Job Title: Senior Specialist – ERM Technology and IT
Organisation: MTN Uganda Limited
Duty Station: Kampala, Uganda
Reports to: Senior Manager – Enterprise Risk Manager
MTN-Uganda is the leading telecommunications Company in Uganda, providing payphone, fixed lines, fax/data, internet and mobile services.
Key Duties and Responsibilities:
ERM – technology/information security
- Supporting the implementation of the MTN group risk management strategy and framework as it relates to technology/information risk
- Develop, manage and implement the information security risk assurance plans
- Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;
- Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;
- Provide technical advice on products and information security controls;
- Ensure that risks envisaged in planned new systems, products & services, projects and, data migrations are flagged early, escalated as appropriate and resolved quickly.
- Evaluate and/or test solutions/systems and ensure appropriate information security and data privacy requirements and controls have been considered and incorporated into these, where necessary support the remediation of findings;
- Report information security risks in an appropriate way for different audiences;
- Manage information security investigations and incident management;
- Support for digital forensics
Data protection Officer for MTN Uganda
- Supporting the implementation of the MTN group data privacy Programme
- Develop, manage and implement the data privacy monitoring plan including regular assessments to ensure compliance to with the Uganda Data Protection & Privacy Act
- Maintain records of all data processing activities conducted by MTN Uganda
- Conduct staff training and awareness sessions in data protection and privacy
- Ensure that data subjects’ requests with respect to personal data (collected & processed by MTN Uganda) are fulfilled including informing data subjects about how their personal data is being used, what measures MTN Uganda has put in place to protect the data
- Serve as the point of contact between the person, institution or public body, and the Personal Data Protection Office.
Qualifications, Skills and Experience:
- The applicant must hold a Bachelor’s degree in information technology/ systems, computer science, computer or related field with at least five years of information technology experience, with at least two years in information security governance, risk and compliance.
- Professional risk qualification with preferably two years post-qualification experience in a complex technology and/or financial services organization e.g. CISM, CISA, CISSP
- Membership/Affiliation with Risk Management bodies e.g. ISACA is desired.
- Prior exposure and experience in implementation of Enterprise Risk Management frameworks with bias in technology and information risk in line with an organization’s technical and business environment.
- Experience in developing the appropriate information security governance and compliance measures.
- Experience in information security risk and incident management, business continuity, disaster recovery, information security incident management, auditing and conducting assessments.
- Experience in assessments against international information security standards and/or best practice such as the ISO 27000 series, NIST 800 series, COBIT;
- Able to analyze large volumes of data using data analytical tools e.g. ACL or SQL
- Strong written and verbal communication skills including management reporting at both middle and top management levels.
- Good Interpersonal skills
- Able to present and report on complex information in an innovative and informative way.
- Working under pressure to meet reporting deadlines
- Consistent demonstration of excellent written and verbal communication
- Independent attitude and team spirit.
- Conflict handling & Resolution
- Inquisitive skewed to research
Knowledge and Trainings:
- Corporate Governance frameworks e.g. ISO 27001, NIST, COBIT, Sarbanes Oxley, King IV, etc.
- Data Governance
- Information technology & security Risk;
- Ability to gauge and manage risk.
- Project Management abilities, including escalation of issues, analytical thinking and lateral creativity
MTN Uganda Limited has the obligation to safeguard its employees through providing a working environment that is safe and without risk to the health of its employees. MTN has a Vaccination policy for all its employees to be fully vaccinated against Covid-19 in order to work from its offices and premises. Female applicants are strongly encouraged to apply.
How to Apply:
All candidates who wish to join MTN Uganda Limited in this capacity should apply online
Deadline: 16th August 2022
For more of the latest jobs, please visit https://www.uganda.jobsportal-career.com or find us on our facebook page https://www.uganda.jobsportal-career.com