MTN Nigeria – The leader in telecommunications in Nigeria, and a part of a diverse community in Africa and the Middle East, our brand is instantly recognisable. It is through our compelling brand that we are able to attract the right talents who we carefully nurture by continuously improving our employment offerings even beyond reward and recognition.
We are recruiting to fill the position of:
Job Title: Manager FINTECH Lead Information Security Officer
Location: Lagos, Nigeria
Job Type: Full-time · Mid-Senior level
Mission / Core Purpose of the Job
- The FinTech LISO is accountable to lead the implementation and management of the compliance program and to evaluate the ongoing effectiveness of compliance controls established to ensure the safety of financial technology function.
- The incumbent has dual reporting line into the local information security head and MTN Group Information Technology via the Group Fintech LISO. High alignment is required to drive the best protection of our services to customers.
Context: (Global influences, environmental / industry demands, organizational mission, etc.)
- MTN is entering a new phase in its lifecycle where operational and commercial excellence has become critical for success. Increased focus in the Commercial areas, new products and services, scaling up of Digital capabilities, it is important to recognize the need to secure MTN’s Platforms, Applications, Networks and Systems from new threats and vulnerabilities.
- The urgency for change has become more heightened amidst increased competitive intensity across all markets in which
Key Performance Areas:
- Core, essential responsibilities / outputs of the position (KPA’s)
- Extract value from what we already have by focusing on optimizing processes within the Unit/Department in line with the value creation philosophy. This includes individual contributions and recommendations to improve existing business project/initiative, capital/budget efficiency activities within the Unit, contracts review and negotiation in collaboration with the Procurement team, structural changes within the Unit etc.
- Drive Innovation by identifying and taking advantage of new business opportunities, e.g., by stimulating and encouraging new business opportunities, launch of products, product/process innovation, business model innovation etc.
- Maintain leadership in the ICT/Digital industry by influencing stakeholders within your immediate ecosystem for MTNN’s benefit. This includes participation in credible external think-tank sessions, involvement in inter-divisional focus Group sessions to improve business performance etc.
- Enhance/expand MTN’s role in the larger national macro environment by participating in CSR projects and/or NGO’s, involvement in recognized professional institutions, think-tank activities etc.
- Role model the vital behaviours needed to sustain organisational performance and drive people management activities by being the principal coach for your direct reports using the people management framework. Participate in employee engagement projects such as mentorship, facilitating programs, etc. In addition, support recruitment, on boarding and grievance management processes etc.
Levels of Work
- Responsible for sustaining a culture of innovation and continuous learning within the team.
- Also responsible for driving the timely delivery of business targets whilst ensuring that team members understands their specific and unique role to bottom line results.
Risk and Compliance Management:
- Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
- Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
- Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
- Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives
- Create and maintain a risk register to ensure that all identified risk factors are accounted for.
- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
- Analyze risk scenarios to determine their impact on business objectives.
- Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
- Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
- Identify and evaluate risk response options and provide management with information to enable risk response decisions.
- Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy
- Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
- Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated
- Test information systems controls to verify effectiveness and efficiency prior to implementation and Implement information systems controls to mitigate risk
- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements
- Ensure adequate compliance to the information security requirements of MTN
- Ensure all controls are assigned control owners to establish accountability and establish control criteria to enable control life cycle management
- Ensure that all IT policies and procedures are compliant with regulatory requirements
- Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
Information Security Management:
- Develop an information security strategy aligned with business goals and objectives and ensure aligning of information security strategy to corporate governance
- Interview process owners and review process design documentation to gain an understanding of the business process objectives.
- Analyze and document business process objectives and design to identify required information systems controls.
- Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
Security Monitoring and Reporting:
- Establish internal and external reporting and communication channels that support information security
- Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
- Monitor and maintain information systems controls to ensure they function effectively and efficiently.
- Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems
- Assess and recommend tools and techniques to automate information systems control verification processes.
- Ensure implementation of technical security standards on the financial technology platforms as well as ongoing monitoring and reporting of compliance against the standards
- Ensure the integration of the financial technology platforms into the security compliance and monitoring eco-system both at opco and Group level then regularly confirm and report on ongoing effectiveness
- Liaise with other relevant functions to facilitate the timeous closure of incidents and vulnerabilities in relation to the financial technology platforms
- Manage and support the implementation of risk assessments exercises across the Financial Technology function in order to trap and highlight information security weaknesses and advice on controls to mitigate those risks.
- Implement standards for testing methodologies, techniques and procedures and conduct robust quality standard programme.
- Manage IS assessments and compliance exercises across Financial Technology function.
- Monitor the effective cascading of the Compliance strategy into the Compliance Monitoring business plans to ensure vertical alignment and horizontal integration with other interfacing strategies.
- Implement standards for testing methodologies, techniques and procedures and conduct robust quality standard programme
- Manage and monitor compliance to Information security policies, procedures and standards via a robust information security program/plan depicting continuous planned and adhoc audit and review exercises.
- Liaise with other relevant functions to implement information security as defined by MTN for Financial Technology.
- Manage escalating issues (within the information security domain) along with relevant stakeholders.
- Assist relevant business owners and custodians in identifying and setting activities logs, audit trails, functional and technical requirements, and ensure adequate custody of such.
- Serve as an internal information security consultant to MTN and advise on trending information security technologies/related regulatory issues around financial technology.
- First Degree in Computer Science, Information Technology / Systems or related field.
- Master’s degree in related field will be an added advantage.
- CISSP or related Certification will be an added advantage
Minimum 6 years’ experience which includes:
- Minimum of 5 years of Experience in Information Security related Governance, Enterprise Risk Management
- Experience in the Financial Services or telecommunication sector is advantageous –
- Understanding emerging markets advantageous
- Worked across diverse cultures and geographies
- Pan Africa multi-cultural experience is advantageous
Application Closing Date
Method of Application
Interested and qualified candidates should:
Click here to apply online
Note: Please apply with the latest updated CV. First preference will be given to female candidates.