Executive - Information Security (Group Technology) MTN MTN is Africa’s largest mobile network operator, sharing the benefits of a modern connected life with 272m customers in 19 markets across Africa and Middle East View company page The Executive: Information Security’s core purpose is to develop, implement and maintain the Information Security Management System Framework across the MTN Group to ensure information assets and technologies are safeguarded. The Executive: Information Security contributes to strategy development and manages the execution and implementation of strategic initiatives through working with and across functions, multiple processes, discipline technologies, products, teams and customers. Purpose MTN is an emerging market mobile operator at the forefront of technological and digital changes. We deliver a bold, new digital world to our customers across Africa and the Middle East – one of the world’s fastest-growing regions for mobile telecommunications. We believe everyone deserves the benefits of a modern connected life. With the changing global business landscape, cyber risks organisations face are on the rise. If these cyber risks are not correctly managed, new vulnerabilities could compromise customer data confidentiality, integrity and availability, ultimately affecting the performance of networks and information systems. Operational and commercial excellence has become critical for success. The urgency for change has become more heightened amidst increased competitive intensity across all markets in which MTN operates. The Group’s Information Security function must therefore ensure the successful delivery in context of: Rapidly changing ICT environment The geographic complexity of MTN’s foot print across Africa and the Middle East Management of executive and local shareholder expectations across all OpCos and PlatformCos. Achievement of top quartile operating efficiency and effectiveness through scale and common processes Driving growth through business intelligence and standardization to maximize business impact Management of customer and supplier expectations Enhance MTN position as a leading network, system and platform provider Constant dynamics and local challenges in the economic, regulatory and legal environments Values We at MTN are a purpose and value-led organization. At MTN, we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work, everyday. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood and empowered to live an inspired life. Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA. As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us. Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers and stakeholders with a vision to realise our shared goals. Lead with Care Can-do with Integrity Collaborate with Agility Serve with Respect Act with Inclusion Key Performance Areas Governance Strategic Meetings Chair the Group Information Security Forum Co-Chair the Group Technology and Security Governance Council Represent Group Security at various governance forums, including but not limited to Group GOC, Group ERMCO, Fintech TSCG, Fintech ERMCO, AI Steerco Initiate and hold strategic meetings, ensure relevant participation and provide direction for the various discussions; Drive adequate risk mitigation and controls; Ensure Approval on new initiatives; Review and finalise objectives, targets and budgets; Authorise and / or secure relevant budget for internal projects; Authorise and / secure authorisation for proposals on change initiatives; Attend tactical meetings on a needs basis; and Evaluate areas of improvement across people, process and technology. Escalations Manage and resolve issues that will result in severe time, scope, productivity and cost or resource impact; and Resolve and provide guidance to issues escalated. Tactical Oversee all projects and initiatives that are aligned to strategic imperatives; Review key risks, issues and dependencies and set mitigation actions; and Sign-off / make decisions regarding tactical changes. Performance Monitor and ensure alignment with MTN global strategy and per industry best practices; Review performance against agreed Key Performance Indicators (KPIs) Ensure provision of appropriate support to commercial functions; and Evaluate plans for continuous improvement. Reporting Report on a monthly basis to Group Chief Technology and Information Officer relating to progress made within the division and in accordance with the measurement metrics set by the organisation. Report on monthly basis to the Group Chief Business Risk officer of any risks identified. Report the operational security status across the Group (including Opcos and PlatformCos) on a weekly basis to the relevant organisation stakeholders across Group, Opcos and PlatformCos Perform on an adhoc basis on specific projects, as required. Budgets Oversee divisional budgets in line with business objectives and facilitate forecasting; Oversee project initiative budgets in line with business objectives; and Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers. Contribute the OpCos and PlatformCos security budget guidelines to the overall technology budget guidelines Operational Delivery Develop and implement the overall information security framework and strategy, overarched by the business risk strategy, ensuring the effective implementation and adherence across all the business; Drive the development and implementation of the requisite information security policies, procedures, guidelines and standards; Ensure that the security requirements for new information processing facilities have been identified and approved; Ensure that functional and technical security architectures are defined for the security of IT and telecom network infrastructure and monitor compliance thereof; Ensure that the technology architecture is effective to manage threats and re-architecture (if required) to ensure consolidation of systems, vendors, processes and procedures; Ensure that the information security policies, procedures, standards and guidelines for use throughout MTN are reviewed yearly and updated in a timely manner to accommodate changes in the Technology or business environment; Facilitate information security risk assessments in OPCOs and PlatformCOs to ensure threats are managed. Identify emerging information security trends in the telecom industry and engage the MTN stakeholders to ensure that threats are managed; Define and communicate to management, the key threats to the information assets at various point of time; Encourage the participation of the managers, auditors, legal department and the staff members from various functions, who can contribute to compliance with the information security practices; Oversee (or assist, if required) the investigation of security threats or other attacks on the information assets at OPCOs and PlatformCOs; Ensure the maintenance and review of all critical incidents that have occurred and the corresponding resolution timeframe and inform the Executive Committee; Liaise with OPCO and PlatformCO to set up an Information security education and awareness program at the OPCO and PlatformCO level; Liaise with external entities - cyber security team and law enforcement – agencies, in case of an escalated security breach; Implementing cyber security management and driving the engagement across the MTN footprint; Engage the Business Risk and Audit teams to ensure alignment of security processes against business risk; Reporting at operations and audit committee and managing the actionable outcomes related to security. Managerial / Supervisory Responsibilities Set overall direction for the division; Provide guidance and leadership ensuring future focus and current efficiency; Coach and mentor direct reports to ensure staff motivation is high; Ensure adequate succession planning and that succession plans that are in place are achieved; Ensure skill transfer for staff development, motivation and business continuity; Ensure the team is led, motivated and rewarded to achieve high performance areas; Ensure assigned team is led, motivated and rewarded to achieve KPAs; Ensure the effective management of diversity among personnel in the division; Identify staff training and development needs and implement necessary actions; Manage team (including recruitment, on-boarding, attrition); Set goals and objectives for direct reports, monitor progress and maintain motivation; Provide career development for direct reports (counselling, coaching, identifying key performance areas, career planning and goal setting); Set up appropriate structure to meet departmental management objectives; and Provide an advisory function on governance and best practices in client experience. Responsibility towards: Key external stakeholders: External Auditors Partners Law enforcement agencies GSMA Key internal stakeholders: Group Exco Opco and PlatformCo CEO’s Governance Forums Audit Committee Internal Auditors Group Privacy Office Business Risk Compliance Information Technology Group CTIO Group Information Security Team OpCo and PlatformCo Information Security Heads/ CIOs/ CTOs Education: 4 year Engineering/ Information Science Degree Masters in Information Science is preferred CISSP certification Other preferred certifications are: CISA CISM, CBCP, ISO 27001, Lead Auditor or Lead Implementer Experience: 12 - 15 years of relevant work experience in Information Technology (specifically security) 5-8 years of experience at the Senior Management level in the telecom industry 5-8 years working experience in managing information security in a large organisation Experience in designing and implementing organisation wide information security governance, management, risk, operational and reporting frameworks Experience in managing and implementing large scale information security projects Experience in Governance, Enterprise Risk Management and Compliance, and security resilience Experience in Security Operations, Security Architecture, Cloud Security and Threat Intelligence Experience in Telco and core network security Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges Advanced working understanding of the information technology environment of a telecom company Other: Telecommunications industry experience Global mindset to service worldwide operations Pan Africa and Middle East multi-cultural experience Multi-country operations oversight experience Willing and flexible to travel within Africa and Middle East Understanding of general regulatory requirements in the telecom industry Knowledge: Complex structures Operational management Marketing best practices and trends ICT industry and benchmarking practices Business Performance Management Resource Management Customer Satisfaction Skills: Analytical Conflict management Data interpretation Dealing with ambiguity Dealing with complexity Leadership Negotiation Numerical Behavioural Qualities Value Creator Culture and Change Translator Stakeholder Influencer Executer Ability to operate under extreme pressure Results Achiever We are a purpose and value-led organization. At MTN, we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work,everyday. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood and empowered to live an inspired life. Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA. As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drivesmeaningfulresults. A workplace that is built on relationships and achieving a purpose that is bigger than us. This is what we want you to experience with us! Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers and stakeholders with a vision to realise our shared goals. We are delighted that you are considering usas your career partner to make a mark in the world.We look forward to your application! Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below. #J-18808-Ljbffr