Information Security Officer - AirtelTigo

The successful candidate for this role will join AirtelTigo IT Services team as an Information Security Officer (ISO) in the Information Technology Department. (S)He will report to the Chief Information Officer and will plan and execute the overall Information Security strategy for the business. The ISO will be required to recommend new or emerging IS technologies in response to organizational needs at the local level and will also be required to work with other key stakeholders to address information protection needs while maintaining the global IS program within the business.

Job Title: Information Security Officer

Job Function: Information Technology

Employment Type: Full-Time

Location: Accra

Expiry Date: 5th February 2020

Key Responsibilities

Organization & People

• Coordinate and oversee the Information Security (IS), Compliance and Business Continuity activities;
• Accountable for all Information Security activities in his Operation’s business units, including BCM;
• Exercise oversight to the IS program within the business, including framework, policies, standards, and related reporting;
• Assist in the implementation of the IS Standards at the business level to ensure procedures and practices comply with those standards;
• Establish relationships and interact regularly with employees and business management on the IS program, policies and standards;
• Influence behaviour through constant communication, educating and advising the business on IS practices and requirements;
• Provide general IS consulting services including interpretation and/or clarification of the company’s IS Standard and best practices and is consulted as a subject matter expert for IS topics;
• Ensure that the IS Training & Awareness activities are performed as per company’s IS Standard requirements;
• Ensure Information Owners periodically review their Asset Classification;
• Leverage the ISO network to have access to resources, seek out best practices, and create efficiencies;
• Participate in the IS community on committees and cross-business / functional opportunities to provide adequate representation for IS aspects, e.g., Security Committee;
• Develop and communicate a common vision for the IS team that is in line with the global IS vision statement.
• Manage allocation of Information Security staff according to business requirements;
• Manage talent including recruitment, development, training and retention of key staff in accordance with AirtelTigo’s
• Strategic Plan and Human Resources policies;
• Develop and maintain a viable succession plan.

Consumer and Business Services Delivery & Network, Platforms, Billing & Facilities

• Ensure Information Security risk is managed during the development of new products and applications;
• Mitigate all risk during products and systems development process;
• Ensure that the Application security review process is executed in accordance with the Secure System Development Life-cycle (SDLC) process, to protect the confidentiality and integrity of business information stored and processed by them;
• Ensure that all secure configurations are defined and implemented, leveraging technical knowledge and problemsolving skills in the network, database, server and desktop technology areas;
• Ensure that the Infrastructure security Review process is executed in accordance to the Information Security Standard;
• Work with other stakeholders to support the periodic Application and Infrastructure IS Review process;
• Participate in the definition and implementation of procedures according to corporate guidelines and standards;
• Participate in the evaluation and selection of applications and systems with specific focus on IS implications;
• Participate in the planning and implementation of IS administration for IT projects;
• Ensure technical controls are embedded in day-to-day operations and that remediation of non-compliance is
  documented and addressed;
• Assist the system development and infrastructure units to identify IS risks and controls for the development of products and systems;
• Guide the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment;
• Monitor and ensure Vulnerability Assessments (ethical hacks) are performed as required in the IS Standards;

Technical and Business Strategy

• Ensure alignment of IS program with business strategy.
• Plan and execute the company’s IS strategy;
• Drive constructive procedural changes to ensure effective risk-based implementation of IS requirements;
• Articulate the value of IS controls and its bottom-line impact;
• Work with the business to interpret and translate specific IS business requirements into technical requirements;
• Establish and maintain relationships with domain architects, developers, project managers, system administrators and other key stakeholders within the business;
• Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level;
• Guide the business and technical units in the implementation of approved security tools, and continuously identify innovative and enhanced security solutions / emerging technologies for the ‘Security Component Evaluation Task Force’ review and certification.
• Ensure that IS characteristics are included as part of the quality framework in all product development;
• Support the business by reviewing contract language as it relates to IS;
• Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts;
• Ensure all Third Party IS Assessments are performed.

Profitability & Cost Control

• Ensure the Operations include the global guidelines and priorities in the IS Budget exercise;
• Deliver in a timely and cost-effective manner all CAPEX commitments;
• Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget;

Risk Management, Processes and Controls

• Lead the implementation of the AirtelTigo Information Security framework, including Business Continuity
• Management (BCM) and Disaster Recovery Plan (DRP) frameworks;
• Perform Information Security Risk Management for the business units’ processes, applications and supporting technology infrastructure;
• Ensure Information Security Risk Assessment is performed in accordance with the company’s standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies;
• Manage risk and analyze the root cause of issues, impact to business, and required corrective;
• Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors;
• Develop corrective action plans for all IS-related gaps and approve all closures by reviewing evidence to ensure the closure meets company’s requirements or industry best practices;
• Review status of IS program and oversee corrective action when necessary;
• Identify the need and develop new and improved technical procedures and process control manuals;
• Provide periodic IS risk management reports highlighting key issues and corrective action plans.

Required Qualification and Experience

A University degree in any field with emphasis on Telecommunications Engineer, Information Technology, Business management or a related field;

Master’s degree is desired (in fields such as Information Systems Management, MBA); Information Security certification, e.g. CISSP, CISO, CISM, CISA, Cobit;

• A minimum of Six (6) years of work experience with Five (5) years in managing a technology related department;
• A minimum of Five (5) years of experience in managing Information Security programs including, but not limited to:
• • Creating and implementing Information Security policies that align with business needs and devising methods to measure the effectiveness of the policies;
  • Creating and implementing Information Security controls;
  • Aligning Information Security strategy with corporate governance;
  • Communicating with executive leadership
  • Managing an Information Security team
• Experience with audit reviews, IS Risk assessment, Awareness & Training, Identity Access & Management, Data
• Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus;
• Experience with technology infrastructure, security engineering and/or application development;
• In depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms;
• In-depth knowledge of key government regulations and local laws to ensure that all company actions comply with these requirements; e.g., Gramm-Leach-Bliley, Sarbanes Oxley, etc;
• Understanding of wireless network technologies, transmission of data over wireless networks, understanding of data communications technologies, including routers, gateways and switches. Private network and static IP;
• Information Technology understanding across multiple platforms (windows, Unix, database engines, middleware servers, etc.) and development methodologies (internal, outsourced, software factory, etc.);
• Good understanding of software architecture design (client/server, SOA, web 2.0, etc.);
• Good understanding of software development, Internet technologies and programming;
• Ability to produce accurate and timely information in a high dynamic work environment;

Ready to be part of our dynamic and innovative team? At AirtelTigo, we enhance the value of our employees by providing longterm growth and opportunities in an ever-evolving work environment. Our values are at the core of what we do and represents who we are; Simplicity, Transparency and Relevance. Initiate your journey to be part of our world-class team and experience a rewarding career.