Senior Manager - Risk Compliance and Programme Management

The Senior Manager: Information Security Governance, Risk, Compliance and Reporting is responsible for Group Information Security governance risk, and compliance management, risk and control frameworks, development, maintenance and reporting. This also includes implementing appropriate supporting methodologies, policies and processes relating to MTN Group Information Security. The role will implement and report on information security governance, risk and compliance protocols across the MTN group.

Context

MTN’s heightened focus on digitalization for adjacent revenue streams and enhancing efficiency poses a great growth opportunity for the organisation. This has introduced the deployment of various technologies including, amongst others, cloud and IoT.

The introduction of these new technologies coupled with the increased focus of regulators on compliance to various regulatory requirements, including the protection of personal information and various data regulations (e.g. data sovereignty), necessitates the need for increased focus on ensuring proactive management of relevant security-related compliance requirements, including support on configuration of technology deployments in line with security, risk, and regulatory requirements.

Values

We at MTN are a purpose and value-led organisation. At MTN, we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work, every day. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood and empowered to live an inspired life. 

Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA

As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us. This is what we want you to experience with us!

Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers and stakeholders with a vision to realise our shared goals.

Live Y’ello

• Lead with Care
• Can-do with Integrity
• Collaborate with Agility
• Serve with Respect
• Act with Inclusion

The Senior Manager Information Security Governance, Risk, Compliance and Reporting is responsible for the followings:

• Establish group-wide Group-Information Security (GIS) governance, risk and compliance management standards and policies including processes to manage deviations or risk. 
• Identify best in class information security governance, risk compliance management and reporting standards and practices across Telecommunications as well as ICT, identifying emerging trends and threats and incorporating them into MTN. 
• Responsible for the effective implementation of the information security risk, and compliance management frameworks by means of providing direction, structure, frameworks, models, plans and roadmaps.
• Ensure cross-functional alignment, training, and proper understanding of the framework.
• Coordinate and track information security governance, risk, and compliance initiatives, ensuring appropriate project management practices are implemented and followed to meet deliverable timelines and quality expectations, aligning with MTN Group Information Security strategy and corporate objectives.
• Manage the process to integrate information security controls into contracts and SLAs (e.g. with joint ventures, outsourced providers, business partners, customers, third parties).
• Maintain the security risk management framework, methodology and approach aligned with the Enterprise Risk Management framework.
• Facilitate the development of a security assessment plan and coordinate regular performance of security risk reviews and independent assessments of the status of information security across the OPCOs in accordance with a planned cycle.
• Support the Enterprise Risk Management Plan by driving the adoption of a unified MTN security risk management framework in support of the ERM Framework.
• Maintaining an accurate view of MTN’s information security posture and risk tolerance.
• Monitoring and reporting on the status of GIS risk mitigation processes. 
• Develop a  consolidated enterprise-wide GIS risk register; 
• Monitor key security risks, issues, and dependencies and coordinate the establishment of mitigation actions.
• Maintaining an up-to-date view of the GIS and ICT systems most critical to the realisation of MTN’s business objectives.
• Manage and resolve issues that will result in severe time, scope, productivity and cost or resource impact; and
• Resolve and provide guidance to issues escalated; and
• Providing best practice guidance, training and support to OPCO Information Security representatives.
• Coordinating the process of continuous improvement in respect to information security across MTN;
• Drive adequate risk mitigation and controls.
• Facilitate the standardisation of effective security audit processes, including reporting on the outcomes and status thereof.
• Work with the internal audit function in terms of audit planning to ensure that information security risks are incorporated within the audit scope.
• Coordinate tracking and management of information security audit issues and risks identified across OPCOs.
• Review performance against agreed Key Performance Indicators (KPIs). 
• Ensure provision of appropriate support to commercial functions; and evaluate plans for continuous improvement.
• Measuring and reporting on the effectiveness of information security management and control activities in governance framework and King IV obligations.
• Preparation of regular reporting for Group Executive Committee (EXCO), Enterprise Risk Committee (ERMCO), and Group Risk and Audit committees, and managing the actionable outcomes related to security.
• Work with relevant MTN Group functions to identify current and potential legal and regulatory requirements affecting information security nature that may impact MTN. Facilitate implementation of compliance control plans.
• Report to the GM: GRCP and Executive: Group Information Security relating to progress made within the division and in accordance with the measurement metrics set by the organization.
• Facilitate maintenance and management of the information security threat and risk register.
• Coordinate rollout and tracking of effective third-party risk management across OPCOs. 
• Assist with the management of divisional budgets in line with business objectives and facilitate forecasting and definition of annual budget guidelines to OPCO information security representatives.
• Manage project initiative budgets in line with business objectives; and drive initiatives within the GRCP function that will ensure that the “cost of operations” are reduced, in line with a least-cost operating strategy stemming from the business drivers.
• Work with the GIS Senior Management Team in order to develop and implement the overall information security framework and strategy, overarched by the business risk strategy, ensuring the effective implementation and adherence across all the business.
• Facilitate definition of a governance, risk and compliance framework and strategy.
• Responsible for the development and implementation of the requisite information security policies, standards; procedures, and guidelines.
• Work with the GM: GRCP and Group Risk and Compliance function in order to ensure that the information security policies, procedures, standards and guidelines for use throughout MTN are reviewed yearly and updated in a timely manner to accommodate changes in the Technology or business environment.
• Directly responsible for facilitating information security risk assessments in OPCOs to ensure threats are managed.
• Engage the Group Risk and Audit teams to ensure alignment of security processes against business risk.
• Ensure and manage third-party and OPCO-wide implementation of minimum security critical/ key controls and high-risk user controls. 
• Maintain and coordinate technology and security-related forums to ensure effective security governance. 
• Work with the Group Business Resilience function to define a security resilience roadmap and coordinate execution of the security resilience plans and initiatives across the OPCOs.
• Work with the Group Sustainability and Corporate Affairs function to provide security-related inputs into corporate reporting. 
• Facilitate cross-functional collaboration, reporting and alignment to ensure strategic company and information security KPIs are met.
• Effectively manage the development, performance, coaching and leadership of team members to ensure optimal engagement and productivity levels.

Collaboration

Responsibility towards: 

Key customers: Group Information Security, Group Technology, Group Fintech, Opcos 

Key suppliers: Relevant Industry Bodies

• Executive GIS, Opco CEOs, Functional Heads (across Connectivity, Fintech and Digital Infrastructure including Procurement and Legal)
• Risk and Compliance
• Partners, Distributors, Vendors
• Law enforcement agencies and relevant third parties

Education:

• Minimum of 4-year tertiary degree / diploma (Bachelor of Science, Engineering or related field)
• MBA or Masters advantageous
• English, French and Arabic (as advantage)

Experience:

• Manager track record of 5 years or more; with at least 3 years at the Senior Management level in the telecom industry 
• 6-8 years working experience in managing information security in a large organisation
• Experience in designing and implementing organisation-wide information security framework, policies and standards
• Experience in managing and implementing large-scale information security governance, risk and compliance initiatives
• Experience in information security Governance, Enterprise Risk Management, Compliance and Management Reporting
• Experience working in Africa and have a grasp of political, social, infrastructure and integrity challenges
• Advanced working understanding of the information technology environment of a telecom company
• Global mindset to service worldwide operations
• Pan Africa multi-cultural experience
• Multi-country operations management experience 
• Willing and flexible to travel within Africa
• Understanding of general compliance and regulatory requirements in the telecom industry

Industry/Certifications

• CISM, CISA, CRISC and/or CISSP certification
• Other preferred certifications are: CGEIT, CBCP, ISO 27001 Lead Auditor or Lead Implementer
• ITIL Certification is Advantageous 

Competencies:

• Conceptual Thinking, Problem Solving, Improvement Driver 
• Culture and Change Champion, Supportive Business Manager, Relationship Manager 
• Strategic Thinking
• Results Achiever, Operationally Astute