Job Vacancies at MTN South Africa

Mission

• The General Manager: Compliance and Ethics is accountable to lead the development, implementation, and management of the compliance program to evaluate the effectiveness of compliance controls established to comply with applicable regulatory requirements and internal policies and procedures for MTN.

Key Performance Areas: 

The General Manager: Compliance and Ethics will be accountable to achieve the following objectives:

• Build and maintain a compliance universe for both regulatory obligation and policies and   processes, that will be used as the base for development, enhancement, monitoring and oversight  over compliance requirements in this space
• Hold relevant business units accountable for the implementation of effective strategies to   ensure compliance to all relevant laws and regulations and policies and processes
• Stay abreast of all relevant compliance and regulatory requirements, assess the impact of these  and assess whether the business is adequately informed to prepare for changes
• Work with the MTN Regulatory functions and provide input into Regulatory policies/regulations,   legislative framework and future impact of new Regulatory policies and legislation – with a   specific focus on the impact of such regulations or policies on MTN’s business
• Monitor the effective cascading of the Compliance strategy into the Compliance Monitoring   business plans to ensure vertical alignment and horizontal integration with other interfacing   strategies
• Promote and support a risk minimizing culture in alignment with Compliance's role as the second  line of defence
• Monitor compliance to relevant laws and regulations and policies and processes, through the   introduction and execution of an effective compliance program 
• Provide input into development of new MTN policies around AML, Ethics, and other compliance   sub-functions
• Implement standards for testing methodologies, techniques and procedures and conduct robust   quality standard programme 
• Deliver an effective second line of defence through the operationalization of the Compliance  
• Monitoring and Testing model across MTN
• Monitor and report to MTN Executives on the compliance of best practice and processes 
• Maintain continuous oversight of collection and dissemination of any regulatory, Compliance   Monitoring and Testing and audit issues in order to provide ongoing advice and guidance to the  
• Executive: Risk and Compliance
• Promote and support a risk minimizing culture in alignment with Compliance's role as the second  line of defence
• Lobby key stakeholders to shape and change policy and draft legislation impacting on Compliance 
• Understand the impact of potential changes driven by regulators, industry, marketplace, and/or   legal environment and report these back to MTN Management
• Execute compliance audit programs to determine organisational vulnerabilities and highlight   risks
• Analyse Regulatory trends and perform risk assessments to identify areas of impact. Adapt the   compliance monitoring programs and company policies and processes accordingly. Assess whether   the business is informed accordingly in order to proactively prepare for changes 
• Manage the preparation and recommend the departmental budget and monitor financial performance   versus the budget while ensuring all departmental activities are conducted in line with the   approved guidelines
• Evaluate the effectiveness of existing policies and procedures, and work with business units to  initiate enhancements as identified 
• Act as a subject matter expert for issues related to policies and processes 
• Drive continuous improvement on standardization of processes across MTN along with business   units leading to an improved internal control environment 
• Establish training programs on monitoring and testing requirements. Create awareness within the  business on compliance monitoring and testing programs and methodologies
• Review the quality of Compliance Monitoring and Testing programs and continuously strive to   improve their maturity
• Report on monitoring and testing results to the Executive: Risk and Compliance and assist with   relevant Exco and Board reporting
• Provide input into strategies for ensuring future compliance and mitigation of risk i.e.   Material legislations, fines and reporting requirements for various regulators 
• Manage the effective achievement of assigned objectives through the Executive of the Compliance  department by setting of individual objectives, managing performance, developing and motivating  staff to maximise departmental performance
• Act as a link between third line assurance functions such as internal audit and first line audit 
• Lead the review and discussion on proposed policy changes recommended by Exco 

Key Deliverables

• Compliance with industry regulations and legislation
• Established and operationalise Compliance and Testing frameworks
• Mitigation of risk through updated processes and procedures
• Alignment of internal policies and procedures to industry regulations

Role Dependencies

• Active support from the Executive: Risk and Compliance
• Deep understanding of the MTN business strategy 
• Understanding of the relevant legal environments 
• Timely decision making and reporting 
• Alignment with Group risk and compliance initiatives

Education:

• Minimum of 4 year tertiary degree
• MBA or Masters advantageous
• Relevant certification / accreditation / membership with professional body as required for role  
• Fluent in English 

Experience:

• 5 years Senior Management experience or more; with at least 3 years in relevant sector /  industry /area of specialisation (an understanding of emerging markets is advantageous)
• Worked across diverse cultures and geographies
• Experience working in a medium to large organization 

Competencies:

• Strategy Formulator, Decisive Problem Solver, Innovative Value Creator
• Culture and Change Champion, Inspiring People Leader, Relationship Builder
• Results Achiever, Operationally Astute

Other:

• Local travel

go to method of application »

Mission/ Core purpose of the Job: 

• This role is responsible for leading operational teams, designing and delivering technical security solution designs, standards and configurations for the Microsoft stack, including Active Directory (Azure and onsite), Azure, Microsoft SQL, Forefront identity manager, Exchange online, Office 365, EMS, and Intune. Special focus shall be given to integrating disparate identity management systems and ensuring the management of security compliance of Microsoft products is consolidated and improved across all Microsoft stacks in MTN SA.

Key Performance Areas: 
Technical Excellence

• Design, manage and implement Microsoft information systems security architectures (e.g., people, processes, technology)
• Responsible for the risk mitigation controls of key risk areas on Microsoft platforms, including security monitoring, patching, group policy and vulnerability management
• Research, Develop and implement Microsoft technical security solution designs 
• Determine a holistic view of security requirements on Microsoft platforms by evaluating current security operations and requirements; researching information security standards; identifying integration issues and preparing cost estimates
• Manage and Evaluate outsourced / third-party Azure environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information
• Manage and lead the development and implementation of security standards for all components of Microsoft application stacks (OS, DB, Middleware, Web etc.)
• Ensure a standardized and aligned approach (driven from Group Information Security) for Microsoft security architecture across MTN SA. 
• Roadmap definitions for security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

Operational Delivery

• Assist Senior Manager to develop, design and implement the overall information security architecture requirements and framework, overarched by the business risk strategy
• Work with Data Protection team to define and implement Office 365 Data leakage prevention policies for OneDrive, Exchange online and SharePoint and integration with other platforms
• Design, Configure and implement Microsoft Mobile Application/ Device management policies
• Perform best-practices risk assessments of Microsoft security stacks
• Design and consolidate disparate identity management architectures into a single identity management workflow via ADFS, Kerberos, LDAP, SAML, FIM etc. 
• Design and deploy security solutions on Azure solutions, Exchange, office 365 and hybrid Active directory
• Conduct research on security latest trends, plan and implement security solutions
• Technically manage and liaise with Systems Administrators for operational implementation of policies and security best practices
• Develop and translate the security requirements into a technical implementation plan
• Manage SLA’s and collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to servers, workstations and user productivity.
• Deploy and ensure adequate security standards across relevant environments
• Design and implement the infrastructure, configurations and processes to monitor security related events in the server environment
• Identify and prepare relevant information and data for reporting purposes
• Provide daily, weekly and monthly information security reports as per the business reporting requirements
• Support Business Risk Management in security related investigations 
• Develop, plan and action remedies required to prevent MTN exposure to security related threats
• Manage and perform security incident response
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment
• Conduct Research and maintain development policies to ensure security policies are up to date and cater for new technologies, including testing internal and external software development and procurement practices adhere to security protocols
• Define, develop, and implement Server and Desktop Security policies in alignment to Group Policy
• Collaborate with the Network Planning and Operations teams on shared policies
• Work with internal stakeholders to define action plans to close or mitigate findings of auditors
• Train stakeholders on security to raise the overall awareness
• Proactivity test for security related issues and propose remedial plans
• Develop, monitor and measure the deployment of security standards  
• Plan the life cycle of the security platforms 
• Conduct capacity planning - platforms are upgraded to ensure sufficient headroom 
• Propose and provide advice into the best platforms/solutions to minimise security related incidents  

Supervisory Responsibilities:

• The role requires Microsoft Architecture design, management and supervision of the activities of a number of Client Server Team members whose input is required before system changes can be made and / or who may implement the changes.

Budgets/ Financial Input

• Assist with management of departmental budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Levarage Vendor Relations 
• Assist with contract negotiations and driving to conclusion

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
• CISSP, CISM, SABSA, TOGAF or equivalent Information Security qualification or relevant proven working experience 
• Unix/Microsoft certification
• Azure, Office 365 and Windows Certifications.
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 6+ years of relevant work experience in Information Security with exposure to Active Directory, Azure AD, Office 365, Operating System, Application, Database and Network security. 
• Programming experience preferable, particularly scripting. 
• Operating Systems 
  • Unix/Linux
  • Microsoft Windows Desktop and Server
• Databases Oracle, MySQL, SQL Server
• Active Directory (Security best practice, design, group policies)
• Networking, network protocols
• Development / Scripting - Any of the following (more than one preferable): C++, Java, Python, Perl, PHP, PowerShell, UNIX shell
• Vulnerability Management / Configuration Management Tools
• SIEM, Threat Intel and Event Management Tools
• Identity and Access management
• Digital forensics
• Cryptography
• Penetration testing
• Experience working in a large organization 

Training:

• Security certification courses
• Microsoft certifications
• Systems/Database/Network administration training
• Some training on Oracle, SUN Solaris and Linux is also required
• Training on any scripting language
• IP network related training
• Cloud security training
• Achirtect and design certifications

The closing date is: 9 December 2020

go to method of application »

Mission/ Core purpose of the Job: 

• This role reports into the MTN SA Hub that provides Information Security Services to the identified Spoke MTN Operating Companies (Opcos). The role is responsible for embedding and maintaining technical security architecture and controls requirements across MTN infrastructure, applications and networks. This includes identifying security threats, software vulnerabilities, and building robust security systems. The role will research and investigate the potential impact of new threats and exploits, plan and prepare solution designs, standards and configurations, and engagement models to be implemented across all business areas, core systems, third-party interfaces, and the internal core network interfaces. This role will be a valued partner to development and engineering teams and technology operations teams to ensure secure architectures, patterns, and solutions are created and maintained.

Key Performance Areas: 

• Key Deliverables - Ensure clear execution on below delivery from SA Hub Opco to allocated Spoke Opcos
• Provide security guidance and review on business and technology products/ solutions, model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack MTN systems. 
• Prevent unauthorized access and malware infection of networks, infrastructure applications using security countermeasures. 
• Implement policies and standards for anti-virus and malware protection requirements in line with Group Information Security policies and localised Hub policies.
• Conduct network and/or system monitoring for malicious activities or policy violations.
• Implement firewall rule request, review, and approval process as per Group defined standards and Hub processes.
• Define local Opco security policies and standards for applications and endpoint protection
• Implement policies and standards to protect data, applications, and the associated infrastructure that reside in a public cloud
• Set standards to prevent transmission of malware and spam via email.
• Implement and maintain secure configuration / hardening standards in line with approved standards.
• Implement policy on web content types/categories that is permissible to access as per Policy
• Work with Data Protection team to define and implement Office 365 Data leakage prevention policies for OneDrive, Exchange online and SharePoint and integration with other platforms
• Configure and implement Mobile Application/ Device management policies
• Provide technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defense operations.
• Provide technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
• Participate in and lead the security design and implementation of all products across Financial Services, Consumer, Enterprise, Technology and Digital - design phase security and post implementation.
• Evaluate the ongoing effectiveness of security controls established to ensure the safety of the MTN SA product and application suits. 
• Develop a comprehensive set of cyber-security policies and procedures governing hosted and SaaS environments. 
• Ensure that third party solutions and products follow MTN Controls standards.
• Review the security design of MTN applications and products, drive the testing process (prior to deployment). 
• Build security into MTN Software Development Lifecycle; creating and maintaining secure software development/ acquisition methodology - secure application development/ acquisition and coding practices across all development teams (internal and 3rd Party), security testing for existing and new systems, defining processes and establishing meaningful metrics for management. 
• Work with the product teams to identify and assist with the implementation of policy, process, people and technology improvements. This includes the use of automation and security specific testing tooling; Analysing and providing remediation guidance for identified weaknesses or vulnerabilities; validate and verify remediation implementation.
• Evaluate and oversee the security of outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information: 
• Implement Group reference architecture for integrating with third parties and partners
• Implement mechanisms for vetting and implementing integration with cloud providers
• Implement architectural and development standards for third party application security
• Act as a subject matter expert to application development and support personnel for any/all issues regarding the security design or use of applications. This includes enterprise operational staff and business unit personnel.
• Create and execute a training and awareness program for secure coding/ development and best practice 
• Assist in executing upgrades to existing systems, communications and coordination of change with impacted departments, directly or through delegation
• Activities that are not executable from the Hub Opco needs to be raised to the relevant stakeholder to ensure cyber security risks are addressed. 
• Build a strong relationship with Spoke Opco to ensure delivery. 
• Where there are challenges to perform tasks remotely, ensure the Spoke Opco execute actions that are in line with above mentioned activities. 
• Where there are challenges to execute actions remotely, the incumbent needs to resolve the challenges in a timely manner and inform the relevant stakeholders.

Budgets

• Assist with management of departmental budgets in line with business objectives and facilitate forecasting
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers.
• Assist Spoke Opcos with contract negotiations

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
• CISSP/CEH/ CGEIT certification (one of)
• Business analysis/architecture qualifications
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 5+ years of relevant work experience in Information Security 
• Experience in managing and implementing large scale security projects
• Advanced working understanding of the information and technology environment of a bank or telecom company
• Other security experience such as incident handling (from appsec perspective), architecture, operations, GRC, OWASP, etc
• Knowledge of application architectures and application development with at least one modern programming language.
• Knowledge of DevOps and Agile methods
• Knowledge of threat modelling  
• Ability to express complex technical security control concepts passionately and effectively
• Ability to work well with people from different disciplines and countries with varying degrees of technical experience.
• Ability to communicate effectively when dealing with business customers and suppliers.
• Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, GDPR, PCI, etc.