Senior Specialist - Information Systems Security Technology Information at MTN

Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA's)
Key Deliverables

Technical Excellence:

• Participate in and lead the security design and implementation of all products across Consumer, Enterprise, Technology, Digital and Financial Services - design phase security architecture and post implementation.
• Experience with Cloud Security platform vendors and technologies such as Azure, and GCP Drive the design and implementation of secure technologies and applications in support of Enterprise-wide and Business Unit applications. 
• Plan and document the life cycle of all the security platforms. 
• Conduct capacity planning and ensure that security platforms are upgraded to ensure sufficient headroom. 
• Propose and provide advice into the best platforms/solutions to minimise security related risks and incidents. 
• Partner with IT and risk management to develop a comprehensive set of cyber-security policies and procedures governing hosted and SaaS environments.
• Provide security architectural guidance and review on business and technology products/ solutions 
• Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack MTN systems. 
• Follow the architecture analysis process, which consists of research, validation and evaluation of all new initiatives, with phase gates reviews presented to all stakeholders during the process.
• Ensure that third party solutions and products follow MTN Controls standards.
• Review the security architecture design of MTN applications and products, for cloud and on-prem. Perform best-practices risk assessment of MTN’s products’ security stacks.
• Perform security incident response and management.
• Document and operationalize the processes and procedures necessary to sustain the security posture of the environment.
• Work with the product and existing Security teams to identify and assist with the building and implementation of policies, standards, processes, risk and control frameworks that meet MTNSA’s business requirements. 
• Evaluate and oversee the security of outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information:
• Implement reference architecture for integrating with third parties and partners.
• Implement mechanisms for vetting and implementing integration with cloud providers.
• Develop and implement architectural and development standards for third party technologies.
• Act as a subject matter expert and provide consistent interpretation of security controls and requirements to MTNSA security teams, application development and support personnel. This includes enterprise operational staff and business unit personnel. 
• Evaluate outsourced mobile money integration points to ensure they provide adequate protection for the processing, transmission, and storage of transactions.

Operational Delivery: 

• Assist Senior Manager Security Architecture to develop and implement the cyber security architecture requirements and framework, overarched by the business risk strategy.
• Responsible for the development and implementation of the security architecture roll-out definition and actualization of products via third parties
• Roadmap definitions for security systems of key products by monitoring security environment; identifying security gaps; evaluating and implementing enhancements. 
• Utilize security tools for the Technology Security program such as static and dynamic code analysis tools and develop continual improvement program.
• Assist with cybersecurity control reviews and create secure reusable patterns for new technologies.
• Participate in information security operations duties, including occasional incident response escalations.
• Perform risk and threat assessments.
• Implement and ensure ongoing compliance of key technologies e.g., IAM, Vulnerability Management, Mobile and Digital Security Solutions
• Stay abreast of current and evolving technologies in the cybersecurity security area.

Job Requirements (Education, Experience, and Competencies)

Education: 

• Minimum of 3 years tertiary qualification in Information Technology/ Engineering
• CISSP/CISM/CGEIT certification (one of)
• SABSA, Cloud Security and/or TOGAF qualification will be an advantage.
• Business analysis/architecture qualifications
• Other qualifications (CompTIA Security+, ITIL, COBIT) advantage
• Fluent in English 

Experience:

• Minimum of 3+ years of relevant work experience in Information Security 
• Experience in designing and implementing cybersecurity systems architectures.
• Experience in managing and implementing large scale security projects.
• Advanced working understanding of the information technology environment of a telecom company
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Other security experience such NAC, CyberArk, Cisco ISE, CASB Solution Netskope, Web security technologies, architecture, operations, GRC, OWASP, etc
• Able to provide the Project and existing Security teams the necessary guidance to build policies, standards, risks and controls frameworks that meet MTN Group and operational requirements of the business. 
• Design and implementation of NGFW PA / Fortinet /, IOT, End point protection, multi-factor authentication
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc) and other IAM technologies
• Understanding of the implementation, operation and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus and AD security products
• Knowledge of web application architectures
• Knowledge of threat modelling 
• Experience working in a global/multinational enterprise (understanding emerging markets is advantageous).
• Worked across diverse cultures and geographies.