tiGO Job Vacancy : Information Security Officer
Welcome to jobwebghana.com. This website helps you to achieve your career dream by linking you to vacancies from Top Companies in Ghana. Job Seekers are also exposed to best articles for career growth and development. Click Here to Subscribe for Job Alerts We strongly advise graduates not to pay money before getting a Job. Report fraudulent jobs to 0201533571
- Company: tiGO
- Location: Accra, Greater Accra Region, Ghana
- State: Accra
- Job type: Full-Time
- Job category: IT / Telecom Jobs in Ghana
The Local Information Security Officer (ISO) has the overall responsibility for the Information Security (IS) program. The role holder will implement and maintain the global IS program in his/her operation to ensure that information assets are adequately protected and lead IS Incidents Response activities.
Through outstanding leadership, ensure cross-functional cooperation and communication, to support all Business Units in implementing the IS framework across the organization.
A key element of the ISO’s role will involve working with executive management to determine acceptable levels of risk for the organization.
- Organization & People
- Report to the Head of Operations, with a matrix line to the Global ISO, or report directly to the IS structure.
- Assist in the implementation of Millicom IS Standards at the business level to ensure procedures and practices comply with those standards.
- Ensure that the IS Training & Awareness activities are performed as per Millicom IS Standard requirements.
- Leverage the ISO network to have access to resources, seek out best practices, and create efficiencies.
- Develop and maintain a viable succession plan
Consumer & Business Services Delivery & Network Platforms, Billing & Facilities
- Ensure that IS risk is managed during the development of new products and applications, and that risks are mitigated during the products and systems development process.
- Ensure that the Application IS review process is executed in accordance with the Secure-SDLC (Secure System Development Life-cycle) process, to ensure that applications appropriately protect the confidentiality and integrity of business information stored and processed by them.
- Ensure that secure configurations are defined and implemented, leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas.
- Ensure that the Infrastructure IS Review process is executed in accordance to the IS Standard.
- Demonstrate knowledge of Intrusion Detection Systems as well as a thorough knowledge of server and desktop configurations as they relate to system security.
- Guides the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment.
- Escalate to the Global ISO and business managers as appropriate.
Technical and Business Strategy
- Have broad understanding of Identity Access Management, Threat and Vulnerability Management, Information Security Architecture, and Data Protection.
- Ensure alignment of IS program with business strategy.
- Establish and maintain relationships with domain architects, developers, project managers, system administrators and others within the Factory group.
- Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level.
- Ensure that IS characteristics are included as part of the quality framework in all product development.
- Procurement and Supply Chain.
- Support the business by reviewing contract language as it relates to IS.
- Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts.
- Ensure that the Third Party IS Assessment is performed.
Profitability & Cost Control
- Ensure the Operations include the global guidelines and priorities in the IS Budget exercise. Deliver in a timely and cost effective manner all CAPEX commitment.
- Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget .
Risk Management,Processes and Controls
- Perform IS Risk Management for the business units’ processes, applications and supporting technology infrastructure
- Ensure IS Risk Assessment is performed according to Millicom standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies.
- Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors.
- Partner with business coordinators in other disciplines; e.g., Internal Audit, Revenue Assurance, Process Management, Records Management, etc.
Person Qualification & Experience
- Bachelor’s degree in telecommunications and/or information technology, engineer, business management or related field.
- Master’s degree is desired (in fields such as Information Systems Management, MBA).
- IS certification, e.g. CISSP, C| CISO, CISM, CISA, Cobit.
- 6+ years of work experience, including 5 years in managing a technology related department.
- 5+ years of experience in managing IS programs including, but not limited to:
Creating and implementing IS controls
- Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus.
- Aware of key government regulations and local laws to ensure that actions comply with these requirements
- Understanding of software architecture design (client/server, SOA, web 2.0, etc.),software development, Internet technologies and programming.
- Ability to produce accurate and timely information in a high dynamic work environment.
- Proven leader with excellent communication skills and ability to interface with all levels of the enterprise.
- High-level strategic thinking.
- Consultative / advisory skills.
- Strong risk analysis and problem solving skills
- Able to explain complex and technical principles. Able to convey ideas to senior management and staff.