Consultant - Incident Management

Roodepoort, Gauteng, South Africa

MTN

MTN is Africa’s largest mobile network operator, sharing the benefits of a modern connected life with 272m customers in 19 markets across Africa and Middle East

View all jobs at MTN

Apply now Apply later

The Consultant: Incident Management will be responsible to manage and oversee the information security incident process across the Group and OPCOs to ensure consistent detection, diagnoses, analysis and response to security incidents within MTN and ensure minimal disruption to business and to restore normal service operations in an optimal timeframe. The Incident Management role will focus on embedding best practice processes, tools and frameworks to the Group to provide seamless customer experience (internal/ external) perspective.

 

Context 

 

MTN is entering a new phase in its lifecycle where operational and commercial excellence has become critical for success. The urgency for change has become more heightened amidst increased competitive intensity across all markets in which MTN operates. The Consultant Incident Management must therefore ensure the successful delivery in context of:

  • An expertise-based multicultural organisation 
  • A dynamic and evolving field of Telecommunications
  • Revolutionary workforce practices which are bringing together global labour markets
  • Management of executive and local shareholder expectations across MTN and its OpCos
  • Achievement of top quartile operating efficiency and effectiveness through scale and common policies and processes
  • Dynamic legal and regulatory environment
  • Convergence in markets and exploration of non-traditional revenue streams requiring complex interpretation and structuring
  • Evolving industry sector constantly presenting new challenges and opportunities to the core businesses
  • Rapid horizontal and vertical expansion of MTN, in terms of size, products, customers and geographic distribution

 

Values

We at MTN are a purpose and value-led organization. At MTN, we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work, everyday. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood and empowered to live an inspired life.

 

Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA.

 

As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us,

Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers and stakeholders with a vision to realise our shared goals.

 

Live Y’ello

  • Lead with Care
  • Can-do with Integrity
  • Collaborate with Agility
  • Serve with Respect
  • Act with Inclusion

The Consultant Incident Management is responsible for the following Key Performance Areas

  • Input Incident management protocols and governance in the overall information security strategy in line with the overarching business goals, customer needs and Group security framework. 
  • Input into the effective implementation of the strategy by means of providing, incident management status, best practice sharing and portfolio with key resolutions and problem-solving capabilities. 
  • Drive improvement across the business to achieve the optimal service quality deliverables 
  • Manage incident management progress and resolution 
  • Conduct root-cause analysis on security incidents across the business
  • Define a problem-solving database with identified incidents, share this knowledge with the OPCO staff responsible for incidents as well as the extended senior management team
  • Define touchpoints for integration of the security incident process with other organizational processes including service level management, capacity and availability management, change management, problem management, HR, Legal, Communication, crisis management, incident management, Asset and Configuration management 
  • Drive synergies and operational efficiencies by proactively identifying resolutions
  • Monitoring and tracking of the incident impacts to the business operations at the OpCo’s
  • Define the incident management process and policy for information security across the business both at Group and OpCo, including definition of incidents, classification and prioritization and standard target resolution times. To be aligned with ITIL, COBIT, NIST, and/or ISO 27035 as driven by business requirements. 
  • Implement an information security framework, toolkits and standards group-wide
  • Monitor incidents across the OpCo’s to define common themes and opportunities for improvement 
  • Define metrics to measure the severity of the incident cases logged 
  • Deliver best practice cyber-security incident management capabilities 
  • Educate the business on incident management 
  • Provide incident management inputs into ad-hoc projects reporting 
  • Contribute to vendor relationship management, for external incidents impacting business and customers.
  • Perform root cause analysis for incident management and facilitate execution of corrective action
  • Identify potentially sensitive issues and escalate it to the appropriate level
  • Provide information on work accomplishments, problems, progress in work processes, individuals and team needs
  • Report dashboards on various performance metrics internally to Senior Management (Exco, Group Risk etc) as well as cross functional teams and externally to vendors.
  • Provide Incident Management inputs across all projects and initiatives for Group information security to ensure alignment to business & procurement needs;
  • Manage the risks, issues, dependencies and set mitigation actions
  • Coordinating the process of continuous improvement in respect to Incident Management and best practices. 
  • Facilitate periodic independent assessments of the status of incidents, the incident management process and governance in the group and OpCo’s
  • Drive implementation and maintenance of incident management disciplines and controls
  • Review performance against agreed Key Performance Indicators (KPIs) 
  • Ensure provision of appropriate support to commercial functions; and
  • Evaluate & Monitor incident resolution metrics and results
  • Monitor benefits realization
  • Assist the internal audit function in terms of audit planning to ensure that information security incident components are incorporated within the Audit;
  • Resolve information security audit issues and risks identified (in relation to incident management) across MTN Opco’s.
  • Identification of root causes for the lack of compliance
  • Collaborate and provide incident management results and metrics for consistent reporting for operational and governance purposes; collaborate and coordinate remediation plans and activities
  • Initiate consequence management for non-compliance (internal/ external)
  • Report on challenges and risk identified to the senior management team
  • Oversee project initiative budgets in line with business objectives; and
  • Drive initiatives that will ensure that “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers.
  • Embed an incident management cost controls with alignment to business budgets
  • Deploy and redeploy resources to get the work done
  • Manage both internal and external development partners to accomplish tasks
  • Build and enforce a customer centric approach 
  • Set up, direct and guide effective project teams
  • Encourage collaborative teamwork
  • Serve the OPCOs in establishing and enhancing their Incident Management capabilities
  • Identify training requirements and facilitate the training of staff (Group and Opco) in the Incident management and response disciplines (aligned to detect, respond and recover in the NIST Cyber security framework) 
  • Build professionalism, loyalty and commitment to the organization
  • Communicate actively and effectively resolving any potential conflicts that may arise
  • Have the self-insight and flexibility to adapt to different situations
  • Manage boundaries that separate units in order to optimize workflow

 

Collaboration

Responsibility towards:   

Key external stakeholders: 

  • External contractors & partners 
  • External Auditors (Group & OPCOs)
  • Partners
  • Distributors
  • Vendors (Group & OPCOs)
  • Law enforcement agencies (Across all countries)
  • Third Parties (Group & OPCOs)
  • Legislative Bodies (Across all countries)
  • Network/Firewall/System Administrators (OPCOs)

 

Key internal stakeholders:   

  • Executive GIS
  • Regional VP’s
  • OpCo Senior Management 
  • Governance Forums (Group & OPCOs)
  • Audit Committee (Group & OPCOs)
  • Internal Auditors (Group & OPCOs)
  • Business Risk (Group & OPCOs)
  • Compliance (Group & OPCOs)
  • Information Technology (Group & OPCOs)
  • Cyber Security Team (Group & OPCOs)
  • Network/Firewall/System Administrators (OPCOs)

Education:

  • 4-year Engineering/ Computer Science Degree or equivalent
  • CISSP certification advantageous
  • ISO 27035 training / certification advantageous
  • Other preferred certifications are: CISA, CISM, CGEIT, CRISC, CBCP, ISO 27001 Lead Auditor or Lead Implementer

Experience:

  • 5 - 8 years of relevant work experience in Information Technology (specifically security)
  • 2 - 4 years of experience at the Management level in the telecom industry 
  • 2 - 4 years working experience in the management of information security incident process would be advantageous (process definition, incident response, reporting) as well as experience in using the tools necessary to execute incident response and recovery (incident triage, forensic imaging and machine examination, log extraction and review etc across multiple endpoint and server environments)
  • Experience in large scale information security projects /vendor relationships
  • Experience in Governance, Enterprise Risk Management and Compliance
  • Experience working in Africa and Middle East and have a grasp of political, social, infrastructure and integrity challenges
  • Advanced working understanding of the information technology environment of a telecom company

Other

  • Fluent in English 
  • Multi-country operations oversight experience 
  • Willing and flexible to travel within Africa and Middle East
  • Understanding of general regulatory requirements in the telecom industry as it relates to Vulnerability Analysis
  • Global mindset to service worldwide operations
  • Telecommunications industry experience would be beneficial 
  • Pan Africa and Middle East multi-cultural experience would be beneficial

We are a purpose and value-led organization.


At MTN, we believe that understanding our people’s needs and aspirations is key to creating experiences that delight you at work, everyday. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood and empowered to live an inspired life.


Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA.


As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us. This is what we want you to experience with us!


Our commitments go beyond an organisational promise. It is in our leadership and managerial ethos to meaningfully partner with our employees, customers and stakeholders with a vision to realise our shared goals.


We are delighted that you are considering us as your career partner to make a mark in the world. We look forward to your application!

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  2  1  0

Tags: CISA CISM CISSP COBIT Compliance Computer Science CRISC Firewalls Governance Incident response ISO 27001 ITIL KPIs Monitoring NIST Risk management Security strategy Strategy

Perks/benefits: Career development Flex hours

Region: Africa
Country: South Africa

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.