The MTN Group Human Resources Department informs staff about an external call for applications for the following position :
|Profile :|| |
Senior Specialist Data Protection and IAM
|Number of position :||01|
|Entity:||WECA Information Security Hub|
|Hierarchy:||Senior Manager Security Managed Services|
|Deadline for application :||08 November 2020|
| MISSION |
This role reports into the MTN IC Hub that provides Information Security Services to the identified Spoke MTN Operating Companies (Opcos). The responsibilities of this role include designing, implementing and maintaining identity and access management (IAM) solutions and processes (based on Group Ref architecture) related to authorization, authentication, identity registry management, and identity lifecycle in the Spoke Opcos’ data repositories. The role is also responsible for for providing data protection services to the Spoke Opcos. The Specialist will anticipate data security requirements and identify sound security controls for applications, systems and processes. All IT and Network environments of the supported Opcos are within scope of this role.
Implement business processes and policies related to controlling access to data, protection strategies, architectures and implementation plans in alignment to Group Policy and Reference Architecture. Work closely with Privacy teams of Spoke Opcos to ensure potential and real incidents of data leakage are resolvedProvide security guidance and review on business and technology solutions, model threats and risks as well as the controls necesICry to mitigate them, on both an organiICtional and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack MTN systems. Implement policies and standards to protect data, applications, and the associated infrastructure that reside in a public cloudImplement Data Leakage Prevention policies for Office 365 Data leakage prevention policies for OneDrive, Exchange online and SharePoint and integration with other platformsConfigure and implement Mobile Application/ Device management policiesDefine local Opco security policies and standards for database protectionImplement information security controls to protect databases and stored dataDemonstrate architectures, methods and controls required to meet stringent compliance and audit requirementsArchitect, engineer and support data security solutions from pre-deployment through deployment and postReview plans to ICfeguard sensitive data against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needsProactively assess DLP ICfeguards across the DLP tool suite to identify potential risks and perform trend analysisProvide technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities. Administer and support data loss prevention solutions, creating and implementing Data Loss Prevention (DLP) rules that trigger on specific conditions to data attributes or data class.Create Regular Expression rules that work against a wide range on premise and cloud-based solutionsAssist in identifying, assessing, and recommending security software, processes, and services to Senior Manager Security Managed Services based on business plans and security gaps, as appropriate.Recognize and identify potential areas where existing data security policies, procedures, and controls require change, or where new ones need to be developed.Maintains an awareness of industry trends and emerging risks, and proposes relevant company response.Provide support to manage critical issues that may affect customers, including determining short-term solutions.Complete status and statistical reports in assigned area as required Provide support to Senior Manager Security Managed Services in partnering with legal, privacy and audit departments to ensure compliance with policy and regulatory requirements.Lead the daily operations of Access Provisioning, aligning with best practice standards and information security policies and procedures. Oversee the design, installation, configuration and support of IAM security technologies across the Spoke OpcosEnsure that the security solutions and architectural designs utilize the IAM security components necesICry to meet MTN and regulatory requirementsDefine local Spoke Opco policies, standards, and procedures for remote access and remote access security with alignment to Group standards. Assess and develop IAM roadmaps to improve the Opcos’ security posture by identifying security gaps to manage existing and emerging security risksLead efforts and participate in audits covering IAM services and technologies in the OpcosAssist in executing upgrades to existing systems, communications and coordination of change with impacted departments, directly or through delegationActivities that are not executable from the Hub Opco needs to be raised to the relevant stakeholder to ensure cyber security risks are addressed. Build a strong relationship with Spoke Opco to ensure delivery. Where there are challenges to perform tasks remotely, ensure the Spoke Opco execute actions that are in line with above mentioned activities. Where there are challenges to execute actions remotely, the incumbent needs to resolve the challenges in a timely manner and inform the relevant stakeholders.
Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ EngineeringCISSP/CEH/ CGEIT certification (one of)Business analysis/architecture qualificationsOther qualifications (ITIL, TMF, COBIT) advantage.
Minimum of 5+ years of relevant work experience in Information Security Experience in managing and implementing large scale security projectsAdvanced working understanding of the information and technology environment of a bank or telecom companyFluent in English and overall business acumen Understanding emerging markets advantageousWorked across diverse cultures and geographiesPan Africa multi-cultural experience is advantageous.
Strong knowledge of data protection software and hardware solutions, including transparent solutions [SQL, Oracle TDE]Knowledge of data security mechanisms with an understanding of cryptographic techniques and protocols. This can include symmetric and asymmetric encryption algorithms [AES, RIC], hashing algorithms [SHA/HMAC] and data in transit protection protocols [TLS/IPSec].Knowledge of data security standards Basic knowledge of DLP solutions Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, POPI, GDPR, PCI, etc.
Experience implementing solutions beyond analysis/assessment that meet requisite compliance. Experience in a technical customer-facing consulting or advisory role. Experience implementing data security solutions for applications [Java, .net, web services] and databases [Oracle, MS-SQL]. Ability to express complex technical security control concepts passionately and effectively. Ability to work well with people from different disciplines and countries with varying degrees of technical experience. Ability to communicate effectively when dealing with business customers and suppliers.
BEHAVIORAL QUALITIES Head – Big Picture Focus (20)
Strategy Implementers – Ensures execution of strategies through creating and implementing tactical plans for others to follow Decisive Problem Solver – Has the mental agility to identify business challenges and explore effective solutions through effective influencing . Best Practice Value Creator – Encourages commercial innovation and continuous improvement for systems, processes, products and service offerings
Heart – Emotionally Intelligent (30)
Culture and Change Champion – Role models ethical practices by living the MTN values and vital behaviours for others to follow Guiding People Manager – Is self-aware and guides team capability development through opportunity creation for realising potential Relationship Builder – Builds relationships across the business in order to influence decision-makers and build team credibility.
Hands – Results Focused (40)
Results Achiever – Produces sustainable divisional results through ethical practices Operationally Astute – Sets priorities, plans, organizes and co-ordinates the work of others.
Lives MTN Values : Leadership, Integrity, Relational, Innovation, Can-DoDemonstrates vital behaviors of MTN: Active Collaboration, Total Responsibility, Courage, Get-it-done.
Send resumes by email to the following address firstname.lastname@example.org before 08 November 2020, Deadline for applications.