Senior Specialist: Technical Security Assurance & Service Management at MTN

Mission/ Core purpose of the Job: 

• This role is responsible for embedding and maintaining technical security control requirements across MTN SA network, infrastructure and systems. Responsibilities include ensuring that appropriate security controls are implemented in the organisation by continuously reviewing and updating the policies, operational technology and security processes and standards in alignment to Group policies and latest global threats, ensuring optimal performance of the services and identify control efficiencies in how security is operated across all domains. The incumbent will also perform continuous technical security assurance on all Technology service areas to ensure audit compliance and minimized risk exposure. 

Key Performance Areas: 
Technical Excellence

• Analysis of known and emerging threats to determine risks against MTN SA assets
• Provide assurance that MTN SA assets are effectively managed and monitored to meet MTN SA security requirements - first-line management assurance  
• Review and document Information Security Processes and Procedures and meet governance in terms of policy, legislative and audit requirements and provide consultation to business with regard to this. 
• Identification and management of information security risks within MTN SA by assisting in identifying, defining and maintaining the information security policy and functional standards for the organisation
• Create and continuously review security governing principles to guide information, technology, and solution decision making for MTN SA
• Support the implementation of control mechanisms, which enable Information Security function to have a view of the status of information security within SA and Group 
• Report on mitigating actions required to correct or remedy actions where necessary and inform Technology Teams and relevant Business units of any significant changes and risk situations
• Consult to projects in terms of identifying risks, vulnerabilities and controls 
• Perform Security Assessments on internal environments or external 3rd party environments, with the purpose of identifying shortcomings which introduce risk, and make recommendations for changes or improvements
• Coordinate reporting and action plans in the event that a security incident does occur
• Conduct monthly security service/ posture reviews across the environment and present reports to the relevant business units and governance committees, both in SA and Group. 
• Represent Information Security in the relevant business areas in MTN SA as well as various IT/ Network and or Security committees and forums within MTN SA and Group.
• Drive the development and implementation of security strategy across MTN SA
• Provide on-going subject matter expert level consultation to MTN SA project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.  
• Ensure optimal performance of the security services and identify control efficiencies in how security is operated across all security domains. 
• Track and drive implementation of Technical Security Standards across the technology platforms. 
• Review and track all risk accepted and exception items and assist to build and manage the security compliance universe. Consult to projects (Business and Technology) in terms of identifying risks and specific vulnerabilities and controls for new implementations

Operational Delivery

• Perform management assurance on technical controls to minimise audit impact and risk exposure
• Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack MTN Mobile network and systems. 
• Work closely with the Technology teams to identify and select the right security controls to protect MTN's network & IT infrastructure, cloud and IoT solutions; define functional and non-functional security requirements and criteria to conduct technology evaluation and selection. 
• Manage and run governance for Technology Security function in line with Group Information Security and drive the implementation of security governance and ensure adherence to it. 
• Foster a security-conscious culture within MTN SA Technology and Business teams.
• Manage SLA’s and collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related conrol break-downs in the environment
• Support Business Risk Management in security related investigations 
• Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies. 
• Develop, monitor and measure the deployment of security standards  
• Ensure procurement practices adhere to security protocols and securiy is embedded into the procurement process consistently. 
• Collaborate with the Network Planning and Operations teams on shared policies and ensure alignment
• Work with internal stakeholders to define action plans to close or mitigate findings of auditors
• Proactively test for security related issues and propose remedial plans. 
• Manage security deliverables for Business Resilience programme as well as the POPI programme 
• Drive implementation and tracking of Critical Controls and reporting to Group
• Report on any residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and non-compliance. 
• Measure and report on the effectiveness of Information Security management and control activities to appropriate governance governance comittees.  
• Report at risk and audit committees and manage the actionable outcomes related to security. 

Supervisory Responsibilities

• The role requires management and supervision of the activities of a number of Team members across Technology who need toimplement and remediate required controls

Budgets/ Financial Input

• Assist with management of Security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Assist with contract negotiations and driving to conclusion

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology
• Security certification e.g. CISSP & CISM essential
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 6 years in IT, 4 of which as an Information Security Specialist in a large enterprise environment essential 
• Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network.
• Must have a wide breadth of knowledge and experience across security products, tools, and industry trends 
• Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
• Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
• Excellent written and verbal communication skills as well as business acumen and a commercial outlook
• Good analytic and problem-solving skills 
• Ability to work under pressure, as well as the ability to take independent initiative when needed. 

Training:

• Security certification courses
• Microsoft certifications
• Systems/Database/Network administration training
• Some training on Oracle, SUN Solaris and Linux is also required
• Training on any scripting language
• IP network related training
• Cloud security training
• Achirtect and design certifications