Specialist - Cybersecurity at MTN Nigeria

MTN Nigeria is part of the MTN Group, Africa\'s leading cellular telecommunications company. On May 16, 2001, MTN became the first GSM network to make a call following the globally lauded Nigerian GSM auction conducted by the Nigerian Communications Commission earlier in the year. Thereafter the company launched full commercial operations beginning with Lagos, Abuja and Port Harcourt. MTN paid $285m for one of four GSM licenses in Nigeria in January 2001. To date, in excess of US$1.8 billion has been invested building mobile telecommunications infrastructure in Nigeria. Since launch in August 2001, MTN has steadily deployed its services across Nigeria. It now provides services in 223 cities and towns, more than 10,000 villages and communities and a growing number of highways across the country, spanning the 36 states of the Nigeria and the Federal Capital Territory, Abuja. Many of these villages and communities are being connected to the world of telecommunications for the first time ever. The company\'s digital microwave transmission backbone, the 3,400 Kilometre Y\'elloBahn was commissioned by President Olusegun Obasanjo in January 2003 and is reputed to be the most extensive digital microwave transmission infrastructure in all of Africa. The Y\'elloBahn has significantly helped to enhance call quality on MTN network.

Mission:

• The role Leads and continually improve the Enterprise Cyber security posture, provide technical expertise on all MTNN Enterprise wide Security related issues and work with MTN Group Security to define appropriate Frameworks.

Description:

• Assist with cybersecurity initiatives in conjunction with Group Cybersecurity team.
• Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
• Support with implementation of Information Security projects.
• Support the continuos optimization and upgrades of existing security solutions like SIEM, Vulenrability, Data Secrity & Security Analytics.
• Drive internal and external vulnerability assessment, penetration tests engagements and manage results to remediation.
• Respond to escalated security events and drive security incident response processes to ensure timely resolution with minimal disruption.
• Design, document, and deploy secure infrastructure solutions to enhance and evolve the security posture of the business to ensure integrity, availability and confidentiality of all critical enterprise data.
• Support with annual Red team & Blue team exercise to improve enterprise security.
• Provide expertise on security tools, including but not limited to firewalls, Web Application firewalls, IDS/IDP, anti-malware software.
• Liaise with stakeholders in respect of operational implementation of security policies and best practices.
• Collaborate with the Client Server Team to ensure that technical plans are practical, controls are sustainable, and implementations are managed to minimize risks and adverse impact to servers, workstations and user productivity.
• Implement the infrastructure, configurations and processes to monitor security related events.
• Prevent data loss and service interruptions by researching new technologies that will effectively protect the enterprise network.
• Document and operationalize information security processes.
• Ensure all security system documentation is up to date.
• Support Business Risk Management in security related investigations.
• Drive the planning and action remedies required to prevent exposures to information security related threats.
• Perform security incident response and management.
• Interface with relevant Support Teams to resolve security vulnerabilities within the Enterprise systems and Applications.
• Drive knowledge management and best practices sharing within own unit, department, division, or enterprise-wide as required.

Education:

• Minimum of First Degree in Computer Science, Engineering, Information Technology/Systems or related discipline preferred
• Possession of a post graduate degree in related IT, Engineering field will be an advantage
• Possession of a professional IT certification (Certified Information Security Systems Professional (CISSP)
• Possession of other Cybersecurity related certification is desirable

Experience:

• 3-7  years’ experience in an area of Security specialisation; with experience working with others
• Experience working in a Large organization and preferably in the Telecommunications industry
• Strong background as an Engineer/Architect in application security infrastructure and various network technologies to include devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
• Experience with Microsoft, Solaris, Unix, Oracle and MS SQL
• Experience working in telecommunications industry
• Managing network and / or network security
• Knowledge should be current with information security best practices and global trends
• Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption
• User account identity, authorization and authentication management.
• Security incident and event management
• Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concern

Method of Application