Job description

• Responsible for establishing and implementing adaptable Information Security & Cyber Risk Management standards, frameworks and solutions for the OpCo in line with Group frameworks, policies and procedures, in response to current and future Information Security Risk Management landscapes.
• The primary purpose of the job is to effectively identify, protect, Detect, Respond & Recover and introduce defensive safeguards and monitor the performance thereof against all variations of potential security risk exposures, both of an internal or external nature (Strategic, Operational, Compliance, Liquidity, Product and Market, Political, Economic, Reputation etc.).
• In addition, this role ensures that business units take ownership in the management of their security risks to guarantee safeguarding MTN Ghana’s information assets and the interests of stakeholders by identifying and managing all threats to the achievement of the overall strategic objectives.

Context: The Manager, Information Security & Cyber Risk must therefore ensure successful delivery in the context of:

• Evolving industry ecosystems relating threats and vulnerabilities
• Compliance and regulatory landscapes and challenges. i.e. General Data Protection Regulations
• New imperatives concerning data privacy and security and building strong digital trust partnerships
• Rapid adoption of new routes to innovation and technologies
• Volatile macroeconomic and political environments in the OpCo and the region
• Identifying, defending, detection, responding and recovery of Information Security risks through business intelligence to maximize business impact
• Management of customer and supplier expectations
• Enhancing the OpCo and MTN reputational position as a leading network and system provider
• Aligned to Integrated plan
• Risk & Compliance Management themes and focus areas
• Aligned with King III Corporate Governance.
• Risk & Compliance Management Frameworks, Methodologies, Policies, Processes and procedures.
• Dynamic and highly competitive telecommunication & ICT industry
• Highly regulated environment
• Regionalization structure implication
• Performance driven environment
• Diverse cultural environment

Key Tasks:

• Work with leadership team to ensure that Information Security risks are identified and managed to support and protect the strategic vision of the company, by proactively managing and balancing all risk levels.
• Contribute to the facilitation of the organisation’s overall risk appetite definition and tolerance levels.
• Implement the overarching Group Information Security Management Framework (including NIST, CIS and ISO 27001) that supports specific lines of business, with the Information Security Risk Management team. Implement a comprehensive Risk Management programme, supported by an established set of policies and procedures that govern Information Security and Cyber risk management approaches and provide clear channels of transparent, timely communication to OpCo Executive management.
• Assist in Planning and maintaining the ISCM Budget.
• Assist in Planning and implementing the ISCM plan in alignment with the combined assurance and Information Security risks methodologies and Risk & Compliance Management themes and focus areas
• Assist in planning monthly presentation of Governance Committee items.
• Assist in Planning and facilitating the identification and evaluation of information Security & Cyber risks.
• Assist and provide input on Governance Committee Meetings.
• Ensure update and maintenance of the Information Security Risk Dashboard at all times for executive management alignment.
• Facilitate the annual/biannual Business Impact Analysis of the business and report to Excom.
• Ensure gap analyses are done on information Security Risk/ Issues of critical areas of the business as per integrated plan.
• Collaborate with the Group Risk and Compliance in establishing and quantifying the OpCo’s ‘risk appetite’, i.e. the level of risk the OpCo can accept, risk bearing capacity and risk tolerances
• Ensure implementation of the Group Risk Escalation and Acceptance Policy; furthermore:
• Manage and resolve escalations that have impact on critical path of service delivery.
• Escalate issues in line with the Group Risk Escalation and Acceptance Policy
• Manage and provide solutions to issues that require formal resolution.
• Perform the organization’s Information Security Maturity Assessments as per MTN Group’s Model.
• Build relationships and share knowledge / best practices with the decisions by working closely to ensure a coordinated approach to information Security risk identification and management.
• Provide guidelines for and review the update of IT and Network Group disaster recovery plans to ensure procedures for core critical systems are always up-to-date.
• Facilitate and review update of Information Security play books & Plan, while maintaining central oversight.
• Ensure there is a comprehensive testing road Map, training and awareness strategy at all levels of the business on information security.
• Any other tasks/projects as assigned by the Head of Risk and Compliance.
• Assist with inputs on the annual/biannual signing of Management Attestations.
• Assist the Enterprise Risk management team in facilitating companywide risk workshops.
• Assist in assessing the companywide Principal Residual Risk Rating Conclusions with the Governance Champions, Excom and BRM counterparts.
• Contribute to Risk Based Audit Plan.
• Report on information Security Risks to the stakeholders and the sub-committees of the board.
• Contribute to the yearly integrated Plan

Qualification Required & Experience

Education:

• Bachelor’s Degree preferably in Risk Management, Business/ Computer Science/ Information Security.
• Professional certifications on Information Security Risk Management (CISSP, CEH, CISA, CISM etc.) a must

Experience:

• At least 5 years’ experience in a similar role, with at least 3 years in a supervisory role.

Training:

• Information Security frameworks, standards and Guidelines
• Leadership and coaching.

Knowledge:

• Information Security frameworks, standards and Guidelines
• Information Security Risk Management Policies or ISO Standards 27001, CIS or NIST Maturity models
• ISM methodologies and reviews include incident & Incident management, emergency preparedness, recovery modes/methods, recovery strategies etc.
• Threat hunting methodologies and frameworks.
• Corporate Governance frameworks e.g. King III.
• Strong understanding of the business processes applicable to a mobile telecommunications operator.
• Knowledge of mobile telephony infrastructure and business processes.
• Project Management
• Risk Trending.
• Working knowledge of Industry standards of Information Security Risk Management (ISM) E.g. ISO 27001, CIS and NIST
• Advanced IT infrastructure knowledge
• Use of Excel, Power Point, Word

Skills / physical competencies:

• Ability to manage self and be a team player, good conflict management, take and manage accountability
• Energy & Drive – Innovative, Takes initiative, res
• Result oriented and develops self consistently
• Interpersonal Skills – Leadership, customer centricity, collaborative and coaches & develops direct reports
• Personal Skills – Trustworthy, integrity and ethical in dealings
• Operating Skills – Ability to focus on priorities and plans, shares knowledge effectively
• Organizational Positioning Skills – Good written and verbal communication, presentation skills, commitment to the organization
• Strategic Skills – Global thinker, Analytical thinking and Problem-solving abilities.
• Facilitating skills

Behavioural qualities:

Must live the MTN Values of

• Lead with Care, Collaborate with Agility, Serve with Respect, Can Do with Integrity, Act with Inclusion

General working conditions

• Anywhere/Anytime work/ Ability to manage self/Personal accountability.

Location: Accra

How To Apply For The Job

Qualified Applicants should indicate Ref number: MTN-R&C001-2024 as the email subject and ensure that CVs are saved in their names. Qualified Applicants should send their Curriculum Vitae by 26th July 2024 to:

[email protected]

• Applicants should have served at least twelve (12) months or more in their current role with Scancom PLC.
• Applicants should also make their managers aware that they are applying for the position.
• Only shortlisted applicants will be contacted.

Closing Date: 26 July, 2024