JOB DESCRIPTION

Risk Management

• Implement the Enterprise Risk Management Framework
• Facilitate risk management and overall compliance activities from planning to operations 
• Provide input into risk and compliance policies and procedures
• Drive implement of the enterprise risk management framework within MTN SA Technology
• Ensure risk management policies are adhered to and procedures followed across MTN SA Technology
• Implement risk management systems and ensure all reporting, recording and investigation systems are in place
• Provide risk management advice to management and staff
• Identify key risks which may impact MTN SA Technology and ensure these risks are addressed
• Provide input into risk management systems and ensure all reporting, recording and investigation systems are in place
• Provide reporting on risk and compliance and represent MTN SA Technology at relevant forums
• Ensure awareness of Electromagnetic fields(EMF) emitted from the MTN sites
• Provide input into and maintain a database on EMF values and status of all MTN sites
• Coordinate and facilitate Business Continuity Management activities for MTN SA Technology
• Ensure risk & compliance relevant documentation that is comprehensive, sufficiently detailed, up to date, accurate and maintained effectively to ensure business continuity 

ISO Standards

• Provide input into  and implement the ISO management system
• Provide input into policies and procedures for implementing the applicable ISO standards across MTN SA Technology

Communication and co-ordination

• Interface with other departments both within MTN SA Technology and across the MTN SA business to identify and provide required information regarding risk management, ISO standards management and compliance activities
• Provide input into reviewing organisational activities and assist in recommending corrective actions if necessary.
• Ensure the MTN SA Technology has a clear understanding of the necessary legislation, environmental and social responsibilities and that policies to be comply with in these areas are actively implemented and maintained
• Interface with South Africa Bureau of Standards
• Adherence to the enterprise risk management framework
• Provide input into reviewing organisational activities and assist in recommending corrective actions if necessary.
• Ensure awareness across the organisation of Electromagnetic fields emitted from the MTN sites
• Promote awareness around ISO standards, application regulations and legalisations.
• Liaise with internal and external audit and track the status of all audit findings

Information Security 

• Assist the Local Information Security Officer (LISO) in co-ordinating and implementing the information security program across the organisation
• Interaction with business as well as Senior Managers: BRM and LISO’s as well as MTN SA Technology Security Team;
• Review Information Security risk assessments and audits that are performed and ensure that appropriate responses and actions are put in place to mitigate new risks identified relating to information security policies;

Audit and Compliance

• Facilitate and follow up on regular and systematic audits to check quality standard, regulatory and environmental compliance
• Ensure MTN SA Technology compliance with social responsibilities
• Ensure MTN SA Technology compliance with application regulations and legislations
• Manage audits to check compliance with risk, network and information security policy, procedures and standards
• Prepare MTN SA Technology for audit activities
• Remedy vulnerabilities or non-compliance to regulations, standards, policies and procedures
• Coordinate and facilitate activities for MTN SA Technology to ensure adherence to the relevant ISO standards

Minimum Requirements  

Education:

• 3 year National Diploma or Degree in IT/ Information System Management / Risk Management
• CISA or CRISC certifications advantageous 
• Experience working in a medium organization

Experience:

• 3-5 years risk and compliance as a specialist preferably in Telecommunications/IT or related industry
• Knowledge of ERM concepts, frameworks and methodologies
• Knowledge of applicable legislative and regulatory frameworks