FindyourRole.jpg

Job Description

InfoSec/RM Manager

  • Khartoum

Description

Job Description
Department/Section: Enterprise Risk Management & Business Excellence
Job Title: InfoSec/RM Manager
Reports to: ERM/BE Director

Job Purpose:

Information Security & Risk Management Manager is responsible for establishing and maintaining a corporate three important Governance programs, information security management program, enterprise risk management program and business continuity management program. to ensure that Zain SD assets are adequately protected and to minimizing potential and real risks and develops appropriate initiatives to effectively manage to minimize the same, both at strategic and operational level.
RM/InfoSec Manager will proactively work with business units to implement practices that meet defined policies and standards for information security, risk management and Business continuity.

Key Accountability:
  1. Risk Management Program
    • Develop, implement and maintain ZAIN SD risk management framework
    • Review and update the risk management policy, process and procedures across the organization
    • Integrate and align the risk management with the corporate strategy and objectives
    • Conduct an operation risk assessment periodically for all corporate departments and functions and maintain the corporate risk register
    • Embed the risk analysis practice in the corporate Project/products lifecycle
    • Maintain the lifecycle process of the mitigation’s plans
    • Coordinate and support the Top management in Specifying business risk tolerance and Appetite
    • Communicate the risk index / risk that matters to ZAIN SD top management periodically
    • Responsible for the risk management yearly report to ZAIN SD top management
    • Monitoring and enhancing the Risk management Maturity model
  1. Information security management
    • Information security strategy, road map and budget aligned with corporate strategy and objectives
    • Information security policy, process and best practice, review update and maintain
    • ISO 27001:2013 certificate maintenance and effectiveness follow up and enhancement
    • Develop and communicate information security guidelines, best practice across the different layers in the organization
    • Preparing the security requirements and checklists for all technical projects
    • Information security advisor for all organization projects and products
    • Vulnerability assessment and systems health check audit annual plan execution
    • Information security log management and event monitoring and analysis
    • Security incidents reporting, mitigation follow up and analysis
    • Manage information security Awareness activities during the year
    • Consult all other department regarding information security compliance and best practice
  1. Business Continuity Management program
    • Implement, manage, maintain Business Continuity program and integrated to the risk management framework
    • Business continuity policy, process and procedures review and update
    • Provide guidelines and best practice knowledge and skills to another department
    • Supervising the conduction of the RA and BIA process across all organization functions
    • Support the Develop the BCP and DRP for the critical functions
    • Coordinating the BCP and DRP testing activities
    • Develop and conduct the BC program awareness activities
  1. Team management
    • Staff selection and part of the HR recruitment process for my team members and for other departments related to ERM and Business excellence department
    • Responsible for preparing the annual individual staff objectives which is aligned with the department objectives
    • Responsible for reviewing the individual staff objectives quarterly and measuring their performance
    • Responsible for follow up with department staff daily, weekly and monthly tasks
    • Responsible for individual staff evaluation at the end of the year
    • Plan and execute team annual training and budget
  1. Coordinate with top management to manage the GRC Steering committee yearly in agreed time
    • Coordinate and manage the GRC committee structure and communication
    • Present the Governance framework status and required changes
    • Seeking the GRC approvals for the new policies and major changes
    • Closely monitor the status of the compliance with the governance framework and work as scalation point to top management


What Do You Need to Qualify

    1. Specifications & core competencies
  1. Strong leadership skills and the ability to work effectively with top management and business managers
  2. Ability to interact with Zain SD personnel, build strong relationships at all levels and across all business units and understand business imperatives.
  3. Knowledge and understanding of relevant legal and regulatory requirements, such as National related Policy and legislations.
  4. Ability to lead and motivate cross-functional teams to achieve tactical and strategic goals.
  5. Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively different department as well as top management.
  6. In-depth knowledge and understanding of risk concepts and principles in telecom field. as a means of relating business needs to risk controls.
  7. Experience working with legal, audit and compliance staff.
  8. Experience developing and maintaining policies, procedures, standards and guidelines.
  9. Experience with common information security management, risk management and business continuity frameworks, such as International Standards Organization (ISO) 27001,31000, 9001, 22301 IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
  10. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
  11. Strong project management skills experience and hands-on

Qualifications/Experience:
  • A bachelor degree in Computer Science, information Technology, computer engineering or relative dispelling. M.B.A. or M.Sc. is preferred.
  • A minimum of Ten years of Experience in Technology/IT domain, with Five years in Risk management, information security or business continuity role and at least five years in a supervisory & leadership capacity.
  • Any one or more of the following lists of certificates is must.
    • Certified Information Security Manager (CISM).
    • Certified Information Systems Auditor (CISA).
    • Certified Information Systems Security Professional (CISSP).
    • Global Information Assurance Certification (GIAC)
    • Certified business Continuity Professional (CBCP).
    • Lead implementer or Lead auditor at least in ISO 27001,3100,223019001 certificates
    • Certified in Risk and Information Systems Control (CRISC)
    • PMI Risk Management professional (PMI-RMP)
    • Management of risk certificate (MoR) certificate

About Us

About Zain Sudan:
The country’s leading operator was established in 1997 and today serves More than 16 million customers as of 31 August 2020, reflecting a market share of more than 48%. Possessing the country’s most advanced voice and data network, the operator’s network extends to an impressive 90% of the population with 2G, 3G and LTE sites. Through constant development of the telecommunications infrastructure and proactive marketing initiatives, Zain remains committed to offering customers in Sudan the most dynamic products and services. The foundation of Zain Sudan’s achievements lies in the company’s ability to inspire its employees to deliver the best and most imaginative services at every level. With an energetic and inspired predominantly Sudan workforce, the company is committed to employing high caliber people as well as nurturing the finest Sudan talent. With a strong human resources and training program that develops and nurtures leaders in the workplace, the company has consistently opened new doors for its dedicated staff. For more on Zain Sudan please visit www.sd.zain.com

Job Overview

  • Operations:

    Zain SD

  • Location:

    Khartoum

  • Contract Type:

    Full Time Employee