[Vacancy]: Specialist – Security Governance and Assurance Needed at MTN Nigeria

Mission:

To be involved in all facets of Information security controls design, implementation, control assessments and optimization; implementation of ISO and NIST controls in line with the approved Cybersecurity Strategy; implementation of secure resilient technology that supports the business processes within MTN Nigeria. The position includes the development, implementation and maintenance of quality plans and procedures that allows MTNN to respond to industry standards, relevant legislation and current best practices.

Description:

• Ensure implementation of technical security standards/baselines across MTNN’s technology platforms as well as ongoing monitoring and reporting of compliance against the standards.
• Ensure the integration of the MTNN’s technology platforms into the security compliance and monitoring eco-system both at opco and Group level then regularly confirm and report on ongoing effectiveness.
• Liaise with other relevant functions to facilitate the timeous closure of incidents and vulnerabilities.
• Ensure Security controls are regularly evaluated as part of the Security Assessment program with proposed remedial actions to address noted baseline variances.
• Support the implementation of risk assessments exercises across the Information Technology function in order to trap and highlight information security weaknesses and advice on controls to mitigate those risks.
• Implement standards for testing methodologies, techniques and procedures and conduct robust quality standard programme.
• Lead IT Controls Assessments and compliance exercises.
• Support controls design for Operating systems, Applications & Database Security, implementation, assessments & reporting.
• Monitor the effective cascading of the Compliance strategy into the Compliance Monitoring business plans to ensure vertical alignment and horizontal integration with other interfacing strategies.
• Monitor compliance to Information security policies, procedures and standards via a robust information security program/plan depicting continuous planned and ad-hoc audit and review exercises.
• Liaise with other relevant functions/stakeholder to implement information security as defined by MTN Nigeria.
• Manage escalating issues (within the information security domain) along with relevant stakeholders.
• Assist relevant business owners and custodians in identifying and setting activities logs, audit trails, functional and technical requirements, and ensure adequate custody of such.
• Provide adequate support for any escalated information security issues (when needed).
• Perform Problem, Change, and Release & Configuration Management as it pertains to Information Security.
• Specify, assist and delegate information security system integration concepts into SDLC process.
• Drive the Automation of the Security Baseline configuration using Enterprise tools.
• Serve as an internal information security consultant to MTN and advise on trending information security technologies/related regulatory issues.

Education:

• Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or any related discipline preferred Certifications
• Any of Certified Information Security Manager (CISM) or Certified Information Security Systems Professional (CISSP) will be advantageous,
• A combination of Certified Information Systems Auditor (CISA) and any of Certified in Risk and Information Systems Control (CRISC) or Certified in Governance of Enterprise & IT (CGEIT), CCNA Security, CompTIA Security.

Experience:

3-7 years of work experience which includes:

• Experience working in the Information Security domain.
• Experience in the Cybersecurity Consulting, Digital Risks or Telecommunication sector is advantageous
• Proven experience in Information Security related Governance, Technology Risk Management and Compliance, ITGCs & Automated Controls.
• Experience conducting regular risk assessments to identify, evaluate, and prioritize cyber risks across the organization’s systems, applications, and processes.
• Experience in Data Privacy controls including knowledge of Data Privacy regulations.
• Technical experience around Identity Access Management, Controls configuration management & automation using Puppet/Ansible/Chef, Vulnerability assessments and treatment, Technical systems baseline governance & Implementation.
• Experience in identifying requirements, developing architectures, and deploying enterprise Security architecture, ensuring that the implementation adheres to standards and best practices.
• Knowledge of SQL is desirable;  minimum Intermediate.
• Experience with database security administration tools, security assessments, and secure database configuration.

Click here to apply