To manage the Technology Security Governance, Risk, Compliance and Assurance needs across Telecel Ghana. To further provide security assurance, guidance and support to high profile projects according to company defined policies and requirements, best practice and local/international standards (PCI, SOX, ISO27001, GDPR, POPIA and Cyber Crime Bill of 2015) relevant to the technology security area. This role requires the individual to have credible experience in Information Security and Cyber Security Governance, Risk and Assurance based on proven frameworks such as COBIT 5, ISO27001/2, and the NIST Cybersecurity Framework.
Key Accountabilities and Decision Ownership
•The incumbent will direct, develop, implement, monitor, and maintain a comprehensive Telecel Ghana information security governance, risk, and compliance strategy
•Provide technology security assurance, guidance, and support to high profile projects,
•Ensure security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Telecel Ghana network
•Defining, implementing, and efficiently maintaining technology security controls and requirements
•Ensure timely delivery of technology security assurance and support for projects
•Ensure compliance with Legal and Regulatory requirements
•Manage, plan, implement and monitor Telecel Ghana information security awareness and training program.
•Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options
•Participate in creation and execution of technology security strategy
•Ensure alignment of information security governance with the Telecel Ghana’s business objectives, the information security strategy, plans and controls
•Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite.
•Lead, develop, manage, and maintain the network-wide information security governance deliverables lifecycle including compliance measurement, deviations, and exemptions.
•Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement.
•Interpret and manage the controls and capabilities required for Telecel Ghana to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s).
•Develop, manage, and implement the Telecel Ghana information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill)
•Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments.
•Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions.
•Participate in IT general controls and compliance testing activities and/or audits.
•Lead, develop and maintain a comprehensive and effective Telecel Ghana information security risk, threat and vulnerability management capability that effectively anticipates the latest threat and vulnerabilities for Telecel Ghana, as well as assesses and reduces information security risk to within the corporate risk appetite
Core Competencies, Knowledge and Experience
•Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
•A diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.
•Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
•Windows, UNIX and Linux operating systems.
•Practices and methods of enterprise architecture and security architecture
•Network security architecture development and definition.
•Web Security & Encryption
Technical/ Professional Qualification
•Bachelor’s degree in computer science, Information Security, Engineering or Technology or other related fields.
•Minimum of 5+ years of experience in Tech Security role.
•Knowledge of technology management/compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST
