Vacancies

Specialist: Information Security Compliance and Reporting (Limited Duration Contract – 8 months)

Reference Number:
MTNVAC-310
Title:
Specialist: Information Security Compliance and Reporting (Limited Duration Contract – 8 months)
Location:
Johannesburg
Organisation Name:
Manco
Department:
Group Information Security Office
MTN Level:
Level 2

The Specialist Security Compliance and Reporting is responsible for defining, managing and executing consistent reporting of the state of security (including compliance) across the MTN Group (including all the OPCOs). The Specialist will provide industry benchmarking and trends to ensure continuous alignment and staying abreast of the latest best practices.

MTN’s heightened focus on digitalization for adjacent revenue streams and enhancing efficiency poses a great growth opportunity for the organisation. This has introduced with it the deployment of various technologies including, amongst others, cloud and IoT.

The introduction of these new technologies coupled with the increased focus of regulators on compliance to various regulatory requirements, including the protection of personal information and various data regulations (e.g. data sovereignty), necessitates the need for increased focus on ensuring proactive management of relevant security related compliance requirements, including support on configuration of technology deployments in line with security, risk, and regulatory requirements.

The Specialist Information Security Compliance & Reporting is responsible for the following:

  • Identify best in class Information Security reporting standards and practices across Telecommunications as well as ICT, identifying emerging trends and threats and incorporating them into MTN standards;
  • Establish group wide Information Security reporting standards and guidelines with supporting templates (including Compliance and Risk)
  • Work with the Group Information Security GRC and Program team to drive the effective implementation of the Information Security Policy and Risk framework.
  • Understand upcoming changes in the MTN environment and ensure pro-active updates of the Security Reporting framework to stay relevant
  • Providing best practice guidance, training and support to OPCO Information Security representatives;
  • Coordinating the process of deployment of the reporting standards and guidelines in respect to Information Security compliance monitoring and reporting across MTN;
  • Collating the OPCO reporting and preparation of consolidated Group Reports
  • Facilitate periodic independent assessments of the status of Information Security compliance in the Group;
  • Review performance against agreed Key Performance Indicators (KPIs)
  • Evaluate plans for continuous improvement.
  • Assist the Security Risk and Audit Liaison in tracking and reporting on information security audit issues and risks identified at MTN Group and across MTN Opco’s
  • Measuring and reporting on the effectiveness of Information Security management and control activities in governance framework and King III/IV obligations;
  • Reporting at operations and audit committee and managing the actionable outcomes related to security;
  • Facilitate the definition and implementation of compliance control plans for legal and regulatory compliance;
  • Identify current and potential legal and regulatory requirements affecting information security;
  • Maintain and manage the information security threat and vulnerability risk register;
  • Report on a weekly basis to the Executive: Group Information Security relating to progress made within the division and in accordance with the measurement metrics set by the organization.
  • To assist with the development and implementation of the overall information security framework and strategy, overarched by the business risk strategy, ensuring the effective implementation and adherence across all the business;
  • To ensure that the information security policies, procedures, standards and guidelines for use throughout MTN are critically reviewed yearly and key areas of non-compliance identified are examined to determine root cause and amended as required;
  • Engage the Business Risk and Audit teams to ensure alignment of security reporting

Job Requirements

Education:

  • 3 year Engineering/ Information Science Degree
  • CISSP certification CISA, CISM, CGEIT, CRISC, CBCP, ISO 27001 Lead Auditor or Lead Implementer, COBIT, ITIL (one or more as relevant would be advantageous)

 

Experience:

  • 2- 5 years of relevant work experience in Information Technology (specifically security)
  • Experience in the telecom industry (preferred)
  • 1-2 years working experience in an IT Security, Governance, Risk / Compliance function with reporting responsibilities
  • Experience with organisation wide information security framework
  • Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges
  • Understanding of the information technology environment of a telecom company
  • Fluent in English , French an advantage
  • Telecommunications industry experience
  • Global mindset to service worldwide operations
  • Pan Africa and Middle East multi-cultural experience
  • Multi-country operations oversight experience
  • Willing and flexible to travel within Africa and Middle East
  • Understanding of general regulatory requirements in the telecom industry

Responsibility towards:

  • Executive Group Information Security and Senior Management
  • Governance Forums
  • Internal Audit
  • Business Risk
  • Compliance
  • Information Technology
  • Cyber Security Team
  • External Auditors
  • Partners
  • Distributors
  • Vendors
  • Law enforcement agencies
  • Third Parties
  • Legislative Bodies