It encompasses security operations within Data Centres, providing support for managed security services and New Product Development (NPD)
- supporting business and technology teams by evaluating security related aspects of critical services in Airtel Money
- assessment of the solutions and services platform
- monitoring of ongoing IT & NW security projects
- application security;
- facilitating Internal and External IT audits & helping the operations team during on-ground closure of the audit observations;
- carry out investigations and forensics;
- assessment of the risks that may lead to breach of confidentiality and business disruptions;
- implementing process/technology controls to mitigate the identified risks; closely interacting with respective security heads in other OpCos;
- reviewing fraud management activities done by operations teams;
- collaborating with functions to roll-out security policies and procedures;
- ensuring availability of appropriate security IM, GSDs, and system-level implementation procedures in association with system-owners;
- owning the responsibility of ensuring ISMS implementation and successful certification (ISO 27001 and 22301) once undertaken in the airtel locations;
- reviewing functional implementation of security through ISWG and respective function heads within OpCos;
- mitigation of the risks that may arise out of Third Parties and eventually ensuring compliance to BTSP;
- preparing the dashboards for top management review,
- managing the OpCo-wide security override function, according central security approvals after evaluating associated risks;
- supporting BCP/DR activities; ensuring implementations of security controls at the critical processing areas such as shared services (RA, CSD, Finance, HR and SCM);
- monitoring compliance artefacts supporting partner security SLAs; and institutionalizing Customer Privacy Framework.
Desired Skills and Experience
Bachelor Degree of Science/ Technology/Engineering (preferably in IT or Computer Science & Engineering)
Security Certification preferred (e.g. CISA, CISSP, CEH, etc)
- The ideal candidate should have excellent knowledge of Information Security standards, policies, controls and structures prevalent in the telecom industry along with Africa operating environment.
- Extensive experience in handling information security operations or consulting for large and geographically dispersed organisations.
- A high level appreciation of Security Architecture and Infrastructure across application, middleware, OS and network domains
- Experience in operational and strategic information security risk management.
- Should have adequate knowledge of the ISO 27001 Standard.
- A detailed understanding of systems design and systems development methodologies is required.
- Should have adequate experience in handling large and complex projects
- Should be familiar with the contents of relevant Government Acts and Guidelines in the Information Technology domain.
- Excellent knowledge of information security frameworks such as COBIT.
- Knowledge and experience in the preparation of asset registers, conduct of risk assessments and in the preparation and implementation of risk treatment plans.
- Knowledge of the latest trends, technology developments, tools and methodologies in the IS Risk Management arena.
- Experience in handling geographically spread teams with proven team leadership skills.