Information Security Officer at TIGO

Role Purpose The Local Information Security Officer (ISO) has the overall responsibility for the Information Security (IS) program for his Operation. The ISO is the liaison between executive management and the Information Security program. The ISO communicates and coordinates closely with key business stakeholders to address information protection needs. Implement and maintain the global IS program in his Operation to ensure that information assets are adequately protected. Implement the global IS framework in his Operation, including policies, processes and standards. Identify, evaluate and report on Information Security risks in a manner that meets the risk appetite of the company, as well as Compliance and Regulatory requirements. A key element of the ISO's role is working with executive management to determine acceptable levels of risk for the organization. Through outstanding leadership, ensure cross-functional cooperation and communication, to support all Business Units in implementing the IS framework across the organization. Drive and implement the IS Training & Awareness program for all employees and third parties with access to Millicom’s information. Lead IS Incidents Response activities. Key Responsibilities • ORGANIZATION & PEOPLE o Report to the Head of Operations, with a matrix line to the Global ISO, or report directly to the IS structure. o Coordinate and oversee the IS Manager and Business Continuity Manager’s activities. o Accountable for all IS activities in his Operation’s business units and Factory groups, including BCM. o Exercise oversight to the IS program within the business, including framework, policies, standards, and related reporting. o Assist in the implementation of Millicom IS Standards at the business level to ensure procedures and practices comply with those standards. o Establish relationships and interact regularly with employees and business management on the IS program, policies and standards. o Influence behavior through constant communication educating and advising the business on IS practices and requirements. o Provide general IS consulting services including interpretation and/or clarification of Millicom IS Standard and IS best practices, and is consulted as a subject matter expert for IS topics. o Ensure that the IS Training & Awareness activities are performed as per Millicom IS Standard requirements. o Ensure Information Owners periodically review their Asset Classification. o Leverage the ISO network to have access to resources, seek out best practices, and create efficiencies. o Participate in the IS community on committees and cross-business / functional opportunities to provide adequate representation for IS aspects, e.g., Security Committee. o Develop and communicate a common vision for the IS team that is in line with the global IS vision statement. o Manage allocation of Information Security staff according to business requirements. o Manage talent including recruitment, development, training and retention of key staff in accordance with Millicom’s  Strategic Plan and Human Resources policies. o Develop and maintain a viable succession plan. • CONSUMER AND BUSINESS SERVICES DELIVERY & NETWORK, PLATFORMS, BILLING & FACILITIES o Ensure that IS risk is managed during the development of new products and applications, and that risks are mitigated during the products and systems development process. Ensure that the Application IS review process is executed in accordance with the Secure-SDLC (Secure System Development Life-cycle) process,  to ensure that applications appropriately protect the confidentiality and integrity of business information stored and processed by them. o Ensure that secure configurations are defined and implemented, leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas. Ensure that the Infrastructure IS Review process is executed in accordance to the IS Standard. o Work with the Factory group to support the periodic Application and Infrastructure IS Review process. o Participate in the definition and implementation of procedures according to corporate guidelines and standards. o Demonstrate knowledge of Intrusion Detection Systems as well as a thorough knowledge of server and desktop configurations as they relate to system security. o Participate in the evaluation and selection of applications and systems with specific focus on IS implications. o Participate in the planning and implementation of IS administration for IT projects. o Ensure that technical controls are embedded in day-to-day operations and that remediation of non-compliance is documented and addressed. o Assist the system development and infrastructure units to identify IS risks and controls for the development of products and systems. o Guides the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment. o Monitors that Vulnerability Assessments (ethical hacks) are performed as required in the IS Standards, ensuring that issues are addressed in a timely manner, for the applications and infrastructure, including those that are not managed by Millicom technology groups; e.g., vendor-managed, vendor-hosted, cloud computing providers. o Lead IS incidents response activities by helps security incident response teams resolve and close the investigation of incidents with proactive suggestions. o Engage a subject matter expert or another senior ISO when additional technical knowledge is required. o Escalate to the Global ISO and business managers as appropriate. • TECHNICAL AND BUSINESS STRATEGY o Have broad understanding of Identity Access Management, Threat and Vulnerability Management, Information Security Architecture, and Data Protection. o Ensure alignment of IS program with business strategy. o Plan and execute the IS strategy for his Operation. Coordinates IS activities with business plans. o Drive constructive procedural changes to ensure effective risk-based implementation of IS requirements. o Summarize the IS status to the managers in business terms. o Articulate the value of IS controls and its bottom line impact. o Work with the business to interpret and translate specific IS business requirements into technical requirements. o Establish and maintain relationships with domain architects, developers, project managers, system administrators and others within the Factory group. o Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level. o Guide the business and technical units in the implementation of approved security tools, and continuously identify innovative and enhanced security solutions / emerging technologies for the ‘Security Component Evaluation Task Force’ review and certification. • STRATEGIC QUALITY o Ensure that IS characteristics are included as part of the quality framework in all product development. • PROCUREMENT & SUPPLY CHAIN o Support the business by reviewing contract language as it relates to IS. o Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts. o Ensure that the Third Party IS Assessment is performed. • PROFITABILITY & COST CONTROL o Ensure the Operations include the global guidelines and priorities in the IS Budget exercise. o Deliver in a timely and cost effective manner all CAPEX commitments o Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget • RISK MANAGEMENT, PROCESSES AND CONTROLS o Lead the implementation of the Millicom Information Security framework, including BCM and DRP frameworks. o Perform IS Risk Management for the business units’ processes, applications and  supporting technology infrastructure.  Ensure IS Risk Assessment is performed according to Millicom standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies. o Manage risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills. o Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors. o Develop corrective action plans for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Millicom requirements or industry best practices. o Review status of IS program and oversees corrective action when necessary. o Identify the need for and develop new and improved technical procedures and process control manuals. o Provide periodic IS risk management reports highlighting key issues and corrective action plans. o Partner with business coordinators in other disciplines; e.g., Internal Audit, Revenue Assurance, Process Management, Records Management, etc. Position Requirements QUALIFICATION AND EXPERIENCE • Bachelor's degree in telecommunications and/or information technology, engineer, business management or related field. • Master’s degree is desired (in fields such as Information Systems Management, MBA). • IS certification, e.g. CISSP, C| CISO, CISM, CISA, Cobit. • 6+ years of work experience, including 5 years in managing a technology related department. • 5+ years of experience in managing IS programs including, but not limited to: o Creating and implementing IS policies that align with business needs and devising methods to measure the effectiveness of the policies o Creating and implementing IS controls o IS compliance with external regulations o Aligning IS strategy with corporate governance o Communicating with executive leadership o Managing an Information Security team o Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus. • Experience with technology infrastructure, security engineering and/or application development. • In depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms. • Aware of key government regulations and local laws to ensure that actions comply with these requirements; e.g., Gramm-Leach-Bliley, Sarbanes Oxley, etc. • Understanding of wireless network technologies, transmission of data over wireless networks, understanding of data communications technologies, including routers, gateways and switches. Private network and static IP. • Information Technology understanding across multiple platforms (windows, Unix, database engines, middleware servers, etc.) and development methodologies (internal, outsourced, software factory, etc.). • Understanding of software architecture design (client/server, SOA, web 2.0, etc.), • Understanding of software development, Internet technologies and programming. Fully aware of development lifecycle components. • Ability to produce accurate and timely information in a high dynamic work environment. CORE COMPETENCIES • Proven leader with excellent communication skills and ability to interface with all levels of the enterprise. • Business orientation. • High-level strategic thinking. • Consultative / advisory skills. • Strong risk analysis and problem solving skills. • Able to explain complex and technical principles. Able to convey ideas to senior management and staff. • Able to interpret and apply policies, standards and procedures. • Program/Project management experience. • Excellent interpersonal skills and high capacity to adapt to changing business and organizational conditions. • Ability to engage in effective and persuasive negotiations and to make quick and effective decisions. • Strong communication skills (written and verbal). • Ability to work effectively with a wide range of cultures in a diverse community and to work collaboratively with management teams throughout the organization and to be seen as a valuable expert resource to be sought out. • Exceptional time management and organizational skills required. • Ability to make effective and persuasive speeches and presentations to senior management. APPLY