Cyber Security and Regulatory Specialist at Vodafone
About the role
Our purpose at Vodafone is to connect for a better future. As a Global Communications Technology company, we put the customer at the heart of everything we do. We are forever challenging, pushing boundaries and discovering innovative ways to connect our customers with their digital societies.
We connect people, businesses, and communities across the globe to create the future. We earn customer loyalty, experiment, learn fast and get it done, together.
Join our journey as we connect for a better future. Ready?
The successful candidate will manage and lead the Technology Security Cyber Security Baseline Assurance needs across Vodafone Ghana. To further provide security assurance, guidance and support to high profile projects according to company defined policies and requirements, best practice and local/international standards (PCI, SOX, ISO27001, GDPR, POPIA and Cyber Crime Bill of 2015) relevant to the technology security area. He/She should have credible experience in Information Security and Cyber Security Governance, Risk and Assurance based on proven frameworks such as COBIT 5, ISO27001/2, and the NIST Cybersecurity Framework. As a key member of the Vodafone Ghana Cyber Security team, the candidate should be comfortable with driving information security assurance ideas and communicating clearly with technical as well as non-technical audiences
- Provide supervisory technology security assurance, guidance and support to the Vodafone Ghana (VFGH) team as well as Vodacom Group & Vodafone Group where needed
- Assure that security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom Group
- Defining, implementing and efficiently maintaining technology security controls and requirements
- Ensure timely delivery of technology security assurance and support for projects
- Provide SME input to Technology Security Policy requirements and procedures
- Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options
- Participate in creation and execution of technology security strategy
- The role requires the individual to monitor information security governance, risk, and compliance by Vodafone Ghana Corporate IT, Mobile and Enterprise Business domains
- Engage with the stakeholders on control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement;
- Interpret and manage the controls and capabilities required for VFGH to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s);
- Develop, manage and implement the Vodafone information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill)
- Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments;
- Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions;
Qualification and Experience
- Bachelor’s Degree in Computer Science, Information Systems, Systems Analysis, or other related field
- Minimum of 3+ years of experience in Tech Security role
- Knowledge of technology management/compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
- Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
- A diverse security background with knowledge in several areas including: layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance.
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- Windows, UNIX and Linux operating systems
- Practices and methods of enterprise architecture and security architecture
- Network security architecture development and definition
- Web Security & Encryption
Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.