoption and implementation of; IT Governance and Information Security
• Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incident and Non Conformities;
• Design and develop a programme for IT Governance and information security awareness, training and education and roll-out awareness programmes.
• Define reference architecture (IT & telecoms) to manage threats, monitor implementation & compliance and obtain inputs and validate the MTN IT Governance and Information security reference architecture with key MTN partners.
• Evaluate and manage outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information.
• Manage the development of information security architectures (people, processes, technology); and architectural and development standards for all application security.
• Measure and report on the effectiveness of IT Governance and Information Security management and control activities in governance framework.
• Establish group wide Information Security Risk management standards and policies including process to identify emerging risks and manage deviations or risk.
• Participate and facilitate the Audit process through follow up on resolution of audit findings and reporting on the outcomes.
• Develop a process to integrate information security controls into third party contracts and SLA’s. 

 

Job Requirements

 

Education:

Minimum 3 year Engineering/ Information Science Degree

Master’s in information science is advantageous

 

Experience

• Two (2) years in Information Technology industry
• Experience in various compliance, Governance and performance Management
• Solid understanding of Information Technology; proven knowledge or technology environments
• Experience in Stakeholder management, with ability to work with all levels of the management within the company.
• Ability to maintain the highest standard of confidentiality is required with zero tolerance
• Knowledge on General Data Protection Regulation (GDPR)

 

Additional Details:

 

Industry / Certifications:

• CRISC (Certified in Risk and Information Systems Control)
• COBIT (Control Objectives for Information and related Technology)
• ISO 27001 Lead Implementor Certification
• ISO 27001 Lead Auditor Certification
• Data Privacy
• ITIL Certification
• REACH

 

Knowledge:

-      Knowledge and understanding of the information technology environment in a telecommunication industry.

-      Knowledge of IT technology domain including application platform development, application support, infrastructure platforms, data management and database technologies and security frameworks and tools

-      Risk and Information Systems Control Management

-      Audit process

-      IT Governance

-      Performance Management (What to be evaluate, how to evaluate, monitoring, trends interpretation)

-      Policies, process & procedures development, monitoring & improvement

-      Knowledge on Legal and regulation environment

-      ICT industry and benchmarking practices

-      Complex structures

-      Operational management

-      Marketing best practices and trends

-      Financial / Numeracy

-      ICT industry and benchmarking practices

-      Business Performance Management

-      Resource Management

-      Customer Satisfaction

-      General Data Protection Regulation (GDPR)

 

Skills:

Apply for this job