Specialist – IT Governance and Compliance, Spécialiste – Gouvernance et conformité TI, Douala, MTN
Brief Job Description:
To support in implementation of Information Security & IT Governance Strategy through Controls Framework Management, Audit Handling & Response, Compliance & Risk Management and Related KPI management within Technology Department.
MTN vision has grown toward new business stream such as Mobile Financial, Digital, ICT and Enterprise business services. This revolution comes with wonderful opportunities for communication, knowledge sharing, but also with cyber criminality risks leading to new challenges and threats on information security. The regulation environment has also became dynamic, specific (Data privacy) and there is an urgent need comply and maintain compliance with external and internal requirements. Noncompliance to relevant Technology internal & External will affected MTNC ability to achieved intended objective on reputation, Customer experience and finance.
Key Job Responsibilities:
Strategy Development & Implementation
– Lead the creation of sub-divisional strategy in line with IT vision and changing Business needs
– Define robust strategy to ensure brand, company and customers security while delivering the bold digital word
– Maintain risk and threat landscape knowledge across business orientation and review security strategy to enable trust in the digital word
– Ensure effective implementation of the Information Security Risk Management Frameworks by means of providing direction, structure, frameworks, models, plans and roadmaps;
– Identify, evaluate and adopt an information model for Threat Intelligence to allow for threat intelligence to be aggregated, standardized and used in a uniform manner to understand risk and make informed cybersecurity decisions.
– Drive the adoption and implementation of the Cyber Security Framework (Detect, Respond and Recover) to prevent cyber criminality.
– Responsible for understanding dependencies and impact of the information security program in relations to other programs/projects and initiatives in the entire organization;
– Plan, manage and implement strategic security initiatives, maintain group-wide program of all security projects aligned to risk register;
Develop Strategy to Integrate information security requirements into the organization’s processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g., development, employment, procurement);
Staff Leadership and Management
– Source, induct and manage talent in accordance with IT Governance guidelines;
– Ensure open communication channels with staff and implement change management interventions where necessary;
– Provide definition of roles, responsibilities, individual goals and performance objectives for the team;
– Set KPIs and provide regular performance feedback through a well-defined and implemented performance review program;
– Performance manage resources in accordance with HR policy and legislation where necessary;
Actively participate in leadership team and develop skills of own team.
Adhoc, Operational and Tactical Meeting
– Set up / participate in adhoc and operational meetings
– Participate and provide input into tactical meetings
– Report at process and functional level
Review and identify key risks, issues and dependencies and set mitigation actions
– Develop and maintain IT control framework
– Follow up Policies/Procedures development and Implementation related with sub-division activities.
– Sign-off / make decisions regarding operational changes
– Provide input on all projects initiated
– Review key risks, issues and dependencies and set mitigation actions
– Review performance against agreed KPIs and their compliance to SLAs and reverse SLAs
– Review and monitor plan for continuous improvement
– Review reports on a monthly basis relating to progress made within the sub-division and in accordance with the measurement metrics set by the organisation
– Review reports on an adhoc basis on specific projects
– Provide daily, weekly performance reports in accordance with the condition set by the top management of the sub-division.
Ensure implementation of the Privacy Program.
Work as part of the Privacy Team to improve, develop, and maintain MTNC global privacy program.
Conduct data inventory reviews, privacy assessments, and compliance reviews of internal systems and third-party data feeds.
Ensure Definition and Implementation of controls on Data Privacy risks.
Work cross-functionally to help Records Coordinators, IT System Owners, and IT Business
Owner in each department to implement best practices
Information Technology Governance
Develop and maintain plans to implement the information security strategy.
Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT);
Communicate and maintain information security policies that support the security strategy.
Plan, manage and implement strategic security initiatives, maintain group-wide program of all security projects aligned to risk register.
Establish metrics to evaluate the effectiveness of the information security program.
Implement the Information Security Risk Management Frameworks and ensure cross
Adoption and implementation of; IT Governance and Information Security
Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incident and Non Conformities;
Design and develop a programme for IT Governance and information security awareness, training and education and roll-out awareness programmes.
Define reference architecture (IT & telecoms) to manage threats, monitor implementation & compliance and obtain inputs and validate the MTN IT Governance and Information security reference architecture with key MTN partners.
Evaluate and manage outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of MTN’s information.
Manage the development of information security architectures (people, processes, technology); and architectural and development standards for all application security.
Measure and report on the effectiveness of IT Governance and Information Security management and control activities in governance framework.
Establish group wide Information Security Risk management standards and policies including process to identify emerging risks and manage deviations or risk.
Participate and facilitate the Audit process through follow up on resolution of audit findings and reporting on the outcomes.
Develop a process to integrate information security controls into third party contracts and SLA’s.
Minimum 3 year Engineering/ Information Science Degree
Master’s in information science is advantageous
Two (2) years in Information Technology industry
Experience in various compliance, Governance and performance Management
Solid understanding of Information Technology; proven knowledge or technology environments
Experience in Stakeholder management, with ability to work with all levels of the management within the company.
Ability to maintain the highest standard of confidentiality is required with zero tolerance
Knowledge on General Data Protection Regulation (GDPR)
Industry / Certifications:
CRISC (Certified in Risk and Information Systems Control)
COBIT (Control Objectives for Information and related Technology)
ISO 27001 Lead Implementor Certification
ISO 27001 Lead Auditor Certification
– Knowledge and understanding of the information technology environment in a telecommunication industry.
– Knowledge of IT technology domain including application platform development, application support, infrastructure platforms, data management and database technologies and security frameworks and tools
– Risk and Information Systems Control Management
– Audit process
– IT Governance
– Performance Management (What to be evaluate, how to evaluate, monitoring, trends interpretation)
– Policies, process & procedures development, monitoring & improvement
– Knowledge on Legal and regulation environment
– ICT industry and benchmarking practices
– Complex structures
– Operational management
– Marketing best practices and trends
– Financial / Numeracy
– ICT industry and benchmarking practices
– Business Performance Management
– Resource Management
– Customer Satisfaction
– General Data Protection Regulation (GDPR)
Demonstrated effective leadership skills in building high performance teams
Dealing with ambiguity
Dealing with complexity
Decisive Problem Solver
Culture and Change Translator
Inspiring People Leader
Postuler (Apply for the job) sur son site Internet: https://www.linkedin.com/jobs/view/2655496430/
The Daily Job Report, Le rapport de travail quotidien 23/07/2021 (Emplois non affichés individuellement/ Jobs not individually posted on the site): https://afriquejobs.com/2021/07/22/the-daily-job-report-le-rapport-de-travail-quotidien-23-07-2021/
All companies hiring (Entreprises qui emploi au Cameroun): https://www.afriquejobs.com/2020/07/emplois-jobs-au-cameroun-liste-des.html
More jobs (Plus d\’offres d\’emploi): https://www.afriquejobs.com/