Information Security Governance & Risk Specialist

The role is to provide comprehensive oversight and cyber governance management to ensure tolerances within Smart’s risk appetite, also assist in ensuring that the Cyber Security Program maintains suitable levels of compliance to applicable standard and regulations through adherence to Cyber Security policies. Analyze and identify non-compliant and ineffective security processes policy and controls.

• Lead on the maintaining of Smart’s internal/external compliance requirements by over-seeing the collection of evidence. 
• Implements security risk assessment framework, that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with business objectives. 
• Evaluate and manage risks. Improve security positioning through process improvement and policies. 
• Continuously monitors information security controls, exceptions and risks. 
• Develops reporting metrics, dashboards, and evidence artifacts. 
• Defines and documents business process responsibilities and ownership of the controls. 
• Documents and reports Compliance gaps, and Control failures to stakeholders. 
• Facilitate the management and reporting of cyber security governance

Education & Qualification: 

• B.A. or B.S degree in cyber security, computer science, telecommunication engineering or similar fields or equivalent work experience in IT audit, cyber security, or related field.
• Cyber Security risk and security management qualifications are preferred, ISO 27001, ITIL, CoBIT, PCI DSS, NIST, CISA, CISM  

Working Experience:

• Minimum 3+ years in IT/Telco/Technology cyber security governance, audit, risk, and compliance.
• Experience of physical security assessments
• Experience of developing policy and standard requirements based on best practice.
• Experience within information system security and auditing role.  

Specific Skills: 

• Functional skills
• End to End Technical View (Intermediate): Knowledge and ability to understand the telecommunications industry, the end-to-end architecture, value chain, systems and interconnect/interoperation including process flows from customer to service in support of service delivery and the service from the customer demands to the delivery, in the context of your domain of expertise.
• IT Governance (Expert): Knowledge and ability to define, update, and implement the company information system management and audit policy.
  Process Improvement (Foundational): Knowledge and ability to understand business processes, improve internal Service Level Agreements (SLAs) and methods to make the unit more efficient.
• IT Security (Intermediate): Knowledge and ability to ensure the physical and logical integrity of computer systems and sites and control any adverse situations or disasters.
• IT Architecture (Intermediate): Knowledge and ability to set or select standards, patterns, and practices for proper design/solutioning, development and operations of IT and Digital applications.

General skills:

• Communication Skills (Intermediate): Knowledge and ability to impart or exchange information by verbal, written or other means.
• Problem Solving (Troubleshooting) (Intermediate): Knowledge and ability to analyze problems, identify the root cause, establish cause-and-effect linkages, and propose solutions.
• Analytical Ability (Intermediate): Knowledge and ability to understand, evaluate, interpret and analyze data.
• Vendor/Stakeholder Management (Intermediate): Knowledge and ability to manage all internal and external parties who participate in the delivery of required services and/or technology.
• Digital Literacy (Advanced): Knowledge and ability to make use of digital technology in support of work functions.