Security Assurance Manager

Job Description

● To prioritize, lead, and manage advanced penetration testing on network, web applications, mobile applications, servers and services to help MTNIrancell find out where they are most likely to face an attack and proactively shore up those weaknesses before exploitation by hackers. ● To manage, evaluate and classify business risk of reported vulnerabilities from different programs including internal pentest, external pentest and bug bounty programs. ● To manage security deficiencies through the documentation of findings, monitoring the remediation, and validate closure to increase the security maturity of the security program and reduce overall risk. ● To oversee quality of work of internal penetration test team and direct the team in development of technical frameworks, tools and execution of security tests, red-teaming assessments and adversary emulation engagements. ● To manage and direct “Purple teaming” exercises in collaboration with the Security Operation Center team to deliver more tailored, realistic assurance to MTNIrancell. ● To oversee and independently review security artifacts and assess both the technical and functional adequacy of the cyber security/information assurance controls. ● To ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. ● To oversee production systems continuously in accordance with defined security controls and manage to fix security bugs based on defined SLA and OLAs ● To review relevant processes and systems where there are changes and ensure all changes that can impact security and introduce security bugs go through security test. ● To perform control and monthly vulnerability assessments to identify control weaknesses, and assess the effectiveness of existing controls, and recommend remedial action ● To manage running regular compliance assessments and audits against approved standards and policies and follow fixing non-compliance items ● To ensure all new product and services are compliant against defined standards and policies and have been tested before go live. ● To assure monitoring of regular report on vulnerability, security logs for unusual events and compliance status of all systems and services are being done effectively and efficiently. ● To liaise with internal and external audits and regulatory reviews to ensure compliance with applicable regulatory standards and internal security policies and controls.