Specialist, Technology & Cyber Security Audit at MTN

Job description

Job Summary

• Responsible for executing technology, security and network audit and advisory engagements relating to governance, risk management and internal controls (GRC) processes, implemented to manage the company’s risk exposures.

• The role shall provide insights into the performance of audit engagements to provide the Board, ARAMLC and Management assurance that (GRC) processes are adequate and operating effectively to achieve the organization’s objectives.

Job Context

• Evolving Fintech industry, diversifying telco-to-techno landscape and Evolving industry ecosystems

• Rapidly changing Technology environment

• Achievement of top quartile operating efficiency and effectiveness through scale and common policies and processes

• Driving growth through business intelligence and standardization to maximize business impact

• Management of customer and supplier expectations

• Enhance MTN position as a leading network and system provider

• Constant dynamics and local challenges in the economic, regulatory and legal environments

• Increased focus on and scrutiny over MTNs governance practices and control environment

• Shifting Audit landscapes and Evolution of Audit approaches to include multiple lines of defence

• Constant dynamic risk challenges faced

• King IV Corporate Governance Principle

• Shared Services Hub (SSH) Operating Model, Outsourced IT and Telecom services

• Cloud services, virtualization, complex networks and technologies

Internal Audit (IA) and Combined Assurance (CA) Methodologies, RM Frameworks, Policies, Processes and Procedures.

Job Role

• Implement technology, security, and network infrastructure audit plans, to identify risks and vulnerabilities on the control areas and to ensure that processes and systems comply with company policies, and statutory and regulatory policies and review adequacy and effectiveness of specific controls as assigned

• Ensure that all audits and assessments, are conducted on the effectiveness of the control areas, such as: information security, network updates, upgrade and development lifecycle, disaster recovery reviews, pre and/or post implementation review, network project management, network project governance, network controls risk management, network acquisition, blueprint and implementation reviews, network systems and infrastructures process and control reviews.

• Prepare/review final audit report, ensuring plan execution, consistency, quality and adherence to standards and methodologies; Ensure that recommendations provided to enhance network systems and security controls are in line with best practices and provides analysis on the business impact of these changes.

• Provide input into the audit plan and programme, to ensure effectiveness’ of the risk management through internal audit, on area of specialization; Keep up to date with new technology solutions to mitigate risk exposures of network systems and network security vulnerabilities and provide recommendations for the adoption of these solutions, when it can have a positive impact in ensuring tighter and more robust controls.

• Provide meaningful recommendations to Senior Specialist Technology & Cyber Security Audit on the integration of current best practices in technology and security audit with processes and systems in use, to ensure a solid and robust control framework.

Assist with the development of methods, processes, and systems to enhance effectiveness and meet organisational goals.

• Serve as an active member of the technology, cyber security audit team directly executing high risk/priority internal audits on network technology, systems, and security controls: through Analyzing reports and logs, conducting system and related process audits, conducting interviews and testing, preparing database updates, providing status reports, and preparing final audit reports, in line with internal standards and methodologies.

• Conduct regular systems and security controls assessments, ensuring that any changes to the system, such as updated, upgrades, system changes are monitored and done according to the company’s policies and procedures and statutory and regulatory policies.

• Perform technical, information security and IT general controls audit of existing and planned systems/infrastructure including but not limited to network devices, operating systems, databases, and other applications deployed in The Company.

• Serve as an internal consultant to management and staff on internal control and operational issues.

• Maintain all company and professional ethical standards and ensure internal audit activities are carried out in compliance with The International Standards for the Professional Practice of Internal Auditing (Standards) and IIA Code of Ethics

• Actively ensure internal audit processes are fully complies with Internal Audit methodologies and IIA Standards for the Professional Practice of Internal Audit (SPPIA).

• Fully completed audit working papers

• Ensure accurate findings of audit outcomes in properly recorded in the Audit Report.

Qualification Required & Experience

Education

• Minimum of a Degree in Information Systems/Computer Science.

• Certified Information Systems Security Professional (CISSP)/ Certified Information System Manager/ Certified Information Systems Auditor (CISA) – a plus.

• Network, operating system and database certifications a plus.

Experience

• Minimum of three (3) years’ experience in information security and/or information systems audit.

• General understanding of Industry and regulatory environment.

Competencies

Professional/Technical Competencies:

• Thorough knowledge and understanding of technology and cyber security risk and control frameworks.

• Analytical skills and proficient in the use of ACL, IDEA and other CAATS.

• Knowledge in SQL and programming/scripting skills.

• Knowledge in Data Analytics and Power BI.

• Experience in penetration testing.

• Experience in risk management, governance, technology, security and compliance audits in a Bank or Fintech.

• Understanding of complex IP/MPLS networks and technologies.

• Practical knowledge of auditing standards, practices, and techniques.

• Computer application used in auditing and data processing.

• Ability to plan, implement and maintain a comprehensive audit program and audit activities.

• Analyze, evaluate, and resolve basic internal control problems.

• Ability to identify information security vulnerabilities and technical controls standards for networks, operating systems, and databases.

• Critical thinking and analytical skills

• Project Management as relates to audit engagements.

Must live the MTN Values of

• Lead with Care, Collaborate with Agility, Serve with Respect, Can Do with Integrity, Act with Inclusion

Must exhibit the MTN Vital Behaviors of

• Complete Candor, Complete Accountability, Active Collaboration & Get it done.

Location: Accra

Required Skill Profession

Other General