Specialist - Application and Endpoint Security Technology Information at MTN

Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA's)
Key Deliverables

Solutions Delivery

• Provide security guidance and review on business and technology products/ solutions, model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding, and anticipating the moves and tactics that a hacker might use to attack MTN systems. 
• Prevent unauthorized access and malware infection of networks, infrastructure applications using security countermeasures. 
• Assist in implementing policies and standards for anti-virus and malware protection requirements in line with Group Information Security policies and localised Hub policies.
• Conduct network and/or system monitoring for malicious activities or policy violations.
• Assist in implementing firewall rule request, review, and approval process as per Group defined standards and Hub processes.
• Support in the Definition of local Opco security policies and standards for applications and endpoint protection.
• Assist in implementing policies and standards to protect data, applications, and the associated infrastructure that reside in a public cloud.
• Establish guidelines to proactively deter the transmission of malware and spam through email.
• Assist in implementing and maintaining secure configuration / hardening standards in line with approved standards.
• Assist in implementing policy on web content types/categories that is permissible to access as per Policy.
• Configure and implement Mobile Application/ Device management policies.
• Provide technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and network decoy and deception operations in support of computer intrusion defence operations.
• Provide technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
• Participate in the security design and implementation of all products across Financial Services, Consumer, Enterprise, Technology and Digital - design phase security and post implementation.
• Evaluate the ongoing effectiveness of security controls established to ensure the safety of the MTN SA product and application suits. 
• Develop a comprehensive set of cyber-security policies and procedures governing hosted and SaaS environments. 
• Ensure that third party solutions and products follow MTN Controls standards.
• Review the security design of MTN applications and products, drive the testing process (prior to deployment). 
• Build security into MTN Software Development Lifecycle; creating and maintaining secure software development/ acquisition methodology - secure application development/ acquisition and coding practices across all development teams (internal and 3rd Party), security testing for existing and new systems, defining processes and establishing meaningful metrics for management. 
• Work with the product teams to identify and assist with the implementation of policy, process, people, and technology improvements. This includes the use of automation and security specific testing tooling; Analysing and providing remediation guidance for identified weaknesses or vulnerabilities; validate and verify remediation implementation.
• Evaluate the security of outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information: 
• Assist in implementing Group reference architecture for integrating with third parties and partners.
• Assist in implementing mechanisms for vetting and implementing integration with cloud providers.
• Assist in implementing architectural and development standards for third party application security.
• Serve as a proficient resource for application development and support teams, offering expertise on all matters related to the security design and utilization of applications. This includes enterprise operational staff and business unit personnel.
• Monitor and manage a training and awareness program for secure coding/ development and best practice. 
• Assist in executing upgrades to existing systems, communications, and coordination of change with impacted departments, directly or through delegation.
• Identify and escalate activities that cannot be executed from the Hub Opco to the appropriate stakeholders to ensure the effective mitigation of cybersecurity risks.Build a strong relationship with Spoke Opco to ensure delivery. 
• Where there are challenges to perform tasks remotely, ensure the Spoke Opco execute actions that are in line with above mentioned activities. 

Job Requirements (Education, Experience, and Competencies)
Education: 

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology/ Engineering
• CISSP/CEH/CASP/CASE certification (one of)
• Business analysis/architecture qualifications
• Other qualifications (ITIL, COBIT, ISO27001, CCSLP) advantage
• Fluent in English 

Experience:

• Minimum of 5+ years of relevant work experience in Information Security 
• Experience in managing and implementing large scale security projects.
• Advanced working understanding of the information and technology environment of a bank or telecom company
• Other security experience such as incident handling (from AppSec perspective), architecture, operations, GRC, OWASP, etc
• Knowledge of application architectures and application development with at least one modern programming language.
• Knowledge of DevOps and Agile methods
• Knowledge of threat modelling 
• Ability to express complex technical security control concepts passionately and effectively.
• Ability to work well with people from different disciplines and countries with varying degrees of technical experience.
• Ability to communicate effectively when dealing with business customers and suppliers.
• Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, GDPR, PCI, etc. 
• Knowledge of various EDR & EPP solutions