Activities :

Participate in Implementing the Information Security policies, process, procedures, Cyber Security and Privacy framework, and Risk Treatments controls.

Users & Accounts Management :

• Perform user access reviews according to the relevant processes.
• Drive the account certification process.
• Perform profiles reviews according to the relevant processes.
• Make awareness ofUser Access Management best practices.
• Contribute to mature the IAM framework (PPPs, provide inputs for systems improvements)
• Ensure compliance to our Segregation of Duties Standard.

Log Management :

• Ensure collection of all relevant logs from critical systems.
• Perform log analysis & generate alerts & incidents from them.
• Monitor the log management systems.

Incident Management :

• Deploy the necessary tools & adopt the necessary process to detect security incidents.
• Analyze incidents reported through various channels and ensure their follow up until closure within established MTTRs.
• Ensure incidents are managed according to the Security Incidents procedures (including post-incidents actions).
• Maintain stakeholder’s engagement to ensure timely incident closure.

Security By Design :

• Maintain the Information Security Baseline for IT & Network Systems
• Ensure the Baseline is enforced at delivery of projects and during operations
• Define the yearly awareness and execute it.

Penetration tests and technical audits :

• Establish the scope for penetration tests to be performed by partners.
• Be the SPOC for partners during penetration tests and technical audits
• Engage with stakeholders to develop appropriate countermeasures and tools from penetration testing and audits results.
• Ability to perform proof of concept on discovered risks and vulnerabilities.

Operating the Security Operation Center :

• Ensure threat protection including security information and event management (SIEM), user and entity behavior analytics (UEBA), anti-virus (AV) and intrusion detection system/intrusion prevention system (IDS/IPS)
• Analyze security events and alerts and recommend appropriate actions in response to information security incidents
• Manage network security, intrusion detection and prevention systems (ArcSight)
• Oversee/Conduct the investigation/ forensics of security breaches that occurred in MTNC environment.

Other Activities :

• Builds productive working relationships internally and externally.
• Participates in the development of and conducts security education programs.
• Frequent use of general/technical knowledge and industry/functional practices, techniques, and standards. General application of concepts and principles. Developing professional expertise.
• Maintain deep understanding of information technology, networking and infrastructure, particularly as they pertain to cyber security. − Maintain security dashboard on daily and weekly basis.
• Implement and upgrade security measures and controls (Access Control)
• Play an active role in Disaster Recovery Tests as well as Backup & Restoration tests.
• Perform any other work-related duties and responsibilities that may be assigned from time-to time by management.
• Participate and facilitate the Audit process through follow up on resolution of audit findings and reporting on the outcomes.

Education / Business Degree :

• Minimum of 3-year degree in Computer Science, Telecommunication, Information Technology/Systems, or related field from a reputable institution.
• Fluent in French and English

Training/Certification :

• LPI 2
• CCNA Security
• MCSA
• CEH
• OSCP
• Comptia +
• GIAC CIH

Work Experience :

• Minimum of 3 years’ experience in implementing information security, with experience in supervising others
• Experience working in a medium to large organization.
• Experience in working in cross-functional Team or project.
• Experience in coordinating and overseeing security testing procedures.
• Experience in programming and administrating IT solutions is an advantage.
• Experience in automating/programming some checks/controls to increase efficiency

Knowledge :

• Good Information Security Culture (Threats, Risks Management, Vulnerabilities, Standards, etc.)
• IT & Network General Knowledge (ISO Model, Computer Architecture, Web Applications Architecture, etc.)
• IT & Network Security Fundamentals
• Security Incidents Management − User Access Management (Access Reviews audits, Account certifications, Segregation of Duties, etc.) Page 2 of 5 FM-HR-O500 Sensitivity: MTN Internal
• Business Continuity Management (Backups, Disaster Recovery, etc.) − Endpoint Secure Configurations (mostly desktops, mobile and laptops): EDR, Antivirus, Patch Management, SCCM, CIS, Tenable, etc.
• Logs Management and SIEM (ArcSight, Syslog)
• ICT industry and benchmarking practices
• System Administration Knowledge and Basic skills will be a plus (Unix, Windows)
• Capacity to replay well known vulnerabilities or vulnerabilities reported by audits reports
• Programming skills (python, bash, powershell, nodejs) are highly appreciated.

Skills :

• Analytical Thinker
• Problem Solver
• Operational Value Creator
• Culture and Change Champion
• Results Achiever
• Operationally Astute.

Behavioral qualities :

• Directs people
• Detail-oriented
• Manages time.