AirtelTigo Vacancies 2018

The successful candidate for this role will join our IT Services team as Information Risk and Security Engineer in the Technology Department. (S)He will report to the Director, Information Security and will administer, maintain, monitor and follow up on all implemented security systems in the company. This will include information systems access controls, information security, incident management, information asset management, communications and operations system management.

Job Description

Job Title: Information Risk & Security Engineer

Key Responsibilities

• Review the configuration of systems and platforms; implement any modifications needed for assuring compliance with policies, standards and best practices, such as ISO 17799, 27001/2, CobiT and ITIL;
• Apply the enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization;
• Conduct researches, evaluate and recommend information-security-related hardware and software, including developing business cases for security investments;
• Liaise with other stakeholders and members of the information security team to identify, select and implement technical IS controls;
• Collaborate with relevant stakeholders on critical IT projects to ensure that security issues are addressed throughout the project life cycle;
• Design and execute implementation of security tools including networks and deliver them to production;
• Document system security and emergency measure policies, procedures, and tests;
• Manage security incidents and events to protect corporate and customer assets;
• Define and implement specific controls for assuring integrity and security of the information and services;
• Conduct Information Security risk analysis;
• Coordinate information security and risk management projects with staff from the IT organization and business unit teams;
• Advise security administrators on normal and exception-based processing of security authorization requests;
• Develop a common set of security tools and define the operational parameters for their use and further conduct reviews of tool output;
• Define testing criteria for systems and applications;
• Plan vulnerability-scanning and penetration-testing and design risk treatment plan;
• Research and assess new cyber threats and security alerts, and recommend remedial actions;
• Participate and support security assessment and awareness programs;
• Responsible for managing the information security network and systems;
• Implement and reinforce information systems security policy, standard and procedures;
• Execute and monitor information security controls;
• Ensure computer endpoint security;
• Ensure network security solutions are in place;
• Perform penetration and vulnerability tests and follow up on risk treatment plan;
• Enforce polices and processes within Network function including but not limited to access Control (physical, logical, remote), user ID & Access Control, Node to Node, User to Node, Node to User communication;
• Ensure security, confidentiality, accountability, availability, integrity and privacy of the network information and parameters through process formulation and adherence to ensure all employees sign a Non-Disclosure Agreement (NDA);
• Ensure vendors and partner apply the security rules;
• Plan and execute Capex for Information Security;
• Preparation and application of processes and procedures;
• Establish controls to ensure that all security procedures are applied;
• Ensure the availability of correct information related to the subscribers according to local law;
• Ensure the availability of information related to the traffic (voice and data) by subscribers according to local law;
• Check the correctness of the requests received by the Judicial Authority and ensure that all the answers are given on time;
• Participate in fraud detection & prevention workshops and train function teams for prevention of such acts;
• Perform routine and scheduled audits on all IS aspects for the network;
• Act as Single Point of Contact for internal and external audits, facilitate and coordinate audit related information to auditors and maximize audit scores.

Required Qualification and Experience

• A University Degree in any field with emphasis on Information Technology, Computer Science, Telecommunications Engineering or other Technology related discipline. Possession of an MBA/MSC in in finance or business administration will be an added advantage;
• Professional certification, such as Microsoft Certified System Engineer (MCSE), CCNA/CCNP, CISA, Certified Ethical Hacker (CEH) or other information security certification is preferred;
• A minimum of Two (2) to Three (3) years of experience in Information Security preferably in telecoms, banking or auditing firms.
• Ability to advise peers and superiors effectively;
• Excellent interpersonal and communication skills;
• Good project management background;
• Ability to work closely with different departments, consultants and external auditors;