Executive - Information Security (Group Technology) at MTN

Key Performance Areas

Governance 

Strategic Meetings

• Chair the Group Information Security Forum
• Co-Chair the Group Technology and Security Governance Council
• Represent Group Security at various governance forums, including but not limited to Group GOC, Group ERMCO, Fintech TSCG, Fintech ERMCO, AI Steerco
• Initiate and hold strategic meetings, ensure relevant participation and provide direction for the various discussions;
• Drive adequate risk mitigation and controls;
• Ensure Approval on new initiatives;
• Review and finalise objectives, targets and budgets;
• Authorise and / or secure relevant budget for internal projects;
• Authorise and / secure authorisation for  proposals on change initiatives; 
• Attend tactical meetings on a needs basis; and
• Evaluate areas of improvement across people, process and technology.

Escalations

• Manage and resolve issues that will result in severe time, scope, productivity and cost or resource impact; and
• Resolve and provide guidance to issues escalated.

Tactical

• Oversee all projects and initiatives that are aligned to strategic imperatives;
• Review key risks, issues and dependencies and set mitigation actions; and
• Sign-off / make decisions regarding tactical changes.

Performance

• Monitor and ensure alignment with MTN global strategy and per industry best practices;
• Review performance against agreed Key Performance Indicators (KPIs) 
• Ensure provision of appropriate support to commercial functions; and
• Evaluate plans for continuous improvement.

Reporting

• Report on a monthly basis to Group Chief Technology and Information Officer relating to progress made within the division and in accordance with the measurement metrics set by the organisation.
• Report on monthly basis to the Group Chief Business Risk officer of any risks identified.
• Report the operational security status across the Group (including Opcos and PlatformCos) on a weekly basis to the relevant organisation stakeholders across Group, Opcos and PlatformCos
• Perform on an adhoc basis on specific projects, as required.

Budgets

• Oversee divisional budgets in line with business objectives and facilitate forecasting;
• Oversee project initiative budgets in line with business objectives; and
• Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers.
• Contribute the OpCos and PlatformCos security budget guidelines to the overall technology budget guidelines

Operational Delivery

• Develop and implement the overall information security framework and strategy, overarched by the business risk strategy, ensuring the effective implementation and adherence across all the business;
• Drive the development and implementation of the requisite information security policies, procedures, guidelines and standards;
• Ensure that the security requirements for new information processing facilities have been identified and approved;
• Ensure that functional and technical security architectures are defined for the security of IT and telecom network infrastructure and monitor compliance thereof;
• Ensure that the technology architecture is effective to manage threats and re-architecture (if required) to ensure consolidation of systems, vendors, processes and procedures;
• Ensure that the information security policies, procedures, standards and guidelines for use throughout MTN are reviewed yearly and updated in a timely manner to accommodate changes in the Technology or business environment;
• Facilitate information security risk assessments in OPCOs and PlatformCOs to ensure threats are managed.
• Identify emerging information security trends in the telecom industry and engage the MTN stakeholders to ensure that threats are managed; 
• Define and communicate to management, the key threats to the information assets at various point of time;
• Encourage the participation of the managers, auditors, legal department and the staff members from various functions, who can contribute to compliance with the information security practices;
• Oversee (or assist, if required) the investigation of security threats or other attacks on the information assets at OPCOs and PlatformCOs;
• Ensure the maintenance and review of all critical incidents that have occurred and the corresponding resolution timeframe and inform the Executive Committee;
• Liaise with OPCO and PlatformCO to set up an Information security education and awareness program at the OPCO and PlatformCO level;
• Liaise with external entities - cyber security team and law enforcement – agencies, in case of an escalated security breach;
• Implementing cyber security management and driving the engagement across the MTN footprint;
• Engage the Business Risk and Audit teams to ensure alignment of security processes against business risk;
• Reporting at operations and audit committee and managing the actionable outcomes related to security.

Managerial / Supervisory Responsibilities

• Set overall direction for the division;
• Provide guidance and leadership ensuring future focus and current efficiency;
• Coach and mentor direct reports to ensure staff motivation is high;
• Ensure adequate succession planning and that succession plans that are in place are achieved;
• Ensure skill transfer for staff development, motivation and business continuity;
• Ensure the team is led, motivated and rewarded to achieve high performance areas;
• Ensure assigned team is led, motivated and rewarded to achieve KPAs;
• Ensure the effective management of diversity among personnel in the division;
• Identify staff training and development needs and implement necessary actions;
• Manage team (including recruitment, on-boarding, attrition);
• Set goals and objectives for direct reports, monitor progress and maintain motivation;
• Provide career development for direct reports (counselling, coaching, identifying key performance areas, career planning and goal setting);
• Set up appropriate structure to meet departmental management objectives; and
• Provide an advisory function on governance and best practices in client experience.

Collaboration

Responsibility towards: 

Key external stakeholders: 

• External Auditors
• Partners
• Distributors
• Vendors
• Law enforcement agencies
• GSMA
• Key internal stakeholders: 
• Group Exco
• Opco and  PlatformCo CEO’s
• Governance Forums
• Risk Committee
• Audit Committee
• Internal Auditors
• Group Privacy Office
• Business Risk 
• Compliance
• Information Technology
• Group CTIO
• Group Information Security Team 
• OpCo and PlatformCo Information Security Heads/ CIOs/ CTOs

QUALIFICATIONS

Education:

• 4 year Engineering/ Information Science Degree
• Masters in Information Science is preferred 
• CISSP certification
• Other preferred certifications are: CISA CISM, CBCP, ISO 27001, Lead Auditor or Lead Implementer

Experience:

• 12 - 15 years of relevant work experience in Information Technology (specifically security)
• 5-8 years of experience at the Senior Management level in the telecom industry 
• 5-8 years working experience in managing information security in a large organisation
• Experience in designing and implementing organisation wide information security governance, management, risk, operational and reporting frameworks
• Experience in managing and implementing large scale information security projects
• Experience in Governance, Enterprise Risk Management and Compliance, and security resilience
• Experience in Security Operations, Security Architecture, Cloud Security and Threat Intelligence
• Experience in Telco and core network security
• Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges
• Advanced working understanding of the information technology environment of a telecom company

Other:

• Fluent in English 
• Telecommunications industry experience 
• Global mindset to service worldwide operations
• Pan Africa and Middle East multi-cultural experience
• Multi-country operations oversight experience
• Willing and flexible to travel within Africa and Middle East
• Understanding of general regulatory requirements in the telecom industry