Job Title: Manager, Information Security Management*
Location: Lagos, NG
Job Summary
Manage the planning and delivery of the Information Security
program for EMTS enterprise IT network environment covering compute, network
and storage infrastructure, supported application services and databases and
ensure adequate protection is achieved and maintained. Oversee end-to-end
information security management for the IT network environment - risk
assessments, planning and implementation of risk mitigation strategies and
initiatives in line with best practices, continuous compliance monitoring and measurement,
anchor security improvement and compliance projects, and interface with
internal auditors, and enterprise risk management on all assurance matters
Principal Functions
Tactical
Develop, manage and implement a comprehensive information
security program for Etisalat enterprise IT network environment.
Support the development, enhancement and implementation of a
comprehensive security architecture, policies, standards and processes and
ensure compliance across the IT network environment
Operational
Develop and maintain an up-to-date security posture
assessment for Etisalat enterprise IT network environment. Ensure a satisfactory/acceptable risk rating
from independent assessments is achieved and maintained
Conduct periodic review of the Etisalat IT network
environment security management framework and ensure it is refreshed and
enhanced in line with industry trends and regulatory requirements.
Work with business units and other risk management/assurance
functions (Internal Audit & Revenue Assurance) to identify gaps and
non-conformities using risk assessments, business impact analysis, system
vulnerability assessments and penetration tests etc. Develop and implement
recommendations, action plans and strategies to address identified risks and
non-conformities
Raise the security awareness and education level of Etisalat
employees (through internal bulletins, regular training and on-boarding for new
hires) and IT vendor personnel
Support security and forensic investigations and compliance
reviews as requested by internal or external auditors
Play an advisory role in application development,
acquisition or delivery projects, to assess information security requirements
and ensure that security controls are implemented as planned throughout the
project life cycle to fulfill these requirements
Prepare reports for management attention on residual risks,
vulnerabilities and other security exposures, including misuse of information
assets and noncompliance.
Conduct research, assess new threats and security alerts and
recommend and follow through on appropriate actions to mitigate them
Support the evaluation, selection and delivery of
information security solutions and projects.
Interface with others teams within and outside the IT
department in the process of delivering security solutions.
Liaise with vendors, suppliers and partners to ensure
effective optimization, adoption and delivery of solutions.
Carry out other activities as instructed by the Head,
Information Risk Management.
Educational
Requirements
First degree or equivalent in Computer Science/Engineering,
Electrical/Electronic Engineering or other numerate science.
Experience, Skills
& Competencies
Six (6) to Eight (8) years relevant work experience, with at
least three (3) years in enterprise information security management or IP
networking (planning, support) and three (3) years in a supervisory role.
Possession of relevant IT and telecommunication
certification including CISA, CISSP, CISM, CEH, ISO27001 etc.
Broad experience across the IT/network architecture stack
Good understanding of telecommunication business and
technology model.
Good understanding of business analysis and project
management methods.
Very good conceptual and analytical thinking skills
Good interpersonal and communication skills
No comments:
Post a Comment