Manager, Information & Cyber Security Risk
Greater Accra Region, Ghana · മുഴുവൻ സമയവും
അപേക്ഷിക്കുന്ന ആദ്യയാളാകൂ
- അനുഭവം
- 5+ വർഷം
- ശമ്പളം
- —
- ഓപ്പണിംഗുകൾ
- 1
- പോസ്റ്റ് ചെയ്തു
- 5 മണിക്കൂർ മുമ്പ്
- പ്രവർത്തന രീതി
- ഓഫീസിൽ
- വിദ്യാഭ്യാസം
- ബാച്ചിലേഴ്സ് ഡിഗ്രി
- യോഗ്യത
- Professionals who meet the qualification, certification, experience, and behavioral requirements may apply. Candidates should be able to work in an anywhere/anytime setup, demonstrate personal accountability, and submit a CV saved in their own name along with the required 250-word values response.
- പുനരാരംഭിക്കുക
- അപേക്ഷിക്കാൻ നിർബന്ധം
ജോലി വിവരണം
Role overview
MTN Ghana is seeking a Manager for Information and Cyber Security Risk in Accra, within the Risk & Compliance division and Security Risk Management department. The position sits at Level L3 and reports to the Senior Manager, Security Risk Management.
This role is responsible for shaping and driving risk strategies that are aligned to the business while protecting digital assets, infrastructure, and stakeholder interests. The successful candidate will identify, evaluate, and reduce information and cybersecurity exposure across the enterprise, strengthening resilience against both internal and external threats.
The manager will put in place and sustain strong controls, governance practices, and response capabilities in line with group requirements and international standards such as ISO 27001 and NIST. The role also promotes shared ownership of cybersecurity across business units, supports active risk monitoring, and helps improve the organization’s security posture in line with strategic priorities.
Key responsibilities
- Identify, assess, and rank information security and cyber risks across the organization, including risks arising from third parties and supply chains.
- Perform recurring threat modelling and vulnerability reviews to reflect current and emerging threats.
- Develop and roll out mitigation plans and security controls based on recognized frameworks including NIST CSF, ISO 27001, and CIS Controls.
- Embed security controls into business workflows, technology systems, and transformation programs.
- Ensure adherence to internal policies and external obligations such as the Data Protection Act, GDPR, and NCA directives.
- Support audits and regulatory reviews by presenting evidence of effective risk management.
- Lead the planning and execution of incident response arrangements so that security events are detected, contained, and recovered from promptly.
- Conduct post-incident reviews and root-cause analysis to support ongoing improvement.
- Maintain the information security risk dashboard for leadership visibility.
- Prepare regular risk updates and insights for senior management, governance groups, and board committees.
- Facilitate business impact analyses and ensure disaster recovery and continuity plans are aligned to critical business activities.
- Review and test recovery approaches for IT and network environments.
- Design and deliver cybersecurity awareness initiatives and simulations that strengthen the organization’s risk culture.
- Work with HR and Communications to integrate security awareness into onboarding and continuous learning.
- Help define and apply the company’s cyber risk appetite and tolerance thresholds.
- Assist business units in aligning risk-taking decisions with enterprise risk limits.
- Contribute security input into architecture decisions and technology selection.
- Assess and recommend security tools and platforms that improve detection and response.
- Coordinate with Group Risk and Compliance to keep local practices aligned with group-wide strategies.
- Share lessons learned and good practices across regional operations and with external partners.
- Define and monitor KRIs and KPIs to measure cyber risk management effectiveness.
- Support risk-based audit planning and integrated assurance activities.
Education and experience
A bachelor’s degree is required, preferably in Risk Management, Business, Computer Science, or Information Security.
Professional certification in information security risk management is mandatory, with examples including CISSP, CEH, CISA, and CISM.
The role requires at least 5 years of relevant experience, including a minimum of 3 years in a supervisory capacity.
Knowledge and technical capability
- Strong command of cybersecurity frameworks and standards such as ISO/IEC 27001, ISO/IEC 27005, NIST CSF, NIST RMF, CIS Critical Security Controls, and COBIT.
- Solid grounding in enterprise risk management, cyber risk quantification, trend analysis, reporting, maturity models, and capability assessments.
- Practical knowledge of incident response, threat detection, recovery planning, emergency preparedness, business continuity, and disaster recovery.
- Understanding of threat modelling, attack patterns, proactive threat hunting, MITRE ATT&CK, and the cyber kill chain.
- Awareness of governance and compliance frameworks including King IV, GDPR, the Ghana Data Protection Act, and NCA guidelines.
- Knowledge of telecommunications operations, mobile network infrastructure, digital service ecosystems, and sector-specific regulatory obligations.
- Working knowledge of project and program management methods such as Agile, PRINCE2, and PMP practices.
- Advanced familiarity with enterprise IT systems, cloud platforms such as AWS and Azure, network security, Zero Trust architecture, and secure-by-design principles.
- Understanding of data classification, encryption, and privacy-by-design approaches.
- Ability to use Microsoft Power Tools such as Power BI, Power Apps, and Power Automate, along with GRC systems, risk dashboards, and visualization tools.
Leadership and working style
- Provide strong team leadership, coaching, mentoring, and collaboration to develop high-performing teams.
- Handle conflict constructively and manage stakeholders effectively across different business areas.
- Demonstrate emotional intelligence and the ability to influence outcomes without formal authority.
- Think analytically and solve problems effectively in complex, high-pressure situations.
- Use data and trend insights to support risk decisions and mitigation planning.
- Apply systems thinking and a broad strategic perspective to connect cybersecurity with business goals.
- Communicate clearly in writing and speaking, including the ability to convert technical issues into business-friendly language.
- Prepare and present compelling updates to executive and board audiences.
- Facilitate workshops, risk sessions, and cross-functional discussions.
- Organize and prioritize several initiatives at once in a fast-paced, results-driven environment.
- Maintain strong planning, documentation, knowledge-sharing, and time management habits.
Values and behavioral expectations
The candidate must reflect MTN’s values of Lead with Care, Collaborate with Agility, Serve with Respect, Can Do with Integrity, and Act with Inclusion.
The role also expects the MTN vital behaviors: Complete Candor, Complete Accountability, Active Collaboration, and Get it done.
Working conditions and application instructions
This position operates under an anywhere/anytime working approach and requires the ability to manage oneself with strong personal accountability.
Applicants must save their CV in their own name. The email subject must include reference number MTN-R&CSRM006 -2026.
Interested and qualified candidates should send their CV by 7 July 2026 to [email protected].
Applicants are also required to answer this question in no more than 250 words: Which of MTN’s five Live Yello values resonates most with you and why?
Only shortlisted candidates will be contacted.