The role Leads and continually improves the Enterprise Cyber security posture, provides technical expertise on all MTN Enterprise wide security-related issues, and works with MTN Group Security to define appropriate Frameworks.
Description:
Assist with cybersecurity initiatives in conjunction with Group Cybersecurity team.
Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
Support with implementation of Information Security projects.
Support the continuos optimization and upgrades of existing security solutions like SIEM, Vulenrability, Data Secrity & Security Analytics.
Drive internal and external vulnerability assessment, penetration tests engagements and manage results to remediation.
Respond to escalated security events and drive security incident response processes to ensure timely resolution with minimal disruption.
Design, document, and deploy secure infrastructure solutions to enhance and evolve the security posture of the business to ensure integrity, availability and confidentiality of all critical enterprise data.
Support with annual Red team & Blue team exercise to improve enterprise security.
Provide expertise on security tools, including but not limited to firewalls, Web Application firewalls, IDS/IDP, anti-malware software.
Liaise with stakeholders in respect of operational implementation of security policies and best practices.
Collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementations are managed to minimize risks and adverse impact to servers, workstations and user productivity.
Implement the infrastructure, configurations and processes to monitor security related events.
Prevent data loss and service interruptions by researching new technologies that will effectively protect the enterprise network.
Document and operationalize information security processes.
Ensure all security system documentation is up to date.
Support Business Risk Management in security related investigations.
Drive the planning and action remedies required to prevent exposures to information security related threats.
Perform security incident response and management.
Interface with relevant Support Teams to resolve security vulnerabilities within the Enterprise systems and Applications.
Drive knowledge management and best practices sharing within own unit, department, division, or enterprise-wide as required.
Education:
Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or related discipline preferred
Possession of a post graduate degree in related IT, Engineering field will be an advantage
Possession of a professional IT certification (Certified Information Security Systems Professional (CISSP)
Possession of other Cybersecurity related certification is desirable
Experience:
3-7 years experience in an area of Security specialisation; with experience working with others
Experience working in a Large organization and preferably in the Telecommunications industry
Strong background as an Engineer/Architect in application security infrastructure and various network technologies to include devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
Experience with Microsoft, Solaris, Unix, Oracle and MS SQL
Experience working in telecommunications industry
Managing network and / or network security
Knowledge should be current with information security best practices and global trends
Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
User account identity, authorization and authentication management.
Security incident and event management
Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concerns