Senior Specialist: Windows Security at MTN

Mission/ Core purpose of the Job: 

• This role is responsible for leading operational teams, designing and delivering technical security solution designs, standards and configurations for the Microsoft stack, including Active Directory (Azure and onsite), Azure, Microsoft SQL, Forefront identity manager, Exchange online, Office 365, EMS, and Intune. Special focus shall be given to integrating disparate identity management systems and ensuring the management of security compliance of Microsoft products is consolidated and improved across all Microsoft stacks in MTN SA.

Key Performance Areas: 
Technical Excellence

• Design, manage and implement Microsoft information systems security architectures (e.g., people, processes, technology)
• Responsible for the risk mitigation controls of key risk areas on Microsoft platforms, including security monitoring, patching, group policy and vulnerability management
• Research, Develop and implement Microsoft technical security solution designs 
• Determine a holistic view of security requirements on Microsoft platforms by evaluating current security operations and requirements; researching information security standards; identifying integration issues and preparing cost estimates
• Manage and Evaluate outsourced / third-party Azure environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information
• Manage and lead the development and implementation of security standards for all components of Microsoft application stacks (OS, DB, Middleware, Web etc.)
• Ensure a standardized and aligned approach (driven from Group Information Security) for Microsoft security architecture across MTN SA. 
• Roadmap definitions for security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

Operational Delivery

• Assist Senior Manager to develop, design and implement the overall information security architecture requirements and framework, overarched by the business risk strategy
• Work with Data Protection team to define and implement Office 365 Data leakage prevention policies for OneDrive, Exchange online and SharePoint and integration with other platforms
• Design, Configure and implement Microsoft Mobile Application/ Device management policies
• Perform best-practices risk assessments of Microsoft security stacks
• Design and consolidate disparate identity management architectures into a single identity management workflow via ADFS, Kerberos, LDAP, SAML, FIM etc. 
• Design and deploy security solutions on Azure solutions, Exchange, office 365 and hybrid Active directory
• Conduct research on security latest trends, plan and implement security solutions
• Technically manage and liaise with Systems Administrators for operational implementation of policies and security best practices
• Develop and translate the security requirements into a technical implementation plan
• Manage SLA’s and collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to servers, workstations and user productivity.
• Deploy and ensure adequate security standards across relevant environments
• Design and implement the infrastructure, configurations and processes to monitor security related events in the server environment
• Identify and prepare relevant information and data for reporting purposes
• Provide daily, weekly and monthly information security reports as per the business reporting requirements
• Support Business Risk Management in security related investigations 
• Develop, plan and action remedies required to prevent MTN exposure to security related threats
• Manage and perform security incident response
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment
• Conduct Research and maintain development policies to ensure security policies are up to date and cater for new technologies, including testing internal and external software development and procurement practices adhere to security protocols
• Define, develop, and implement Server and Desktop Security policies in alignment to Group Policy
• Collaborate with the Network Planning and Operations teams on shared policies
• Work with internal stakeholders to define action plans to close or mitigate findings of auditors
• Train stakeholders on security to raise the overall awareness
• Proactivity test for security related issues and propose remedial plans
• Develop, monitor and measure the deployment of security standards  
• Plan the life cycle of the security platforms 
• Conduct capacity planning - platforms are upgraded to ensure sufficient headroom 
• Propose and provide advice into the best platforms/solutions to minimise security related incidents  

Supervisory Responsibilities:

• The role requires Microsoft Architecture design, management and supervision of the activities of a number of Client Server Team members whose input is required before system changes can be made and / or who may implement the changes.

Budgets/ Financial Input

• Assist with management of departmental budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Levarage Vendor Relations 
• Assist with contract negotiations and driving to conclusion

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
• CISSP, CISM, SABSA, TOGAF or equivalent Information Security qualification or relevant proven working experience 
• Unix/Microsoft certification
• Azure, Office 365 and Windows Certifications.
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 6+ years of relevant work experience in Information Security with exposure to Active Directory, Azure AD, Office 365, Operating System, Application, Database and Network security. 
• Programming experience preferable, particularly scripting. 
• Operating Systems 
  • Unix/Linux
  • Microsoft Windows Desktop and Server
• Databases Oracle, MySQL, SQL Server
• Active Directory (Security best practice, design, group policies)
• Networking, network protocols
• Development / Scripting - Any of the following (more than one preferable): C++, Java, Python, Perl, PHP, PowerShell, UNIX shell
• Vulnerability Management / Configuration Management Tools
• SIEM, Threat Intel and Event Management Tools
• Identity and Access management
• Digital forensics
• Cryptography
• Penetration testing
• Experience working in a large organization 

Training:

• Security certification courses
• Microsoft certifications
• Systems/Database/Network administration training
• Some training on Oracle, SUN Solaris and Linux is also required
• Training on any scripting language
• IP network related training
• Cloud security training
• Achirtect and design certifications

The closing date is: 9 December 2020