Level: MTN Level 3 (Manger grade)

Reports to: Senior Manager: Enterprise Information Security and IS Governance

Job Summary:

Responsible for developing Information Security plans, maintaining companywide Information security policy and coordinating information security efforts across the company to safeguard MTN Ghana’s information and information assets.

Job Role

• Assist Lead Information Security Officer in implementing Information Security Management Systems (ISMS)
• Managing and conducting penetration tests and security assessments
• Recommending corrective actions, countermeasures and safeguards based on investigations
• Co-ordinate with vendors to implement information security as defined by MTN across network infrastructure.
• Perform information security risk assessment; providing detailed investigation reports and ensure that appropriate responses and actions are put in place to mitigate new risks identified.
• Ensure that information security goals are identified, meet the organisational requirements (Legal, regulatory, business) and are integrated in the relevant processes
• Investigate security breaches on MTN information systems thoroughly; Advise on practical security recommendations.
• Conduct programs to maintain information security awareness.
• Ensure that security activities are executed in compliance with the MTN Group Information Security Policy.
• Ensure employee, contractors and third parties comply with MTN information security policies, processes and procedures.
• Ensure that periodic information security reviews are performed to identify risks. Recommend and manage the implementation of appropriate controls to mitigate the risk.
• Coordinating with internal functions and telecom related vendors/partners for timely resolutions of the problems.
• Serve as an expert advisor in the development, implementation, and maintenance of information security management standards.
• Work with Internal Audit and external consultants as appropriate on required security audits.
• Lead the development and enforcement of information security and privacy policies in compliance with National and telecommunication regulations and standards.
• Develop, publish, and maintain comprehensive company wide information privacy and security strategy, plans, policy, procedures, and guidelines.
• Understand and communicate potential threats, vulnerabilities, and control techniques to departmental system administrators.
• Assist all divisions as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
• Implement tools and techniques to ensure the safety of IT Systems and Databases.
• Ensure that systems adequately protect the availability, integrity and confidentiality of stored information.
• Work with BCP team to ensure test of IT Division Business Continuity plans are updated and tested periodically.
• Monitor information security trends, internal and external and keep management informed about information security-related issues and activities affecting the organization.

Education

• A Degree in Computer Science or Information Management, or related field  Certified Information Systems Security Professional (CISSP)  Certified Information Systems Auditor (CISA).
• Certified Information Security Manager (CISM)
• Certified in Risk Information Systems Control (CRISC)
• Certified Ethical Hacker (CEH)
• Global Information Assurance Certifications

Experience

• Minimum of 5 years’ experience in computing and information security, including experience with Internet technology and security issues.
• Telecoms experience
• 3 years of which must have been in a supervisory role in business continuity planning, auditing, and risk management.
• Experience with disaster recovery planning and testing, auditing, risk analysis, business resumption planning, and contingency planning.
• Compliance and Monitoring
• GRC experience

Competencies

Professional/Technical competencies:

• Ability to Map Technology to information security problems.
• Sound knowledge of LAN, WAN and internetworking technology.
• Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation
• Knowledge of Risk Analysis and Management
• Vulnerability Assessments
• Penetration Testing
• Computer Forensic
• Telecommunication and Network Security
• TCP/IP
• Compliance and Monitoring
• Security Management Practices
• Security Architecture and Models
• Access Control Systems & Methodology
• Application Development Security
• Operations Security
• Physical Security
• Business Continuity Planning
• Law, Investigations, & Ethics

Behavioural competencies:

• Ability to manage self and team performance, good conflict management, take and manage accountability
• Energy & Drive – Innovative, Takes initiative, result oriented and develops self consistently, Creativity and Innovation
• Interpersonal Skills – Leadership, customer centricity, collaborative and coaches & develops direct reports
• Personal Skills – Trustworthy, integrity and ethical in dealings
• Operating Skills – Ability to focus on priorities and plans, manages and monitors work effectively
• Organisational Positioning Skills – Good written, Reporting, verbal & presentation communication, commitment to the organization
• Global thinker, Analytical thinking and Problem solving abilities.