Manager: Regional Information Security and Awareness (SEA) at MTN

JOB DESCRIPTION

• The Manager Regional Information Security and Awareness is responsible for Regional co-ordination and execution of Information Security requirements and initiatives in line with the overarching Group and regional business goals and Group security framework. The role is accountable for the development and implementation of relevant strategies and frameworks, evangelizing relevant security policies, procedures and requirements and reporting and communicating to the OPCO’s and Group to enable a more secure environment and reduce risk to the company and its customers.  The role will support the Senior Manager in the implementation of MTN’s regional information management and protection strategy to comply with the Group Information Security Policy, applicable regulatory requirements, and client expectations. The manager will also be accountable for streamlined implementation of Security programs across the OpCo’s in the region.

Context

MTN is entering a new phase in its lifecycle where operational and commercial excellence has become critical for success. The urgency for change has become more heightened amidst increased competitive intensity across all markets in which MTN operates. The Group’s Information Security function must therefore ensure the successful delivery in context of:

• Rapidly changing ICT environment
• The geographic complexity of MTN’s footprint across Africa and the Middle East
• Management of executive and local shareholder expectations across all 19 OpCos
• Achievement of top quartile operating efficiency and effectiveness through scale and common processes
• Driving growth through business intelligence and standardization to maximize business impact
• Management of customer and supplier expectations 
• Enhance MTN position as a leading network and system provider
• Constant dynamics and local challenges in the economic, regulatory and legal environments

RESPONSIBILITIES

The Manager: Regional Security and Awareness is responsible for the following key performance areas:

Strategy Development and Implementation 

• Assist in the creation of the regional information security strategy in line with the overarching Group and regional business goals and Group security framework. Represent the region in the development of the overall group security strategy
• Providing regional Inputs into the effective implementation of the group and regional strategy by means of providing direction, frameworks, models, plans and roadmaps.

Operational Delivery

• Partner with the Senior Manager to promote and reinforce global policies and requirements, and help ensure they can be implemented regionally. Represent the region in the development / maintenance of standards. 
• Support the Compliance team in helping ensure new LISO's are on boarded appropriately and understand their responsibilities; support regional LISO's in their roles, as needed
• Coordinate with the relevant LISO's and Operational teams in the region  supporting remediation of issues with key controls, critical incidents, and other security requirements
• Support activities, actively champion awareness, influence compliance with security policies, provide solutions for business-specific security issues, and remind personnel of the importance of awareness and training
• Work with regional coordinators to facilitate knowledge and resource sharing
• Provide support to OpCo’s, coordinate interactions between the region and group technical SMEs
• Drive collaboration across the supported region (and between regions) to ensure that security is consistently improved 
• Facilitate the information security risk assessments in OpCo’s within the region to ensure threats identified and actions taken to ensure they are managed.
• Work with OpCo stakeholders in order to ensure alignment of regional information security challenges, risks and opportunities to support and optimize business operational needs.
• Implementation of the large-scale information security projects in the region in alignment to business challenges, risks and requirements.
• Effectively manage Annual security awareness attitudes (as measured by Gartner/CEB)
• Implement Successful Security awareness training of new employees & contractors
• Participation and implementation of corrective measures for all relevant stakeholders in ongoing security awareness campaigns
• Oversee regional projects and initiatives that are aligned to business needs;
• Manage key risks, issues and dependencies and set mitigation actions; and
• Coordinating the process of continuous improvement in respect to Information Security Governance within the region and across MTN;
• Facilitate periodic independent assessments of the status of Information Security governance in the region;
• Drive adequate risk mitigation and controls;
• Review performance against agreed Key Performance Indicators (KPIs) Ensure provision of appropriate support to commercial functions; and
• Evaluate plans for continuous improvement
• Facilitate the ongoing reporting of KPIs within the region and from the regional OPCOs to Group.
• Maintain relationships within OPCOs and with regional regulators to ensure MTN Group is kept abreast of regional regulatory developments prior to enactment into law
• Build and maintain strong relationships with the VP reporting structures in the region
• Assist the internal audit function in terms of audit planning to ensure that information security risks are incorporated within the Audit;
• Resolve information security audit issues and risks identified across MTN Opco’s.

Compliance and Reporting

• Assist the internal audit function in terms of audit planning to ensure that information security risks are incorporated within the Audit;
• Resolve information security audit issues and risks identified across MTN Opco’s.
• Measuring and reporting on the effectiveness of the regional Information Security management and control activities in governance framework and King IV obligations;
• Reporting on regional operations and audit committee outcomes related to security;
• Facilitate the definition and implementation of compliance control plans for legal and regulatory compliance; 
• Ensure that reporting from Regions is timeously delivered to group
• Maintain the regional information security threat and vulnerability risk register; 
• Report on a weekly basis to line relating to progress made within the regions and in accordance with the measurement metrics set by the organization. 
• Report and provide continuous feedback to senior management of security status in the region
• Provide status reporting on regional project roadmaps.

Budgets

• Oversee project initiative budgets in line with business objectives; and
• Drive regional initiatives that will ensure that the information security “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers.

Managerial / Supervisory Responsibilities

• Manage internal and external development partners to accomplish tasks
• Set up, direct and guide effective project teams
• Identify training requirements within the region and assist in providing necessary training and capacity building
• Identify opportunities for career progression for staff within the region through short term or long term deployments

Other:

• Regional and international travel

QUALIFICATIONS

Education:

• 4 year Engineering/ Information Science Degree / Technical diploma 
• Masters in Information Science advantage
• CISSM and/or CISSP certification
• Other preferred certifications are: CISA, CRISC, CGEIT CBCP, ISO 27001 Lead Auditor or Lead Implementer
• ITIL Certification is Advantageous
• Project management certification advantageous

Experience:

• 5 - 8 years of relevant work experience in Information Technology (some information security experience preferable) 
• 2 - 4 years of experience at the Management level in the telecom industry 
• Experience in planning, implementing and supporting IT/Risk/Control services in a multi-country / Opco / branch environment
• Experience in implementing large scale information technology / networking projects 
• Experience in Governance, Enterprise Risk Management and Compliance
• Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges
• Advanced working understanding of the information technology environment of a telecom company

Competencies:

• Strategy Implementers, Decisive Problem Solver, Best Practice Value Creator 
• Culture and Change Champion, Guiding People Manager, Relationship Builder 
• Results Achiever, Operationally Astute

Other:

• Fluent in English, French and/or Farsi an advantage Regional and International Travel obligations