Specialist Process Engineer Jobs in Roodepoort

About the job

The Consultant Security Policy & Standards role will manage and oversee the GIS policy and standards relating to risks assessment and acceptance across the MTN Group. The purpose of the job will be to drive information security governance standards and policies to internal stakeholders across the MTN business. The incumbent will be responsible for the implementing the GIS standards as well as ensuring uptake and acceptance thereof. Moreover, the incumbent is responsible for continuously updating and measuring and reporting of compliance against the security standards and policies as well as act as a liaison for security auditing purposes

Context

MTN is entering a new phase in its lifecycle where operational and commercial excellence has become critical for success. The urgency for change has become more heightened amidst increased competitive intensity across all markets in which MTN operates. The Group’s CTIO function must therefore ensure the successful delivery in context of:

• Rapidly changing ICT environment
• The geographic complexity of MTN’s footprint across Africa and the Middle East
• Management of executive and local shareholder expectations across all 22 OpCos
• Achievement of top quartile operating efficiency and effectiveness through scale and common processes
• Driving growth through business intelligence and standardization to maximize business impact
• Management of customer and supplier expectations
• Enhance MTN position as a leading network and system provider
• Constant dynamics and local challenges in the economic, regulatory and legal environments

Key Performance Areas

The Consultant Security Policy & Standards will be accountable for delivery on the following Key Performance Areas:

• Assist in the development and updating of the group wide Information Security Risk management standards and policies including the process to manage deviations or risk;
• Implement best in class Information Security risk management standards and practices across Telecommunications as well as ICT, and assist senior management identifying emerging trends and threats and incorporating them into MTN;
• Assist in the effective implementation of the Information Security Risk Management Frameworks
• Provide input into the development of a Risk Treatment Plan aimed at the identification and flagging of unacceptable levels of risk and the methods for mitigating such risk;
• Works with MTN business units and OPCO’s and with other risk management/assurance functions to identify security requirements, using various method such as risk and business impact assessments;
• Reports to management concerning residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and noncompliance;
• Develop and maintain GIS security standards and policy documentation to be agreed upon and implemented within the business;
• Researches and assesses new threats, developments and best practice from a security standards perspectives and recommends appropriate updates to the risk acceptance and risk treatment plan;
• Raise the security awareness relating to security standards and education level of MTN employees and business partners;
• Conduct reporting relating to non-compliance or breach or security standards and policies;
• Develop a process for mitigating risk as well as for addressing non-compliance to security standards aligned to MTN’s holistic risk management framework.
• Ensures that the Information Security standards and policies encompasses information privacy, information regulatory compliance, information technology controls, computer security, identity and access management and disaster recovery.
• Ensures that security standards are entrenched into projects and systems;
• Continuously evaluate and improve the vulnerability management processes and technology;
• Assists the Senior Manager in facilitating information security risk assessments in OPCOs to ensure threats are managed;
• Engage the Business Risk and Audit teams to ensure alignment of security processes against business risk;
• Work with process owners to implement GIS standards recommendations appropriate for the target maturity for their area;
• Assesses compliance to Security governance frameworks and policies;
• Facilitate internal audits and external assessments of processes and plan improvement activities accordingly;
• Review GIS process audit reports;
• Obtain reasonable assurance that GIS risk standards and policies are appropriate within the MTN’s risk appetite;
• Identify high risk/priority processes for improvement;
• Obtain independent assurance over the GIS governance status including target maturity levels and related benchmarks.
• Report/escalate relevant security standards and policy non-compliance issues to Senior Management.
• Manage key security standards and risks, issues and dependencies and set mitigation actions
• Coordinating the process of continuous improvement in respect to information security standards and policies;
• Facilitate periodic independent assessments of the status of security policies and standards in the group and across OPCOs with relevant audit teams;
• Drive implementation of security standards and policy integration across the business;
• Review performance against agreed Key Performance Indicators (KPIs)
• Ensure provision of appropriate support to commercial functions
• Assist the internal audit function in terms of audit planning to ensure that information security alignment to standards and policies relating to risks are incorporated within the Audit;
• Resolve information security audit issues and risks identified (in relation to security standards and policies) across MTN Opco’s.
• Identification of root causes for the lack of compliance
• Collaborate and provide security standards and policy compliance/noncompliance results and metrics for consistent reporting for operational and governance purposes; collaborate and coordinate remediation plans and activities
• Define and Initiate consequence management for non-compliance (internal / external)
• Serve the OPCOs in executing the external vulnerability management process and driving internal VM capability through the OPCOs
• Identify training requirements and facilitate the training of staff (Group and Opco) in the Vulnerability management disciplines.

Role Dependencies

• Active support from the Group CTIO; Executive: Information Security
• OPCO LISO’s, Regional Coordinators, Governance Forums, Audit Committee, Internal Auditors, Business Risk, Compliance
• Deep understanding of the MTN business strategy
• Understanding of the OpCo technology, business and regulatory context
• Timely decision making and reporting
• Alignment of OpCo and Group strategy initiatives

Job Requirements

Education:

• 4 year Engineering/ Information Science Degree
• Masters in Information Science is preferred

Industry/Certifications

• CISSP certification
• Other preferred certifications are: CISA, CISM, CGEIT, CRISC, CBCP, ISO 27001 Lead Auditor or Lead Implementer
• Qualys, Nessus and/or other VM platform certified
• ITIL Certification is Advantageous

Experience:

• 5 – 8 years of relevant work experience in Information Technology (specifically security)
• 2 – 4 years of experience at the Management level in the telecom industry
• 2 – 4 years working experience in the management of information security threat and vulnerability in a large organisation would be advantageous (establishment of the process, implementation of the toolset and integration with requisite processes such as threat intelligence, CMDB and service management), driving closure of vulnerabilities to improve the profile of the organisation.
• Experience in implementing large scale information security projects.
• Experience in Governance, Enterprise Risk Management and Compliance
• Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges.
• Advanced working understanding of the information technology environment of a telecom company

Other:

• Fluent in English, French and/or Farsi an advantage
• Global mindset to service worldwide operations
• Pan Africa and Middle East multi-cultural experience
• Willing and flexible to travel within Africa and Middle East
• Understanding of general regulatory requirements in the telecom industry