Senior Manager - Segregation of Duties Identity and Access Governance Group Information Security

MTN Group Limited entered the telecommunications scene at the dawn of South Africa's democracy, in 1994. In 1998, we began our expansion by acquiring licences in Rwanda, Uganda and Swaziland. Since then, we continued to grow, with a view of bringing world-class telecommunications and digital services to markets across Africa and the Middle East. Through our extensive investment in advanced communication infrastructure over the past two decades, the talent and experience of our people, as well as the strength of our brand, we have grown to now have a presence in 24 countries, connecting over 231.0 million people. We offer an integrated suite of communications products and services, including traditional mobile voice and data, digital and mobile financial services as well as enterprise services. MTN continues to believe in the investment potential of emerging markets and thus deliver quality services that respond to our customers' present and future needs. Every initiative undertaken, every innovative stride made, every award-winning product developed, is aimed at making our clients' lives a whole lot brighter, as we lead the delivery of a "bold, new Digital World".RESPONSIBILITIES

The The Senior Manager SOD Identity and Access Governance will have the following responsibilities:

Centre of Excellence (CoE) Establishment and Development:

Establish and develop a Centre of Excellence for SoD/IAG, encompassing people, processes, and technology landscape.

Lead, appoint, and manage the CoE team.

Define the strategic vision, objectives, and roadmap for the CoE, aligned with organisational goals.

Engage and coordinate operational structures/processes with the OPCOs.

Foster a culture of continuous improvement and innovation within the CoE

Manage general day-to-day team and operations.

Policy and Standards Alignment:

Ensure alignment of SoD/ IAG processes, policies, and standards with industry good practices, regulations, and frameworks

Develop and maintain a comprehensive SoD/IAG policies and standards framework.

Regularly review and update policies to address emerging security risks and changing business needs.

Segregation of Duties (SoD) Management:

Construct and implement SoD Application Standards to ensure proper access controls and separation of duties.

Conduct risk analysis for SoD, identifying areas of vulnerability and driving the implementation of appropriate mitigation measures with the OPCOs.

Facilitate self-assessments of SoD compliance within different departments or OPCOs and business units.

Monitor and track SoD non-compliance and ensure timely remediation.

Technology Implementation and Management:

Evaluate, select, and implement SoD/IAG technologies and tools that align with organisational requirements.

Oversee the integration and utilization of SoD/IAG technologies, such as identity management and access control systems.

Ensure the proper configuration, integration, maintenance, and monitoring of SoD/ IAG tools and systems.

Present and obtain approvals from appropriate internal governance forums, including Architecture, Risk and Compliance, Security, and Technology functions.

Communication and Training:

Develop and implement communication strategies to promote awareness and understanding of SoD/IAG across the organisation.

Facilitate effective communication channels for reporting, escalation, and resolution of SoD/IAG-related issues.

Conduct training programs and awareness sessions to educate employees on SoD/IAG policies, procedures, and best practices.

Compliance and Audit:

Ensure compliance with relevant internal governance and compliance policies and standards, including Security, Risk and Compliance, and Technology

Ensure compliance with relevant regulations, laws, and industry standards related to SoD/IAG.

Collaborate with internal and external risk, compliance, and audit teams to support SoD/IAG audits and assessments.

Support the remediation of audit findings and drive the implementation of appropriate mitigation measures with the OPCOs. Performance Monitoring and Reporting: Establish key performance indicators (KPIs), key risk indicators (KRIs) and metrics to measure the effectiveness of SoD/IAG initiatives.

Monitor and analyse SoD/IAG performance data, identify trends, and provide actionable insights.

Generate regular reports and executive summaries to communicate SoD/IAG performance to relevant stakeholders.

Stakeholder Management:

Collaborate with the CoE team and cross-functional teams to ensure alignment and cooperation on SoD/IAG initiatives.

Engage with senior management and executive leadership to provide updates, seek support, and obtain approval for SoD/IAG initiatives.

Manage third-party vendor contracts for SoD/IAM and SoD/IAG-related services, including negotiation and defining deliverables and performance metrics.

Effectively manage stakeholders at various levels within the organisation, resolving issues, addressing concerns, and proactively communicating SoD/IAG initiatives and progress.

Financial Management:

Effectively manage budgets for SoD/IAG initiatives, including cost estimation, financial planning, and expense tracking.

Service Level Agreements (SLAs):

Ensure adherence to SLAs related to SoD/IAG services.

Collaboration

Responsibility towards:

Key customers: Group Information Security, Group Technology, Group Fintech, Group BRM & OPCOs

Key suppliers: Vendors/3rd parties, Relevant Industry Bodies

Executive GIS, OPCO CEOs, Functional Heads (MFS & Fintech, Procurement, Legal)

Business Risk and Compliance − Partners, Distributors, Vendors

Law enforcement agencies and relevant third parties

QUALIFICATIONS

Education:

Minimum of 4-year tertiary degree/diploma (Bachelor of Science, Technology, Engineering, or related field)

MBA or Masters advantageous

English, French (an advantage)

Experience:

2-3 years of experience at the Senior Management level in the telecom industry

2-3 years of working experience in managing identity, access governance and segregation of duties in a large organisation, with a strong technical background

A minimum of 5-7 years' experience in designing and implementing an organisation-wide Segregation of Duties/Identity and Access Governance framework

Experience in managing and implementing large-scale identity and access governance projects.

Experience working in Africa and have a grasp of political, social, and infrastructure challenges.

Advanced working experience in the information technology environment of a telecom company

Experience in managing executive stakeholders and third-party vendors.