Latest Jobs at MTN

Mission/ Core purpose of the Job: 

• This role is responsible for embedding and maintaining technical security control requirements across MTN SA network, infrastructure and systems. Responsibilities include ensuring that appropriate security controls are implemented in the organisation by continuously reviewing and updating the policies, operational technology and security processes and standards in alignment to Group policies and latest global threats, ensuring optimal performance of the services and identify control efficiencies in how security is operated across all domains. The incumbent will also perform continuous technical security assurance on all Technology service areas to ensure audit compliance and minimized risk exposure. 

Key Performance Areas: 
Technical Excellence

• Analysis of known and emerging threats to determine risks against MTN SA assets
• Provide assurance that MTN SA assets are effectively managed and monitored to meet MTN SA security requirements - first-line management assurance  
• Review and document Information Security Processes and Procedures and meet governance in terms of policy, legislative and audit requirements and provide consultation to business with regard to this. 
• Identification and management of information security risks within MTN SA by assisting in identifying, defining and maintaining the information security policy and functional standards for the organisation
• Create and continuously review security governing principles to guide information, technology, and solution decision making for MTN SA
• Support the implementation of control mechanisms, which enable Information Security function to have a view of the status of information security within SA and Group 
• Report on mitigating actions required to correct or remedy actions where necessary and inform Technology Teams and relevant Business units of any significant changes and risk situations
• Consult to projects in terms of identifying risks, vulnerabilities and controls 
• Perform Security Assessments on internal environments or external 3rd party environments, with the purpose of identifying shortcomings which introduce risk, and make recommendations for changes or improvements
• Coordinate reporting and action plans in the event that a security incident does occur
• Conduct monthly security service/ posture reviews across the environment and present reports to the relevant business units and governance committees, both in SA and Group. 
• Represent Information Security in the relevant business areas in MTN SA as well as various IT/ Network and or Security committees and forums within MTN SA and Group.
• Drive the development and implementation of security strategy across MTN SA
• Provide on-going subject matter expert level consultation to MTN SA project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.  
• Ensure optimal performance of the security services and identify control efficiencies in how security is operated across all security domains. 
• Track and drive implementation of Technical Security Standards across the technology platforms. 
• Review and track all risk accepted and exception items and assist to build and manage the security compliance universe. Consult to projects (Business and Technology) in terms of identifying risks and specific vulnerabilities and controls for new implementations

Operational Delivery

• Perform management assurance on technical controls to minimise audit impact and risk exposure
• Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack MTN Mobile network and systems. 
• Work closely with the Technology teams to identify and select the right security controls to protect MTN's network & IT infrastructure, cloud and IoT solutions; define functional and non-functional security requirements and criteria to conduct technology evaluation and selection. 
• Manage and run governance for Technology Security function in line with Group Information Security and drive the implementation of security governance and ensure adherence to it. 
• Foster a security-conscious culture within MTN SA Technology and Business teams.
• Manage SLA’s and collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related conrol break-downs in the environment
• Support Business Risk Management in security related investigations 
• Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies. 
• Develop, monitor and measure the deployment of security standards  
• Ensure procurement practices adhere to security protocols and securiy is embedded into the procurement process consistently. 
• Collaborate with the Network Planning and Operations teams on shared policies and ensure alignment
• Work with internal stakeholders to define action plans to close or mitigate findings of auditors
• Proactively test for security related issues and propose remedial plans. 
• Manage security deliverables for Business Resilience programme as well as the POPI programme 
• Drive implementation and tracking of Critical Controls and reporting to Group
• Report on any residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and non-compliance. 
• Measure and report on the effectiveness of Information Security management and control activities to appropriate governance governance comittees.  
• Report at risk and audit committees and manage the actionable outcomes related to security. 

Supervisory Responsibilities

• The role requires management and supervision of the activities of a number of Team members across Technology who need toimplement and remediate required controls

Budgets/ Financial Input

• Assist with management of Security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Assist with contract negotiations and driving to conclusion

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology
• Security certification e.g. CISSP & CISM essential
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 6 years in IT, 4 of which as an Information Security Specialist in a large enterprise environment essential 
• Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network.
• Must have a wide breadth of knowledge and experience across security products, tools, and industry trends 
• Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
• Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
• Excellent written and verbal communication skills as well as business acumen and a commercial outlook
• Good analytic and problem-solving skills 
• Ability to work under pressure, as well as the ability to take independent initiative when needed. 

Training:

• Security certification courses
• Microsoft certifications
• Systems/Database/Network administration training
• Some training on Oracle, SUN Solaris and Linux is also required
• Training on any scripting language
• IP network related training
• Cloud security training
• Achirtect and design certifications

go to method of application »

Mission/ Core purpose of the Job: 

• This role is responsible for leading operational teams, designing and delivering technical security solution designs, standards and configurations for the Microsoft stack, including Active Directory (Azure and onsite), Azure, Microsoft SQL, Forefront identity manager, Exchange online, Office 365, EMS, and Intune. Special focus shall be given to integrating disparate identity management systems and ensuring the management of security compliance of Microsoft products is consolidated and improved across all Microsoft stacks in MTN SA.

Key Performance Areas: 
Technical Excellence

• Design, manage and implement Microsoft information systems security architectures (e.g., people, processes, technology)
• Responsible for the risk mitigation controls of key risk areas on Microsoft platforms, including security monitoring, patching, group policy and vulnerability management
• Research, Develop and implement Microsoft technical security solution designs 
• Determine a holistic view of security requirements on Microsoft platforms by evaluating current security operations and requirements; researching information security standards; identifying integration issues and preparing cost estimates
• Manage and Evaluate outsourced / third-party Azure environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information
• Manage and lead the development and implementation of security standards for all components of Microsoft application stacks (OS, DB, Middleware, Web etc.)
• Ensure a standardized and aligned approach (driven from Group Information Security) for Microsoft security architecture across MTN SA. 
• Roadmap definitions for security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

Operational Delivery

• Assist Senior Manager to develop, design and implement the overall information security architecture requirements and framework, overarched by the business risk strategy
• Work with Data Protection team to define and implement Office 365 Data leakage prevention policies for OneDrive, Exchange online and SharePoint and integration with other platforms
• Design, Configure and implement Microsoft Mobile Application/ Device management policies
• Perform best-practices risk assessments of Microsoft security stacks
• Design and consolidate disparate identity management architectures into a single identity management workflow via ADFS, Kerberos, LDAP, SAML, FIM etc. 
• Design and deploy security solutions on Azure solutions, Exchange, office 365 and hybrid Active directory
• Conduct research on security latest trends, plan and implement security solutions
• Technically manage and liaise with Systems Administrators for operational implementation of policies and security best practices
• Develop and translate the security requirements into a technical implementation plan
• Manage SLA’s and collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to servers, workstations and user productivity.
• Deploy and ensure adequate security standards across relevant environments
• Design and implement the infrastructure, configurations and processes to monitor security related events in the server environment
• Identify and prepare relevant information and data for reporting purposes
• Provide daily, weekly and monthly information security reports as per the business reporting requirements
• Support Business Risk Management in security related investigations 
• Develop, plan and action remedies required to prevent MTN exposure to security related threats
• Manage and perform security incident response
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment
• Conduct Research and maintain development policies to ensure security policies are up to date and cater for new technologies, including testing internal and external software development and procurement practices adhere to security protocols
• Define, develop, and implement Server and Desktop Security policies in alignment to Group Policy
• Collaborate with the Network Planning and Operations teams on shared policies
• Work with internal stakeholders to define action plans to close or mitigate findings of auditors
• Train stakeholders on security to raise the overall awareness
• Proactivity test for security related issues and propose remedial plans
• Develop, monitor and measure the deployment of security standards  
• Plan the life cycle of the security platforms 
• Conduct capacity planning - platforms are upgraded to ensure sufficient headroom 
• Propose and provide advice into the best platforms/solutions to minimise security related incidents  

Supervisory Responsibilities:

• The role requires Microsoft Architecture design, management and supervision of the activities of a number of Client Server Team members whose input is required before system changes can be made and / or who may implement the changes.

Budgets/ Financial Input

• Assist with management of departmental budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
• Levarage Vendor Relations 
• Assist with contract negotiations and driving to conclusion

Minimum Requirements  

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
• CISSP, CISM, SABSA, TOGAF or equivalent Information Security qualification or relevant proven working experience 
• Unix/Microsoft certification
• Azure, Office 365 and Windows Certifications.
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 6+ years of relevant work experience in Information Security with exposure to Active Directory, Azure AD, Office 365, Operating System, Application, Database and Network security. 
• Programming experience preferable, particularly scripting. 

Operating Systems 

1. Unix/Linux
2. Microsoft Windows Desktop and Server

• Databases Oracle, MySQL, SQL Server
• Active Directory (Security best practice, design, group policies)
• Networking, network protocols
• Development / Scripting - Any of the following (more than one preferable): C++, Java, Python, Perl, PHP, PowerShell, UNIX shell
• Vulnerability Management / Configuration Management Tools
• SIEM, Threat Intel and Event Management Tools
• Identity and Access management
• Digital forensics
• Cryptography
• Penetration testing
• Experience working in a large organization 

Training:

• Security certification courses
• Microsoft certifications
• Systems/Database/Network administration training
• Some training on Oracle, SUN Solaris and Linux is also required
• Training on any scripting language
• IP network related training
• Cloud security training
• Achirtect and design certifications

Please note that MTN is an equal opportunity employer. Should you not hear from us within 14 (fourteen) days from the closing date of this advertisement, you may consider your application to be unsuccessful.