JOB PURPOSE
You are responsible for the overall Information Security (IS) program for MIC Tanzania. You will communicate and coordinate closely with key business stakeholders to address information protection needs as well as implement and maintain the global IS program to ensure that information assets are adequately protected, you are the liaison between executive management and the Information Security program. A key element of your role is working with executive management to determine acceptable levels of risk for the organization and through outstanding leadership, ensure cross-functional cooperation and communication, to support all Business Units in implementing the Information Security framework across the organization.
Also you will be responsible for the implementation of the global IS framework in MIC Tanzania including policies, processes and standards, identify, evaluate and report on Information Security risks in a manner that meets the risk appetite of the company, Compliance and Regulatory requirements. You drive and implement the IS Training & Awareness program for all employees and third parties with access to Millicom’s information as well as to spearhead IS Incidents Response activities.
This position reports to the Head of Operations, with a matrix line to the Global ISO, or report directly to the IS structure.
THE WAY WE WORK
You are open-minded, passionate and the way you work energizes others. You are committed to the timely delivery of a job well done. You behave with integrity and transparency.
You are responsible for the overall Information Security (IS) program for MIC Tanzania. You will communicate and coordinate closely with key business stakeholders to address information protection needs as well as implement and maintain the global IS program to ensure that information assets are adequately protected, you are the liaison between executive management and the Information Security program. A key element of your role is working with executive management to determine acceptable levels of risk for the organization and through outstanding leadership, ensure cross-functional cooperation and communication, to support all Business Units in implementing the Information Security framework across the organization.
Also you will be responsible for the implementation of the global IS framework in MIC Tanzania including policies, processes and standards, identify, evaluate and report on Information Security risks in a manner that meets the risk appetite of the company, Compliance and Regulatory requirements. You drive and implement the IS Training & Awareness program for all employees and third parties with access to Millicom’s information as well as to spearhead IS Incidents Response activities.
This position reports to the Head of Operations, with a matrix line to the Global ISO, or report directly to the IS structure.
THE WAY WE WORK
You are open-minded, passionate and the way you work energizes others. You are committed to the timely delivery of a job well done. You behave with integrity and transparency.
Key Responsibilities
• ORGANIZATION & PEOPLE
o Coordinate and oversee the IS Manager and Business Continuity Manager’s activities.
o Accountable for all IS activities in his Operation’s business units and Factory groups, including BCM.
o Exercise oversight to the IS program within the business, including framework, policies, standards, and related reporting.
o Assist in the implementation of Millicom IS Standards at the business level to ensure procedures and practices comply with those standards.
o Establish relationships and interact regularly with employees and business management on the IS program, policies and standards.
o Influence behavior through constant communication educating and advising the business on IS practices and requirements.
o Provide general IS consulting services including interpretation and/or clarification of Millicom IS Standard and IS best practices, and is consulted as a subject matter expert for IS topics.
o Ensure that the IS Training & Awareness activities are performed as per Millicom IS Standard requirements.
o Ensure Information Owners periodically review their Asset Classification.
o Leverage the ISO network to have access to resources, seek out best practices, and create efficiency.
o Participate in the IS community on committees and cross-business / functional opportunities to provide adequate representation for IS aspects, e.g., Security Committee.
o Develop and communicate a common vision for the IS team that is in line with the global IS vision statement.
o Manage allocation of Information Security staff according to business requirements.
o Manage talent including recruitment, development, training and retention of key staff in accordance with Millicom’s Strategic Plan and Human Resources policies.
o Develop and maintain a viable succession plan.
• CONSUMER AND BUSINESS SERVICES DELIVERY & NETWORK, PLATFORMS, BILLING & FACILITIES
o Ensure that IS risk is managed during the development of new products and applications, and that risks are mitigated during the products and systems development process. Ensure that the Application IS review process is executed in accordance with the Secure-SDLC (Secure System Development Life-cycle) process, to ensure that applications appropriately protect the confidentiality and integrity of business information stored and processed by them.
o Ensure that secure configurations are defined and implemented, leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas. Ensure that the Infrastructure IS Review process is executed in accordance to the IS Standard.
o Work with the Factory group to support the periodic Application and Infrastructure IS Review process.
o Participate in the definition and implementation of procedures according to corporate guidelines and standards.
o Demonstrate knowledge of Intrusion Detection Systems as well as a thorough knowledge of server and desktop configurations as they relate to system security.
o Participate in the evaluation and selection of applications and systems with specific focus on IS implications.
o Participate in the planning and implementation of IS administration for IT projects.
o Ensure that technical controls are embedded in day-to-day operations and that remediation of non-compliance is documented and addressed.
o Assist the system development and infrastructure units to identify IS risks and controls for the development of products and systems.
o Guides the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment.
o Monitors that Vulnerability Assessments (ethical hacks) are performed as required in the IS Standards, ensuring that issues are addressed in a timely manner, for the applications and infrastructure, including those that are not managed by Millicom technology groups; e.g., vendor-managed, vendor-hosted, cloud computing providers.
o Lead IS incidents response activities by helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
o Engage a subject matter expert or another senior ISO when additional technical knowledge is required.
o Escalate to the Global ISO and business managers as appropriate.
• TECHNICAL AND BUSINESS STRATEGY
o Have broad understanding of Identity Access Management, Threat and Vulnerability Management, Information Security Architecture, and Data Protection.
o Ensure alignment of IS program with business strategy.
o Plan and execute the IS strategy for his Operation. Coordinates IS activities with business plans.
o Drive constructive procedural changes to ensure effective risk-based implementation of IS requirements.
o Summarize the IS status to the managers in business terms.
o Articulate the value of IS controls and its bottom line impact.
o Work with the business to interpret and translate specific IS business requirements into technical requirements.
o Establish and maintain relationships with domain architects, developers, project managers, system administrators and others within the Factory group.
o Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level.
o Guide the business and technical units in the implementation of approved security tools, and continuously identify innovative and enhanced security solutions / emerging technologies for the ‘Security Component Evaluation Task Force’ review and certification.
• STRATEGIC QUALITY
o Ensure that IS characteristics are included as part of the quality framework in all product development.
• PROCUREMENT & SUPPLY CHAIN
o Support the business by reviewing contract language as it relates to IS.
o Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts.
o Ensure that the Third Party IS Assessment is performed.
• PROFITABILITY & COST CONTROL
o Ensure the Operations include the global guidelines and priorities in the IS Budget exercise.
o Deliver in a timely and cost effective manner all CAPEX commitments
o Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget
• RISK MANAGEMENT, PROCESSES AND CONTROLS
o Lead the implementation of the Millicom Information Security framework, including BCM and DRP frameworks.
o Perform IS Risk Management for the business units’ processes, applications and supporting technology infrastructure. Ensure IS Risk Assessment is performed according to Millicom standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies.
o Manage risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills.
o Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors.
o Develop corrective action plans for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Millicom requirements or industry best practices.
o Review status of IS program and oversees corrective action when necessary.
o Identify the need for and develop new and improved technical procedures and process control manuals.
o Provide periodic IS risk management reports highlighting key issues and corrective action plans.
o Partner with business coordinators in other disciplines; e.g., Internal Audit, Revenue Assurance, Process Management, Records Management, etc.
• ORGANIZATION & PEOPLE
o Coordinate and oversee the IS Manager and Business Continuity Manager’s activities.
o Accountable for all IS activities in his Operation’s business units and Factory groups, including BCM.
o Exercise oversight to the IS program within the business, including framework, policies, standards, and related reporting.
o Assist in the implementation of Millicom IS Standards at the business level to ensure procedures and practices comply with those standards.
o Establish relationships and interact regularly with employees and business management on the IS program, policies and standards.
o Influence behavior through constant communication educating and advising the business on IS practices and requirements.
o Provide general IS consulting services including interpretation and/or clarification of Millicom IS Standard and IS best practices, and is consulted as a subject matter expert for IS topics.
o Ensure that the IS Training & Awareness activities are performed as per Millicom IS Standard requirements.
o Ensure Information Owners periodically review their Asset Classification.
o Leverage the ISO network to have access to resources, seek out best practices, and create efficiency.
o Participate in the IS community on committees and cross-business / functional opportunities to provide adequate representation for IS aspects, e.g., Security Committee.
o Develop and communicate a common vision for the IS team that is in line with the global IS vision statement.
o Manage allocation of Information Security staff according to business requirements.
o Manage talent including recruitment, development, training and retention of key staff in accordance with Millicom’s Strategic Plan and Human Resources policies.
o Develop and maintain a viable succession plan.
• CONSUMER AND BUSINESS SERVICES DELIVERY & NETWORK, PLATFORMS, BILLING & FACILITIES
o Ensure that IS risk is managed during the development of new products and applications, and that risks are mitigated during the products and systems development process. Ensure that the Application IS review process is executed in accordance with the Secure-SDLC (Secure System Development Life-cycle) process, to ensure that applications appropriately protect the confidentiality and integrity of business information stored and processed by them.
o Ensure that secure configurations are defined and implemented, leveraging technical knowledge and problem solving skills in the network, database, server and desktop technology areas. Ensure that the Infrastructure IS Review process is executed in accordance to the IS Standard.
o Work with the Factory group to support the periodic Application and Infrastructure IS Review process.
o Participate in the definition and implementation of procedures according to corporate guidelines and standards.
o Demonstrate knowledge of Intrusion Detection Systems as well as a thorough knowledge of server and desktop configurations as they relate to system security.
o Participate in the evaluation and selection of applications and systems with specific focus on IS implications.
o Participate in the planning and implementation of IS administration for IT projects.
o Ensure that technical controls are embedded in day-to-day operations and that remediation of non-compliance is documented and addressed.
o Assist the system development and infrastructure units to identify IS risks and controls for the development of products and systems.
o Guides the business to ensure that IS risks, controls, and tests are embedded in the IS Risk Self-Assessment.
o Monitors that Vulnerability Assessments (ethical hacks) are performed as required in the IS Standards, ensuring that issues are addressed in a timely manner, for the applications and infrastructure, including those that are not managed by Millicom technology groups; e.g., vendor-managed, vendor-hosted, cloud computing providers.
o Lead IS incidents response activities by helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
o Engage a subject matter expert or another senior ISO when additional technical knowledge is required.
o Escalate to the Global ISO and business managers as appropriate.
• TECHNICAL AND BUSINESS STRATEGY
o Have broad understanding of Identity Access Management, Threat and Vulnerability Management, Information Security Architecture, and Data Protection.
o Ensure alignment of IS program with business strategy.
o Plan and execute the IS strategy for his Operation. Coordinates IS activities with business plans.
o Drive constructive procedural changes to ensure effective risk-based implementation of IS requirements.
o Summarize the IS status to the managers in business terms.
o Articulate the value of IS controls and its bottom line impact.
o Work with the business to interpret and translate specific IS business requirements into technical requirements.
o Establish and maintain relationships with domain architects, developers, project managers, system administrators and others within the Factory group.
o Drive recommendations for new or emerging IS technologies in response to organizational needs at the local level.
o Guide the business and technical units in the implementation of approved security tools, and continuously identify innovative and enhanced security solutions / emerging technologies for the ‘Security Component Evaluation Task Force’ review and certification.
• STRATEGIC QUALITY
o Ensure that IS characteristics are included as part of the quality framework in all product development.
• PROCUREMENT & SUPPLY CHAIN
o Support the business by reviewing contract language as it relates to IS.
o Engage with Supply Chain Management to ensure that IS requirements are included in Requests for Proposals and in vendor contracts.
o Ensure that the Third Party IS Assessment is performed.
• PROFITABILITY & COST CONTROL
o Ensure the Operations include the global guidelines and priorities in the IS Budget exercise.
o Deliver in a timely and cost effective manner all CAPEX commitments
o Constantly control and optimize OPEX by leading the preparation and execution of an annual actionable cost savings plan as part of the budget
• RISK MANAGEMENT, PROCESSES AND CONTROLS
o Lead the implementation of the Millicom Information Security framework, including BCM and DRP frameworks.
o Perform IS Risk Management for the business units’ processes, applications and supporting technology infrastructure. Ensure IS Risk Assessment is performed according to Millicom standards by partnering with the businesses throughout the Risk Assessment process and determine the impact of control deficiencies.
o Manage risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills.
o Proactively manages risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with Internal Control officers and Internal Auditors.
o Develop corrective action plans for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Millicom requirements or industry best practices.
o Review status of IS program and oversees corrective action when necessary.
o Identify the need for and develop new and improved technical procedures and process control manuals.
o Provide periodic IS risk management reports highlighting key issues and corrective action plans.
o Partner with business coordinators in other disciplines; e.g., Internal Audit, Revenue Assurance, Process Management, Records Management, etc.
Position Requirements
QUALIFICATION AND EXPERIENCE
• Bachelor's degree in telecommunications and/or information technology, engineer, business management or related field.
• Master’s degree is desired (in fields such as Information Systems Management, MBA).
• IS certification, e.g. CISSP, C| CISO, CISM, CISA, Cobit.
• 6+ years of work experience, including 5 years in managing a technology related department.
• 5+ years of experience in managing IS programs including, but not limited to:
o Creating and implementing IS policies that align with business needs and devising methods to measure the effectiveness of the policies
o Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus.
• Experience with technology infrastructure, security engineering and/or application development.
• Knowledge in project management
• In depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms.
• Aware of key government regulations and local laws to ensure that actions comply with these requirements
• Information Technology understanding across multiple platforms (windows, Unix, database engines, middleware servers, etc.) and development methodologies (internal, outsourced, software factory, etc.).
• Understanding of software architecture design (client/server, SOA, web 2.0, etc.),
• Understanding of software development, Internet technologies and programming. Fully aware of development lifecycle components.
CORE COMPETENCIES
• Proven leader with excellent communication skills and ability to interface with all levels of the enterprise.
• Business orientation and able to interpret and apply policies, standards and procedures.
• High-level strategic thinking.
• Strong risk analysis and problem solving skills.
• Able to explain complex and technical principles. Able to convey ideas to senior management and staff.
• Excellent interpersonal skills and high capacity to adapt to changing business and organizational conditions.
• Ability to engage in effective and persuasive negotiations and to make quick and effective decisions.
• Ability to work effectively with a wide range of cultures in a diverse community and to work collaboratively with management teams throughout the organization and to be seen as a valuable expert resource to be sought out.
• Exceptional time management and organizational skills required.
• Ability to make effective and persuasive speeches and presentations to senior management.
• Ability to produce accurate and timely information in a high dynamic work environment.
• Strong communication skills (written and verbal).
QUALIFICATION AND EXPERIENCE
• Bachelor's degree in telecommunications and/or information technology, engineer, business management or related field.
• Master’s degree is desired (in fields such as Information Systems Management, MBA).
• IS certification, e.g. CISSP, C| CISO, CISM, CISA, Cobit.
• 6+ years of work experience, including 5 years in managing a technology related department.
• 5+ years of experience in managing IS programs including, but not limited to:
o Creating and implementing IS policies that align with business needs and devising methods to measure the effectiveness of the policies
o Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment, secure configurations, patches management, antivirus.
• Experience with technology infrastructure, security engineering and/or application development.
• Knowledge in project management
• In depth knowledge of IS Standards, e.g. ISO 27001 and of IS technologies and issues on standard platforms.
• Aware of key government regulations and local laws to ensure that actions comply with these requirements
• Information Technology understanding across multiple platforms (windows, Unix, database engines, middleware servers, etc.) and development methodologies (internal, outsourced, software factory, etc.).
• Understanding of software architecture design (client/server, SOA, web 2.0, etc.),
• Understanding of software development, Internet technologies and programming. Fully aware of development lifecycle components.
CORE COMPETENCIES
• Proven leader with excellent communication skills and ability to interface with all levels of the enterprise.
• Business orientation and able to interpret and apply policies, standards and procedures.
• High-level strategic thinking.
• Strong risk analysis and problem solving skills.
• Able to explain complex and technical principles. Able to convey ideas to senior management and staff.
• Excellent interpersonal skills and high capacity to adapt to changing business and organizational conditions.
• Ability to engage in effective and persuasive negotiations and to make quick and effective decisions.
• Ability to work effectively with a wide range of cultures in a diverse community and to work collaboratively with management teams throughout the organization and to be seen as a valuable expert resource to be sought out.
• Exceptional time management and organizational skills required.
• Ability to make effective and persuasive speeches and presentations to senior management.
• Ability to produce accurate and timely information in a high dynamic work environment.
• Strong communication skills (written and verbal).
Information Security Officer - Tigo Tanzania
Reviewed by Unknown
on
9:03:00 AM
Rating: