About the job
Purpose of the Job:
This job is required to ensure the on-ground enforcement and continual monitoring of security operations within all Airtel functions, strategic partners and other third parties in the defined OpCos. It encompasses security operations within Data Centres, providing support for managed security services and New Product Development (NPD); supporting business and technology teams by evaluating security related aspects of critical services such as Airtel Money; assessment of the solutions and services platform; monitoring of ongoing IT & NW security projects; application security; facilitating Internal and External IT audits.
Roles and Responsibilities:
- Information security operations across all functions and across all SM partners
• Implementation of information security plans & policies
• Implementation of security controls and compliance with BISP/Africa security guidelines across all functions through functional SPOCs
• Implementation of security controls in compliance with the BTSP/Africa across all Sm partners, VAS vendors and other third parties
• Assisting in Network security operations and securing network VAS operations
• Data Centre security operations (including physical and logical controls)
• Coordination with Sm partners in implementing security policies and procedures
• Driving initiatives with HR and IT for IS awareness and compliance with IT Security SLAs by Sm partners.
• Implementation of security components of the annual IT Plan Implementation of information security plans & policies
• Implementation of security controls and compliance with BISP/Africa security guidelines across all functions through functional SPOCs
• Implementation of security controls in compliance with the BTSP/Africa across all Sm partners, VAS vendors and other third parties
• Assisting in Network security operations and securing network VAS operations
• Data Centre security operations (including physical and logical controls)
• Coordination with Sm partners in implementing security policies and procedures
• Driving initiatives with HR and IT for IS awareness and compliance with IT Security SLAs by Sm partners.
• Implementation of security components of the annual IT Plan
- New Product Development and ensuring security is embedded in new services and products
• Participate in the New Product Development (NPD) lifecycles by providing security parameters for planning at the initial stage.
• Carry out a comprehensive evaluation of the product/ service from Information Security and Regulatory Compliance perspective.
• Ensure that adequate level of security is embedded in all new products and services before production launch
- Application Security and Access Controls
• Facilitate conduct of application security audits from the following perspectives:- network controls, system controls, database controls, authentication controls, authorisation controls, user Id controls and business process controls.
• Ensure conduct of application security reviews of all IBM and non-IBM applications.
• Ensure adequate mitigation of vulnerabilities before any application goes live in production. Monitor and catalyse closure of identified vulnerabilities by the respective partners.
• Ensure the implementation of role based access controls in applications, databases and platforms.
- Security Override Document (SOD) and Policy Change Review (PCR) management in applications and firewalls respectively
• Analysis of risks associated with requested SOD/PCR
• Evaluation of risk mitigation controls and suggesting compensatory controls in case of any technical/business limitations
• Approval of SODs and PCRs
- Security Intelligence Framework
• Implementing means of discerning security intelligence
• Ensuring log retention for mandated period and driving monitoring/ integration with SIEM.
• Tracking threat, vulnerability and exploits in internal and external environment on continual basis
• Promulgation of threats, vulnerabilities and exploits relevant to Bharti Airtel infrastructure to security operations
- Business Continuity
• Facilitating Business Impact Analysis with functional stakeholders.
• Providing customized inputs for BCP development.
• Simulating BCP table-top and full-blown testing
Qualification and Experience:
• BSc Computer Science/Technology/Engineering or related discipline
• Security Certification preferred (e.g., CISA, CISSP, CEH, etc)
• 10 to 15 years’ experience
• The ideal candidate should have excellent knowledge of Information Security standards, policies, controls, and structures prevalent in the telecom industry along with Africa operating environment.
• Extensive experience in handling information security operations or consulting for large and geographically dispersed organizations.
• A high-level appreciation of Security Architecture and Infrastructure across application, middleware, OS and network domains
• Experience in operational and strategic information security risk management.
• Should have adequate knowledge of the ISO 27001 Standard.
• A detailed understanding of systems design and systems development methodologies is required.
• Should have adequate experience in handling large and complex projects
• Should be familiar with the contents of relevant Government Acts and Guidelines in the Information Technology domain.
• Excellent knowledge of information security frameworks such as COBIT.
• Knowledge and experience in the preparation of asset registers, conduct of risk assessments and in the preparation and implementation of risk treatment plans.
• Knowledge of the latest trends, technology developments, tools and methodologies in the IS Risk Management arena.
• Experience in handling geographically spread teams with proven team leadership skills.
Only shortlisted candidates will be contacted
We are an equal opportunity employer and value diversity. We therefore do not discriminate against
applicants based on, among others, their race, disability, religion or gender.
All employment opportunities are decided based on qualifications, merit, and business need.
Airtel Africa is a leading provider of telecommunications and mobile money services, with a presence in 14 countries in Africa, primarily in East Africa and Central and West Africa.
