Senior Specialist: Security Application and Middleware at MTN

JOB DESCRIPTION

The Senior Specialist: Security Application and Middleware is responsible for delivering technical security solution designs, reference architecture designs, technical standards and configurations for the API and middleware stacks, including Azure APIM, APIGEE, Oracle Fusion etc. Special focus shall be given to ensuring that security policy management surrounding authorizations and authentication is included in API/middleware designs.

Context

MTN is entering a new phase in its lifecycle where operational and commercial excellence has become critical for success. The urgency for change has become more heightened amidst increased competitive intensity across all markets in which MTN operates. The Group’s Information Security function must therefore ensure the successful delivery in context of:

• Rapidly changing ICT environment
• The geographic complexity of MTN’s footprint across Africa and the Middle East
• Management of executive and local shareholder expectations across all 19 OpCos
• Achievement of top quartile operating efficiency and effectiveness through scale and common processes
• Driving growth through business intelligence and standardization to maximize business impact
• Management of customer and supplier expectations 
• Enhance MTN position as a leading network and system provider
• Constant dynamics and local challenges in the economic, regulatory and legal environments

RESPONSIBILITIES

• Develop Middleware information systems security architectures (e.g., people, processes, technology);
• Responsible for the design of architectures for group wide risk mitigation of key risk areas on Middleware platforms, including authentication, authorizations, security and business activity monitoring, middleware security policy, PKI and web application vulnerability management;
• Assist OPCOs with middleware technical security solution designs 
• Determine a holistic view of security requirements on Middleware platforms by evaluating current security operations and requirements; researching information security standards; studying architecture/platform; identifying integration issues and preparing cost estimates;
• Evaluate outsourced / third-party middleware integrations to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information;
• Manage the development of security architectural and development standards for middleware stacks;
• Ensure a standardized and aligned approach driven from Group Information Security for middleware security architecture across MTN including OPCO’s.
• Assist with management of divisional budgets in line with business objectives and facilitate forecasting;
• Manage project initiative budgets in line with business objectives; and
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Work with the Senior Manager: Architecture and technical excellence to develop and implement the overall information security architecture requirements and framework, overarched by the business risk strategy;
• Responsible for the development and implementation of the information security architecture roll-out definition and actualization via third parties;
• Roadmap definitions for security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
• Define API security policies
• Establish identity provider integrations for API’s
• Perform best-practices risk assessment of middleware API’s
• Establish security controls on exposed API’s retroactively.
• Consolidate disparate identity management architectures into a single identity management workflow to establish customer single sign-on.

Role Dependencies

• Active support from the Group CTIO; Executive: Information Security
• OPCO LISO’s, Regional Coordinators, Governance Forums, Audit Committee, Internal Auditors, Business Risk, Compliance
• Deep understanding of the MTN business strategy 
• Understanding of the OPCO technology, business and regulatory context
• Alignment of OPCO and Group strategy initiatives 
• Timely decision making and reporting

QUALIFICATIONS

Education:

• 4 year Engineering/ Information Science Degree
• Masters in Information Science is advantageous

Industry/Certifications

• CISSP, CISM, CGEIT certification (one of) or equivalent
• Microsoft Certified: Azure Security Engineer Associate, Identity and access administrator associate, Azure security technologies.

Experience:

• Minimum 5 years’ experience in Information Security
• Designing and implementing federated Microsoft Azure identity and API security systems architecture 
• Designing and implementing federated Google cloud platform API security systems architecture 
• Working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges
• Advanced working understanding of the information technology environment of a telecom company 
• Wide understanding of Security applications and capabilities is required to ensure secure deployment and operations of MTN key applications. 
• Mature understanding of the Hybrid cloud environment is required to support the legacy and cloud technology stacks and provide strategic guidance to the MTN OPCOs.