Job advert: Specialist Enterprise Security Risk Management & Control Design

Job advert: Specialist Enterprise Security Risk Management & Control Design
Job advert: Specialist Enterprise Security Risk Management & Control Design

Brief Job Description:

Mission/ Core purpose of the Job: (Short description)

To support in implementation of the enterprise information security risk management strategy as well as the design of procedural and technical security controls in line with the industry and information security best practices.

Detailed Job Description:

Strategy Development & Implementation
  • Support in implementing the sub-divisional strategy in line with IT vision and changing Business needs to ensure brand, company and customers security while delivering the bold digital word
  • Maintain risk and threat landscape knowledge across business orientation
  • Ensure effective implementation of the Information Security Risk Management Frameworks by means of providing direction, structure, frameworks, models, plans and roadmaps;
  • Implement, Maintain and Improve the Information Security Management System of MTNC
  • Drive the adoption and implementation of the EIC/ISO27001 (Plan Do Check Act)
  • Responsible for understanding dependencies and impact of the information security program in relations to other programs/projects and initiatives in the entire organization;
  • Plan, manage and implement strategic security initiatives, maintain group-wide program of all security projects aligned to risk register;
  • Develop Strategy to Integrate information security requirements into the organization’s processes (e.g., change control, mergers and acquisitions) and life cycle activities (e.g., development, employment, procurement);Operational Delivery
Information Security Risk Management
  • Drive the implementation, maintain, adoption & continuous improvement of the Information Security Management System according to EIC/ISO27001
  • Conduct regularly Information Security risk assessment with relevant stakeholders when needed by the policies or
  • Develop & Maintain the Information Security Risk Register & all mandatory documents required by ISO27001
  • Measure & report on Information Security risks
  • Evaluate and manage outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information;
  • Drive the adoption of 3rd Party Information Security Policy & Information Security Annexure by all 3rd Party.
Controls Design
  • Work with planning teams (Network, IS Architecture, Project) to integrate Security by Design in all projects and initiatives
  • Design security controls to prevent Information Security risks and track their effective implementation
  • Develop a Dashboard to evaluate the Information Security Risk Dashboard
  • Manage the development of information security architectures (people, processes, technology); and architectural and development standards for all application security.
  • Be the interface of the Enterprise Information Security & IT Governance Department with Technology Planning: This implies to be familiar with the Demand Planning process, SDLC, Budget & Financial processes.
Data Privacy
  • Ensure implementation of the Privacy Program.
  • Work as part of the Privacy Team to improve, develop, and maintain MTNC global privacy program.
  • Conduct data inventory reviews, privacy assessments, and compliance reviews of internal systems and third-party data feeds.
  • Ensure Definition and Implementation of controls on Data Privacy risks .
  • Work cross-functionally to help Records Coordinators, IT System Owners and IT Business Owner in each department to implement best practices
  • Ensure Technology activities compliance with relevant (defined by top management) Internal & External requirements
  • Provide guidance ensuring future focus and current efficiency;
  • Coach and mentor champions and cross-functional unit to improve culture & ensure efficiency;
Job Requirements:

  • 3-year Engineering/Computer Science Degree
  • Master’s in computer science is advantageousExperience
  • Three (3) years in Information Technology industry with:
  • Experience in Information Security Risk Management
  • Solid understanding of Information Technology & Information Security; proven knowledge in technology environments
  • Solid experience in designing solutions integrating security
  • Experience in Stakeholder management, with ability to work with all levels of the management within the company.
  • Knowledge on General Data Protection Regulation (GDPR)
  • CRISC (Certified in Risk and Information Systems Control)
  • ISO 27001 Lead Implementor Certification
  • ISO 27001 Lead Auditor Certification
  • Data Privacy
  • ITIL Certification
  • Other preferred certifications are: CCNA, CISSP
  • Fluent in English
  • Telecommunications industry experience
  • Global mindset to service worldwide operations
Additional Details:

Skills/ competencies:
  • Analytical
  • Conflict management
  • Continuous improvement
  • Data interpretation
  • Dealing with ambiguity
  • Dealing with complexity
  • Business development
  • Global awareness
  • Leadership
  • Negotiation
Behavioral qualities:
  • Decisive Problem Solver
  • Value Creator
  • Culture and Change Translator
  • Inspiring People Leader
  • Stakeholder Influencer
  • Executer
  • Results Achiever
  • Knowledge and understanding of the information technology environment in a telecommunication industry.
  • Knowledge of IT technology domain including application platform development, application support, infrastructure platforms, data management and database technologies and security frameworks and tools
  • Risk and Information Systems Control Management
  • Audit process
  • Policies, process & procedures development, monitoring & improvement
  • Knowledge on Legal and regulation environment
  • ICT industry and benchmarking practices
  • Complex structures
  • Operational management
  • Marketing best practices and trends
  • Financial / Numeracy
  • ICT industry and benchmarking practices
  • Business Performance Management
  • Resource Management
  • Customer Satisfaction
Email :

Please mention the job title in the email subject

Deadline : 5 October 2021

NB: Ne donnez pas d'argent pour obtenir un emploi

Aucun commentaire:

Vous avez des questions par rapport à cette offre ? Laissez votre préoccupation ici en commentaire. Notre équipe se chargera de vous répondre dans moins de 24h. N'oubliez surtout pas de revenir ici pour consulter la réponse à votre préoccupation.

Fourni par Blogger.