InfoSec/RM Manager | Zain jobs

InfoSec/RM Manager | Zain jobs
InfoSec/RM Manager | Zain jobs
InfoSec/RM Manager | Zain jobs



Zain SD

Job Description

Job Description
Department/Section: Enterprise Risk Management & Business Excellence
Job Title: InfoSec/RM Manager
Reports to: ERM/BE Director
Job Purpose:

Information Security & Risk Management Manager is responsible for establishing and maintaining a corporate three important Governance programs, information security management program, enterprise risk management program and business continuity management program. to ensure that Zain SD assets are adequately protected and to minimizing potential and real risks and develops appropriate initiatives to effectively manage to minimize the same, both at strategic and operational level.
RM/InfoSec Manager will proactively work with business units to implement practices that meet defined policies and standards for information security, risk management and Business continuity.

Key Accountability:

Risk Management Program
Develop, implement and maintain ZAIN SD risk management framework
Review and update the risk management policy, process and procedures across the organization
Integrate and align the risk management with the corporate strategy and objectives
Conduct an operation risk assessment periodically for all corporate departments and functions and maintain the corporate risk register
Embed the risk analysis practice in the corporate Project/products lifecycle
Maintain the lifecycle process of the mitigation’s plans
Coordinate and support the Top management in Specifying business risk tolerance and Appetite
Communicate the risk index / risk that matters to ZAIN SD top management periodically
Responsible for the risk management yearly report to ZAIN SD top management
Monitoring and enhancing the Risk management Maturity model
Information security management
Information security strategy, road map and budget aligned with corporate strategy and objectives
Information security policy, process and best practice, review update and maintain
ISO 27001:2013 certificate maintenance and effectiveness follow up and enhancement
Develop and communicate information security guidelines, best practice across the different layers in the organization
Preparing the security requirements and checklists for all technical projects
Information security advisor for all organization projects and products
Vulnerability assessment and systems health check audit annual plan execution
Information security log management and event monitoring and analysis
Security incidents reporting, mitigation follow up and analysis
Manage information security Awareness activities during the year
Consult all other department regarding information security compliance and best practice
Business Continuity Management program

Implement, manage, maintain Business Continuity program and integrated to the risk management framework
Business continuity policy, process and procedures review and update
Provide guidelines and best practice knowledge and skills to another department
Supervising the conduction of the RA and BIA process across all organization functions
Support the Develop the BCP and DRP for the critical functions
Coordinating the BCP and DRP testing activities
Develop and conduct the BC program awareness activities
Team management

Staff selection and part of the HR recruitment process for my team members and for other departments related to ERM and Business excellence department
Responsible for preparing the annual individual staff objectives which is aligned with the department objectives
Responsible for reviewing the individual staff objectives quarterly and measuring their performance
Responsible for follow up with department staff daily, weekly and monthly tasks
Responsible for individual staff evaluation at the end of the year
Plan and execute team annual training and budget
Coordinate with top management to manage the GRC Steering committee yearly in agreed time

Coordinate and manage the GRC committee structure and communication
Present the Governance framework status and required changes
Seeking the GRC approvals for the new policies and major changes
Closely monitor the status of the compliance with the governance framework and work as scalation point to top management

What Do You Need to Qualify

Specifications & core competencies
Strong leadership skills and the ability to work effectively with top management and business managers
Ability to interact with Zain SD personnel, build strong relationships at all levels and across all business units and understand business imperatives.
Knowledge and understanding of relevant legal and regulatory requirements, such as National related Policy and legislations.
Ability to lead and motivate cross-functional teams to achieve tactical and strategic goals.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively different department as well as top management.
In-depth knowledge and understanding of risk concepts and principles in telecom field. as a means of relating business needs to risk controls.
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards and guidelines.
Experience with common information security management, risk management and business continuity frameworks, such as International Standards Organization (ISO) 27001,31000, 9001, 22301 IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Strong project management skills experience and hands-on


A bachelor degree in Computer Science, information Technology, computer engineering or relative dispelling. M.B.A. or M.Sc. is preferred.
A minimum of Ten years of Experience in Technology/IT domain, with Five years in Risk management, information security or business continuity role and at least five years in a supervisory & leadership capacity.
Any one or more of the following lists of certificates is must.

Certified Information Security Manager (CISM).
Certified Information Systems Auditor (CISA).
Certified Information Systems Security Professional (CISSP).
Global Information Assurance Certification (GIAC)
Certified business Continuity Professional (CBCP).
Lead implementer or Lead auditor at least in ISO 27001,3100,223019001 certificates
Certified in Risk and Information Systems Control (CRISC)
PMI Risk Management professional (PMI-RMP)
Management of risk certificate (MoR) certificate

About Us

About Zain Sudan:
The country’s leading operator was established in 1997 and today serves More than 16 million customers as of 31 August 2020, reflecting a market share of more than 48%. Possessing the country’s most advanced voice and data network, the operator’s network extends to an impressive 90% of the population with 2G, 3G and LTE sites. Through constant development of the telecommunications infrastructure and proactive marketing initiatives, Zain remains committed to offering customers in Sudan the most dynamic products and services. The foundation of Zain Sudan’s achievements lies in the company’s ability to inspire its employees to deliver the best and most imaginative services at every level. With an energetic and inspired predominantly Sudan workforce, the company is committed to employing high caliber people as well as nurturing the finest Sudan talent. With a strong human resources and training program that develops and nurtures leaders in the workplace, the company has consistently opened new doors for its dedicated staff. For more on Zain Sudan please visit www.sd.zain.com

Vacancy Type

Full Time Employee

Job Expires


ليست هناك تعليقات
إرسال تعليق

إرسال تعليق

الاسمبريد إلكترونيرسالة