Senior Specialist - Technical Security Assurance and Service Management.Technology Information

Governance and Compliance:

• Ensure the organization adheres to ISO 27001, PCI DSS, POPIA, and other relevant standards.
• Implement and maintain security policies and frameworks aligned with MTN Group and regulatory requirements.
• Drive compliance initiatives, including audit readiness and management of exceptions or risk acceptance items.

Operational Security Management:

• Conduct regular reviews of security posture and operational performance, presenting findings to governance committees and business units.
• Optimize security operations by identifying and implementing control efficiencies across all domains.

Risk Management and Security Assurance:

• Perform risk assessments for new systems, technologies, and processes, ensuring vulnerabilities are identified and addressed.
• Conduct internal and third-party security assessments, driving corrective actions to mitigate risks.
• Manage the security compliance universe, including risk acceptance and exception tracking.

Stakeholder Management and Reporting:

• Provide actionable and comprehensive reports to leadership, governance committees, and relevant stakeholders.
• Engage with business and technology teams to inform and guide on security risks, changes, and requirements.
• Represent Information Security in key forums, committees, and stakeholder engagements at both local and Group levels.

Technology and Innovation:

• Oversee the implementation and adherence to Technical Security Standards across all technology platforms.
• Align security operations with global industry trends and advancements, ensuring the organization remains competitive and resilient.
• Ensure robust security management for OSS, BSS, and network platforms supporting billing, VAS, and ISP functions.

Incident and Crisis Management:

• Coordinate and lead responses to security incidents, ensuring clear action plans and effective communication with stakeholders.
• Maintain incident documentation and drive continuous improvement in incident response protocols.

Team Development and Retention:

• Mentor team members, enhancing their technical skills and professional certifications.
• Foster a high-performing team environment with strong retention and engagement levels.
• Build a pipeline of security talent to address scarce skills in a specialized environment.

Security Awareness and Training:

• Develop and execute security awareness campaigns and training programs for internal users and clients to promote a culture of security.
• Measure the effectiveness of training programs through engagement levels and reductions in user-related incidents (e.g., phishing).
• Collaborate with business units to tailor awareness initiatives to address specific risks and challenges.

Job Requirements 

Education:

• Minimum of 3 years tertiary qualification (degree/ national diploma) in Information Technology
• Security certification e.g. CISSP & CISM essential
• Other qualifications (ITIL, TMF, COBIT) advantage
• Fluent in English

Experience:

• Min of 6 years in IT, 4 of which as an Information Security Specialist in a large enterprise environment essential 
• Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network.
• Must have a wide breadth of knowledge and experience across security products, tools, and industry trends 
• Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments