Information Security Officer at TIGO

Role Purpose

The Local Information Security Officer (ISO) has the overall responsibility for the Information Security (IS) program for his Operation.
The ISO is the liaison between executive management and the Information Security program. The ISO communicates and coordinates closely with key business stakeholders to address information protection needs.
Implement and maintain the global IS program in his Operation to ensure that information assets are adequately protected.
Implement the global IS framework in his Operation, including policies, processes and standards.
Identify, evaluate and report on Information Security risks in a manner that meets the risk appetite of the company, as well as Compliance and Regulatory requirements. A key element of the ISO's role is working with executive management to determine acceptable levels of risk for the organization.
Through outstanding leadership, ensure cross-functional cooperation and communication, to support all Business Units in implementing the IS framework across the organization.
Drive and implement the IS Training & Awareness program for all employees and third parties with access to Millicom’s information.
Lead IS Incidents Response activities.

Key Responsibilities

• ORGANIZATION & PEOPLE
o Report to the Head of Operations, with a matrix line to the Global ISO, or report directly to the IS structure.
o Coordinate and oversee the IS Manager and Business Continuity Manager’s activities.
o Accountable for all IS activities in his Operation’s business units and Factory groups, including BCM.
o Exercise oversight to the IS program within the business, including framework, policies, standards, and related reporting.
o Assist in the implementation of Millicom IS Standards at the business level to ensure procedures and practices comply with those standards.
o Establish relationships and interact regularly with employees and business management on the IS program, policies and standards.
o Influence behavior through constant communication educating and advising the business on IS practices and requirements.
o Provide general IS consulting services including interpretation and/or clarification of Millicom IS Standard and IS best practices, and is consulted as a subject matter expert for IS topics.
o Ensure that the IS Training & Awareness activities are performed as per Millicom IS Standard requirements.
o Ensure Information Owners periodically review their Asset Classification.
o Leverage the ISO network to have access to resources, seek out best practices, and create efficiencies.
o Participate in the IS community on committees and cross-business / functional opportunities to provide adequate representation for IS aspects, e.g., Security Committee.
o Develop and communicate a common vision for the IS team that is in line with the global IS vision statement.
o Manage allocation of Information Security staff according to business requirements.
o Manage talent including recruitment, development, training and retention of key staff in accordance with Millicom’s  Strategic Plan and Human Resources policies.
o Develop and maintain a viable succession plan.

• CONSUMER AND BUSINESS SERVICES DELIVERY & NETWORK, PLATFORMS, BILLING & FACILITIES
o Ensure that IS risk is managed during the development of new products and applications, and that risks are mitigated during the products and systems development process. Ensure that the Application IS review process is executed in accordance with the Secure-SDLC (Secure System Development Life-cycle) process,  to ensure that applications appropriately protect the confidentiality and integrity of business information stored and processed by them.
o Ensure that secure configurations are defined and implemented, leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas. Ensure that the Infrastructure IS Review process is executed in accordance to the IS Standard.
o Work with the Factory group to support the periodic Application and Infrastructure IS Review process.
o Participate in the definition and implementation of procedures according to corporate guidelines and standards.
o Demonstrate knowledge of Intrusion Detection Systems as well as a thorough knowledge of server and desktop configurations as they relate to system security.
o Participate in the evaluation and selection of applications and systems with specific focus on IS implications.
o Participate in the planning and implementation of IS administration for IT projects.
o Ensure that technical controls are embedded in day-to-day operations and that remediation of non-compliance is documented and addressed.
o Assist the system development and infrastructure units to identify IS risks and controls for the development of products and systems.
o Guides the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment.
o Monitors that Vulnerability Assessments (ethical hacks) are performed as required in the IS Standards, ensuring that issues are addressed in a timely manner, for the applications and infrastructure, including those that are not managed by Millicom technology groups; e.g., vendor-managed, vendor-hosted, cloud computing providers.
o Lead IS incidents response activities by helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
o Engage a subject matter expert or another senior ISO when additional technical knowledge is required.
o Escalate to the Global ISO and business managers as appropriate.

• TECHNICAL AND BUSINESS STRATEGY
o Have broad understanding of Identity Access Management, Threat and Vulnerability Management, Information Security Architecture, and Data Protection.
o Ensure alignment of IS program with business strategy.
o Plan and execute the IS strategy for his Operation. Coordinates IS activities with business plans.
o Drive constructive procedural changes to ensure effective risk-based implementation of IS requirements.
o Summarize the IS status to the managers in business terms.
o Articulate the value of IS controls and its bottom line impact.
o Work with the business to interpret and translate specific IS business requirements into technical requirements.
o Establish and maintain relationships with domain architects, developers, project managers, system administrators and others within the Factory group.
o Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level.
o Guide the business and technical units in the implementation of approved security tools, and continuously identify innovative and enhanced security solutions / emerging technologies for the ‘Security Component Evaluation Task Force’ review and certification.

• STRATEGIC QUALITY
o Ensure that IS characteristics are included as part of the quality framework in all product development.

• PROCUREMENT & SUPPLY CHAIN
o Support the business by reviewing contract language as it relates to IS.
o Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts.
o Ensure that the Third Party IS Assessment is performed.

• PROFITABILITY & COST CONTROL
o Ensure the Operations include the global guidelines and priorities in the IS Budget exercise.
o Deliver in a timely and cost effective manner all CAPEX commitments
o Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget

• RISK MANAGEMENT, PROCESSES AND CONTROLS
o Lead the implementation of the Millicom Information Security framework, including BCM and DRP frameworks.
o Perform IS Risk Management for the business units’ processes, applications and  supporting technology infrastructure.  Ensure IS Risk Assessment is performed according to Millicom standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies.
o Manage risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills.
o Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors.
o Develop corrective action plans for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Millicom requirements or industry best practices.
o Review status of IS program and oversees corrective action when necessary.
o Identify the need for and develop new and improved technical procedures and process control manuals.
o Provide periodic IS risk management reports highlighting key issues and corrective action plans.
o Partner with business coordinators in other disciplines; e.g., Internal Audit, Revenue Assurance, Process Management, Records Management, etc.

Position Requirements

QUALIFICATION AND EXPERIENCE
• Bachelor's degree in telecommunications and/or information technology, engineer, business management or related field.
• Master’s degree is desired (in fields such as Information Systems Management, MBA).
• IS certification, e.g. CISSP, C| CISO, CISM, CISA, Cobit.
• 6+ years of work experience, including 5 years in managing a technology related department.
• 5+ years of experience in managing IS programs including, but not limited to:
o Creating and implementing IS policies that align with business needs and devising methods to measure the effectiveness of the policies
o Creating and implementing IS controls
o IS compliance with external regulations
o Aligning IS strategy with corporate governance
o Communicating with executive leadership
o Managing an Information Security team
o Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus.
• Experience with technology infrastructure, security engineering and/or application development.
• In depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms.
• Aware of key government regulations and local laws to ensure that actions comply with these requirements; e.g., Gramm-Leach-Bliley, Sarbanes Oxley, etc.
• Understanding of wireless network technologies, transmission of data over wireless networks, understanding of data communications technologies, including routers, gateways and switches. Private network and static IP.
• Information Technology understanding across multiple platforms (windows, Unix, database engines, middleware servers, etc.) and development methodologies (internal, outsourced, software factory, etc.).
• Understanding of software architecture design (client/server, SOA, web 2.0, etc.),
• Understanding of software development, Internet technologies and programming. Fully aware of development lifecycle components.
• Ability to produce accurate and timely information in a high dynamic work environment.

CORE COMPETENCIES
• Proven leader with excellent communication skills and ability to interface with all levels of the enterprise.
• Business orientation.
• High-level strategic thinking.
• Consultative / advisory skills.
• Strong risk analysis and problem solving skills.
• Able to explain complex and technical principles. Able to convey ideas to senior management and staff.
• Able to interpret and apply policies, standards and procedures.
• Program/Project management experience.
• Excellent interpersonal skills and high capacity to adapt to changing business and organizational conditions.
• Ability to engage in effective and persuasive negotiations and to make quick and effective decisions.
• Strong communication skills (written and verbal).
• Ability to work effectively with a wide range of cultures in a diverse community and to work collaboratively with management teams throughout the organization and to be seen as a valuable expert resource to be sought out.
• Exceptional time management and organizational skills required.
• Ability to make effective and persuasive speeches and presentations to senior management.


APPLY
Information Security Officer at TIGO Information Security Officer at TIGO Reviewed by Unknown on 2:08:00 AM Rating: 5

JOBS CATEGORY

Tanzania Kenya NGO JOBS Uganda Best Jobs Consultancy Rwanda ICT JOBS Administrative United Nations Sudan Best Jobs Finance Health - Medical Engineering Ethiopia Education Agricultural Lecturer Human Resources Somalia Media Congo - Kinshasa Legal Jobs Bank Jobs Monitoring and Evaluation Mining World Vision Burundi Procurement African Barrick Gold Accountant Zambia Sales and Marketing US EMBASSY East African Community Mozambique Telecoms Research CARE International Save The Children Plan International Arusha Malawi South Sudan Oxfam Scholarships African Development Bank Finance and Administration SafariCom Aviation The Commonwealth American Embassy Sales Zanzibar Environmental Catholic Relief Services Dar es salaam USAID Operations FHI 360 UNDP Security World Bank Economist TradeMark East Africa Unicef Hospitality Managers International Rescue Committee (IRC) Restless Development Accounting Civil Engineers AMREF Morogoro Utumishi AfDB African Development Bank COOPI - Cooperazione Internazionale Driver - Logistics Path International Mwanza African Union Tigo Jobs Marketing Mbeya Teaching Au African Union PSI Population Services International Pwc PricewaterhouseCoopers East African Breweries North Mara Gold Mine ACTED Djibouti Malaria Consortium Bulyanhulu Gold Mine DFID Driver Buzwagi Gold Mine Jhpiego COMESA FINCA JOBS International Jobs Adeso Danish Refugee Council Kilimanjaro Nairobi Coca-Cola Handicap International Pact International Rio Tinto Solidarités International Tender EGPAF Elizabeth Glaser Pediatric AIDS Foundation Logistics Serengeti Breweries Ltd Nation Media Group Africare Norwegian Refugee Council Samaritan's Purse Chemonics International COUNTRY DIRECTOR ICAP of Columbia University InterShips Precision Air RwandAir Marie Stopes International (MSI) Serengeti Breweries Volunteer Climate Change IGAD Tetra Tech ARD Agriculture Jobs Dodoma Iringa One Acre Fund Project Management Clinton Health Access Initiative (CHAI Technoserve Twaweza East Africa ActionAid Lutheran World Federation SADC Secretariat Tanga Vso International ACDI/VOCA Halmashauri Agha Khan Kenya Commercial Bank World Agroforestry Centre Deloitte East Africa International Organization for Migration (IOM) COMESA Secretariat: Software Engineering Safety and Security Shinyanga Jobs Tanzania Breweries Pathfinder International World Health Organization KPMG TANROADS Tanzania Electric Supply Company British Council Futures Group KCB BANK UN-Habitat WFP World Food Programme Barclays GEITA GOLD MINING TANESCO Electrical Engineer Food and Agriculture Organization GOAL Mombasa Tabora WWF World Wide Fund for Nature Microsoft Tanzania Ports Authority East African Development Bank Family Health International (FHI) IBM EAST AFRICA IntraHealth International Mercy Corps SERIKALINI - GOVERNMENT OF TANZANIA AccessBank Community Development Jobs Data Base Management Google Africa ICAP - TZ KEMRI/CDC Program WaterAid Tanzania Auditor SNV International Stanbic Bank Amnesty Horn Relief Kampala Management Systems International (MSI) Standard Chartered Bank VETA Christian Aid DIAMOND TRUST BANK Helen Keller International Help Age Mtwara Uganda Telecom Airtel Africa Equity Bank Internships Marie Stopes TCRA Web Development B B C WORLD SERVICE Human Rights Kigali Makerere University Nile Basin Initiative Kenyatta University Kigoma Mzumbe University NSSF National Social Security Fund Nile Breweries Limited Tulawaka Gold Mine University of Nairobi kenya Airways Bank of Tanzania Graduates MTN Muhimbili National Hospital Nepad Partners in Health Room to Read SUMATRA UNWOMEN African Wildlife foundation (AWF) KEMRI Kagera Librarian MENTOR Initiative Trainee USAILI - INTERVIEW Uiversity of Nairobi WaterAid International icipe Project CAFOD - Catholic Agency for Overseas Development Egerton University EngenderHealth Goal Ireland Kenyan Banks Lake Victoria Basin Commission Peace Corps TANAPA TASAF Tanzania Social Action Fund Zanzibar University ACB AKIBA COMMERCIAL BANK AGRA Alliance for a Green Revolution in Africa Advans Bank Ethiopian Airlines Freedom House IITA International Institute of Tropical Agriculture Legal Moshi NMB BANK Resolute Tanzania Singida Uganda Uganda National Roads Authority University of Dar es salaam University of Dodoma British High Commission ChildFund EWURA FilmAid International NECTA TPDC Tanzania Civil Aviation Authority (TCAA) United States International University World Concern Aga Khan Foundation CBA Commercial Bank of Africa Ecomist Ernst and Young IUCN International Union for Conservation of Nature International Medical Corps Islamic Relief Kakira Sugar Musoma National Institute for Medical Research OPEN UNIVERSITY OF TANZANIA Relief International TAA Tanzania Airports Authority Trócaire Uganda Revenue Authority VODACOM TANZANIA VSF Belgium Architects Hivos IFC International Finance Corporation Ifakara Health Institute Inoorero University International Commercial Bank Kenya Red Cross Society MADEREVA Medical Oil and Gas Pwani University College SOKOINE UNIVERSITY Tumaini University Water Engineering AWF African Wildlife Foundation Acacia Mining Accounts African Virtual University Altima Africa Ardhi University Bank of Uganda Business Development Concultancy Del Monte Kenya Embassies Kenya Airports Authority Lake Victoria South Water Services Board Mara National Bank of Commerce RECORDS MANAGEMENT JOBS RUKWA Ruvuma Search for Common Ground Songea TTCL Tanzania Telecommunications Company Limited Unilever War Child International Zinduka Afrika ACORD AKU ​Aga Khan University Africa Nazarene University Africa Rice Center (AfricaRice) Aga Khan Health Services CRDB BANK Commercial Bank of Africa Daraja Tanzania Engineers Registration Board (ERB) Fina Bank International Potato Center International Potato Center (CIP) Intrahealth Jomo Kenyatta University Kilimanjaro Christian Medical Centre Kyambogo University Lindi Jobs MCL Mwananchi Communications MUHAS-harvad Moi University NBC BANK National University of Rwanda Ngorongoro Conservation Area Authority Njombe Nuru International Nzoia sugar Company RTI International SUA SOKOINE UNIVERSITY OF AGRICULTURE THE LAW SCHOOL OF TANZANIA TRA Tanzania Revenue Authority Tanzania Postal Bank The Foundation For Civil Society Udhamini wa Masomo Western Union AIR TANZANIA Action Against Hunger (ACF) Agricultural Society of Kenya BRALIRWA Bondo University College Caritas Comoros Concern Worldwide Conservation Jobs Consolidated Bank of Kenya DHL Express Ewaso Ngiro South River Basin Development Authority Geologist Gulf African Bank INSTITUTE OF ADULT EDUCATION Jomo Kenyatta University of Agriculture and Technology Kabale University Kabale University (KAB) Kenya Ports Authority KickStart International MORUWASA Morogoro Urban Water and Sanitation Authority MSH Management Sciences for Health Mumias Sugar Company Nairobi Hospital Nkumba University Rural Electrification Agency SOKINE UNIVERSITY SONGWE STAMIGOLD Stores TACAIDS TARURA TCU Tanzania Commission for Universities Tullow Oil World Lung Foundation (WLF) ALAF Limited Aga Khan Development Network (AKDN) Aga Khan Hospital Air Malawi American Refuge Committee BENKI YA POSTA - TPB BANK BTC Belgian Technical Cooperation Bhttp://www.blogger.com/img/blank.gifank of Tanzania Bioversity International CHF International Customer Service Jobs DANGOTE DIT DAR ES SALAAM INSTITUTE OF TECHNOLOGY Danida Dar es Salaam Institute of Technology Daystar University ECOBANK ETDCO Electrical Transmission and Distribution Construction and Maintenance Company European Union IFM INSTITUTE OF FINANCE MANAGEMENT INSURANCE JOBS - BIMA ITECH Internews® Network KUITWA KAZINI Kenya Accreditation Service Kenya Polytechnic University College Kilombero Sugar Company Kisii University College Kisumu Laboratory Jobs MSD MEDICAL STORES DEPARTMENT MSF Switzerland Management Sciences for Health Manyara Maseno University Ministry of State for Planning Muteesa 1 Royal University Médecins Sans Frontières NIDA National Identification Authority Narok University College OSHA Occupational safety and Health Authority Open Society Initiative for Eastern Africa (OSIEA) PA PAC PEPSI POLICE - POLISI Petroleum EngineerS RWANDA HOUSING AUTHORITY Seychelles Songas TBC TANZANIA BROADCASTING CORPORATION TBS TANZANIA BUREAU OF STANDARDS TFDA TANZANIA FOOD AND DRUGS AUTHORITY TIB - Tanzania Investment Bank Tanzania Mortagage Refinance Company Tanzania Teachers’ Union Transmara Sugar Company Tropical Pesticides Research Institute Tumba College of Technology Twiga Cement UNESCO UNOCHA Umma University University WRP Walter Reed Project ZANTEL ao uga
Powered by Blogger.