Lead, Security Governance & Program Management at MTN Nigeria

MTN Nigeria is part of the MTN Group, Africa\'s leading cellular telecommunications company. On May 16, 2001, MTN became the first GSM network to make a call following the globally lauded Nigerian GSM auction conducted by the Nigerian Communications Commission earlier in the year. Thereafter the company launched full commercial operations beginning with Lagos, Abuja and Port Harcourt. MTN paid $285m for one of four GSM licenses in Nigeria in January 2001. To date, in excess of US$1.8 billion has been invested building mobile telecommunications infrastructure in Nigeria. Since launch in August 2001, MTN has steadily deployed its services across Nigeria. It now provides services in 223 cities and towns, more than 10,000 villages and communities and a growing number of highways across the country, spanning the 36 states of the Nigeria and the Federal Capital Territory, Abuja. Many of these villages and communities are being connected to the world of telecommunications for the first time ever. The company\'s digital microwave transmission backbone, the 3,400 Kilometre Y\'elloBahn was commissioned by President Olusegun Obasanjo in January 2003 and is reputed to be the most extensive digital microwave transmission infrastructure in all of Africa. The Y\'elloBahn has significantly helped to enhance call quality on MTN network.

Job Summary

• A Lead, Security Governance & Program Management strengthens and matures our cybersecurity governance structure.
• This role is critical in ensuring that security policies, standards, processes, and programs are effectively implemented and aligned with regulatory requirements and organizational objectives.
• The ideal candidate will drive strategic governance initiatives, oversee enterprise-wide security programs, ensure compliance with internal and external mandates, and manage cross-functional security-related projects.

Security Governance & Compliance

• Develop, maintain, and enforce enterprise security governance frameworks, policies, standards, and procedures.
• Ensure compliance with regulatory frameworks, including ISO 27001, NDPR, PCI DSS, and other relevant standards.
• Coordinate and manage internal and external audits, risk assessments, and compliance reviews.
• Track remediation of audit findings and report compliance posture to senior management.

Security Program Management

• Lead the planning, execution, and monitoring of key security programs and initiatives across the organization.
• Establish and manage the enterprise Information Security Program roadmap.
• Coordinate cross-functional teams to deliver security projects on time and within scope.
• Implement and maintain performance metrics, dashboards, and reporting mechanisms for all security initiatives. 

Risk Management

• Design and maintain the Information Security Risk Management framework.
• Lead enterprise risk assessments, ensuring risks are identified, tracked, and effectively mitigated.
• Provide risk advisory to business units and support informed decision-making across the organization.

Awareness, Training & Stakeholder Engagement

• Drive organization-wide cybersecurity awareness programs.
• Engage stakeholders across IT, compliance, legal, HR, and operations to embed a culture of security compliance.
• Provide periodic reporting to executive leadership and governance committees. 

Leadership & Strategy

• Serve as the key liaison for governance matters within the Infosec function.
• Provide direction and leadership to security governance teams and project streams.
• Champion continuous improvement of governance and program management processes.

Qualifications

Education

• First degree in Information Technology or any related discipline
• Relevant post graduate qualification is an advantage 

Experience

• B.Sc in Information Security, Computer Science, Information Technology, or related field.
• Master’s degree is an added advantage.
• 3-7 years of progressive experience in cybersecurity governance, risk, compliance (GRC), or program management.
• Strong knowledge of regulatory and industry standards (ISO 27001, NIST CSF, NDPR, PCI DSS, COBIT).
• Demonstrated experience managing complex security programs and cross-functional initiatives.
• Relevant professional certifications such as CISM, CISSP, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor are highly desirable.
• Excellent communication, reporting, and stakeholder management skills.

Method of Application