datatrota
Signup Login
Home Jobs Blog

Manager - Security Governance and Assurance at MTN Nigeria

MTN NigeriaLagos, Nigeria Digital Marketing
Full Time

MTN Nigeria is part of the MTN Group, Africa\'s leading cellular telecommunications company. On May 16, 2001, MTN became the first GSM network to make a call following the globally lauded Nigerian GSM auction conducted by the Nigerian Communications Commission earlier in the year. Thereafter the company launched full commercial operations beginning with Lagos, Abuja and Port Harcourt. MTN paid $285m for one of four GSM licenses in Nigeria in January 2001. To date, in excess of US$1.8 billion has been invested building mobile telecommunications infrastructure in Nigeria. Since launch in August 2001, MTN has steadily deployed its services across Nigeria. It now provides services in 223 cities and towns, more than 10,000 villages and communities and a growing number of highways across the country, spanning the 36 states of the Nigeria and the Federal Capital Territory, Abuja. Many of these villages and communities are being connected to the world of telecommunications for the first time ever. The company\'s digital microwave transmission backbone, the 3,400 Kilometre Y\'elloBahn was commissioned by President Olusegun Obasanjo in January 2003 and is reputed to be the most extensive digital microwave transmission infrastructure in all of Africa. The Y\'elloBahn has significantly helped to enhance call quality on MTN network.

Reports To: Senior Manager - Information Security

Division: Information Technology

Mission:

  • Responsible for the definition of MTN Nigeria information security policy, embedding security policy into operations, leading security risk assessment efforts, and associated controls and reporting in line with MTN Nigeria policies.
  • Drive effective coordination and closure of all information security compliance activities, including control tracking and actual submissions for closure.

Description:

  • Identify, assess, and evaluate risk to enable the execution of the enterprise risk management strategy.
  • Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
  • Identify legal, regulatory, and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on business objectives.
  • Identify potential threats and vulnerabilities for business processes, associated data, and supporting capabilities to assist in the evaluation of enterprise risk.
  • Create and maintain a risk register to ensure that all identified risk factors are accounted for.
  • Assemble risk scenarios to estimate the likelihood and impact of significant events on the organization.
  • Analyze risk scenarios to determine their impact on business objectives.
  • Develop an information security strategy aligned with business goals and objectives and ensure alignment of the information security strategy with corporate governance.
  • Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
  • Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment.
  • Interview process owners and review process design documentation to gain an understanding of the business process objectives.
  • Analyze and document business process objectives and design to identify required information systems controls.
  • Facilitate the identification of resources (e.g., people, infrastructure, information, and architecture) required to implement and operate information systems controls at an optimal level.
  • Ensure all controls are assigned control owners to establish accountability and establish control criteria to enable control life cycle management. 
  • Establish internal and external reporting and communication channels that support information security.
  • Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
  • Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
  • Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
  • Identify and evaluate risk response options, and provide management with information to enable risk response decisions.
  • Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness, and economy.
  • Monitor and maintain information system controls to ensure they function effectively and efficiently.
  • Plan, supervise, and conduct testing to confirm the continuous efficiency and effectiveness of information systems.
  • Ensure that all IT policies and procedures are compliant with regulatory requirements.
  • Assess and recommend tools and techniques to automate information systems control verification processes.
  • Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
  • Determine the approach to correcting information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
  • Test information systems control to verify effectiveness and efficiency prior to implementation and Implement information systems controls to mitigate risk.
  • Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
  • Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.
  • Coach and train the team to ensure understanding of the objectives and goals of the department, awareness of set targets and requirements, and regular review of their training needs.
  • Review the performance of individual team members and complete appraisals in accordance with the employee performance appraisal procedures and time schedules.

Education:

  • First degree in computer science, information technology/systems, or a related field.
  • A master’s degree in a related field will be an added advantage.
  • CISA, CGEIT, CISM, CRISC, COBIT, and ISO 31000
  • Fluent in English

Experience:

6–13 years’ experience, which includes:

  • A minimum of 3 years’ experience in an area of specialization, with experience in supervising or managing others
  • Experience working in a medium- to large organization
  • Interpretation and application of governance, risk, and compliance frameworks
  • Advanced knowledge of risk assessment design and delivery
  • In-depth understanding of PCIDSS, ISO 31000, ISO 27001:2019, and cybersecurity frameworks, including but not limited to NIST, CIS, etc.

Method of Application

Signup to view application details. Signup Now
Signup to Apply Email Job

More jobs like this

View More Jobs →
Email Job Signup to Apply

Job Overview

  • Published on: 22 November, 2024
  • Employment Status: Full Time
  • Field: Digital Marketing
  • Work Mode: Onsite
  • Job Location: Lagos, Nigeria
  • Qualification: BSc
  • Experience: 6 to 13 years
  • Salary:
  • Skills: CISA
  • Application Deadline: 2 December, 2024
Full Time
X

Send this job to a friend