Division: Risk & Compliance
Department: Security Risk Management
Location: Accra
Position: Specialist, Information & Cybersecurity Risk
Level: L2
Reports to: Manager, Information & Cybersecurity Risk

Job Summary:

•To support the effective management of information security risks across the organization by identifying, assessing, and monitoring cybersecurity threats in alignment with the enterprise risk management framework.
•The role ensures that security risks are appropriately governed as part of the second line of defense, enabling informed decision-making and regulatory compliance across all regions of the business.

Key Tasks:

Information Security Risk Assessment & Monitoring

•Conduct and support periodic assessments of information and cybersecurity risks across business units and technology domains.
•Maintain and update the Information Security Risk Register and Dashboard to reflect current risk posture and mitigation status.

Implementation of Security Risk Frameworks

•Execute the Information Security Control Monitoring (ISCM) plan in alignment with the enterprise risk management framework and combined assurance model.
•Support the implementation of cybersecurity risk methodologies, ensuring alignment with MTN Group standards and regulatory expectations.

Governance & Reporting

•Prepare and contribute to governance committee packs and reports, ensuring timely and accurate communication of cybersecurity risk issues to executive stakeholders.
•Assist in documenting and presenting information security risk reports to internal stakeholders and board-level subcommittees.

Risk Remediation & Escalation

•Coordinate with business and technical stakeholders to track and support remediation of identified cybersecurity risks.
•Apply the Group Risk Escalation and Acceptance Policy to manage, escalate, and resolve critical risk issues.

Business Continuity & Resilience

•Facilitate periodic Business Impact Analyses (BIA) and support the development and review of disaster recovery and incident response plans.
•Maintain oversight of information security playbooks and ensure alignment with business continuity strategies.

Security Maturity & Gap Analysis

•Conduct information security maturity assessments using MTN Group’s model and identify areas for improvement.
•Perform gap analyses on critical business areas and recommend risk treatment actions.

Stakeholder Engagement & Advisory

•Collaborate with internal teams (e.g., IT, Legal, Compliance) to provide risk advisory on projects, third-party engagements, and new technologies.
•Support the definition and review of the OpCo’s risk appetite, tolerance, and capacity in collaboration with Group Risk.

Awareness & Training

•Contribute to the development and delivery of cybersecurity awareness and training programs across the organization.
•Contribute to testing and simulation exercises to strengthen organizational readiness and response capabilities.

Integrated Risk Planning

•Contribute to the development and execution of the annual integrated risk plan and risk-based audit planning.
•Support enterprise-wide risk workshops and the assessment of principal residual risks.

Context :

•Dynamic and highly competitive telecommunication & ICT industry
•Multi regulated environment
•Environmental, social and governance prioritized
•Localization a key objective for business and government
•Multinational environment – Risk & Compliance Group best practices
•Performance driven environment
•Diverse cultural environment
•Partnerships

At MTN, we are a purpose and value-led organisation and believe that understanding the needs and aspirations of our people is key to creating experiences that delight you at work, daily. We are committed to fostering an environment where every member of our Y’ello Family is heard, understood, and empowered to live an inspired life. Our values keep us grounded and moving in the right direction. Most importantly, they keep us honest. It is not something we claim to be. It is in our DNA. As an organisation, we consider it our mission to create an exciting and rewarding place to work, where our people can be themselves, thrive in positivity and ignite their full potential. A workplace that boosts creativity and innovation, improves productivity, and ultimately drives meaningful results. A workplace that is built on relationships and achieving a purpose that is bigger than us. This is what we want you to experience with us!

Qualification required & Experience

Education

•Bachelor’s degree in information security, Computer Science, Risk Management, Business Information Systems, or a related field is required.
•Professional Certifications in Information Security Risk Management are highly desirable. Preferred certifications include:
•Certified Information Systems Auditor (CISA)
•Certified Information Security Manager (CISM)
•Certified in Risk and Information Systems Control (CRISC)
•ISO/IEC 27001 Lead Implementer or Auditor
•CompTIA Security+ or equivalent foundational certifications

Experience

•At least 3 years’ experience in a related field.

Training

The incumbent should have completed or be willing to undergo training in the following areas to effectively perform in the role:

•Information Security Frameworks and Standards: In-depth training on globally recognized frameworks such as ISO/IEC 27001, NIST Cybersecurity Framework, COBIT, and ITIL.
•Cybersecurity Risk Management: Practical training in identifying, assessing, mitigating, and reporting information security risks within enterprise environments.
•Regulatory and Compliance Awareness: Training on relevant data protection and cybersecurity regulations, including the Ghana Data Protection Act, GDPR, and telecom-specific compliance requirements.
•Governance, Risk, and Compliance (GRC) Tools: Hands-on training in the use of GRC

platforms and risk dashboards for monitoring and reporting.

•Business Continuity and Incident Response: Training in business impact analysis, disaster recovery planning, and incident response coordination.
•Leadership and Stakeholder Engagement: Development in communication, influence, and collaboration skills to effectively engage cross-functional teams and support governance processes.
•Emerging Technologies and Threats: Ongoing learning on evolving cyber threats, cloud security, third-party risk, and digital transformation trends impacting telecom environments.

Knowledge Competencies:

•Information Security Frameworks & Standards: In-depth knowledge of ISO/IEC 27001, NIST Cybersecurity Framework (CSF), COBIT 2019, and related information security governance models.
•Information Security Risk Management (ISRM): Working knowledge of ISRM methodologies, including risk identification, assessment, treatment, and monitoring practices.
•Threat Modeling & Risk Analysis: Familiarity with threat modeling techniques such as STRIDE, DREAD, OCTAVE, and their application in identifying and mitigating cyber risks.
•Incident & Crisis Management: Understanding of incident response processes, emergency preparedness, recovery strategies, and business continuity planning.
•Telecommunications Infrastructure & Business Processes: Awareness of mobile network architecture, telecom operations, and sector-specific risk exposures.
•IT Infrastructure & Architecture: Foundational understanding of IT systems, networks, cloud environments, and their associated security controls.
•Risk Intelligence & Trending: Ability to analyze and interpret risk trends, threat intelligence, and emerging vulnerabilities relevant to the telecom sector.
•Project & Change Management: Basic knowledge of project management principles and their integration with risk assessment in technology and business initiatives.
•Productivity & Reporting Tools: Proficient in Microsoft Excel, PowerPoint, and Word for risk reporting, analysis, and stakeholder communication.

Skills / physical competencies:

•Ability to manage self and be a team player, good conflict management, ability to take and manage accountability
•Energy & Drive – Innovative, Takes initiative, result oriented and develops self consistently
•Interpersonal Skills - Leadership, customer centricity, collaborative and coaches & develops direct reports
•Personal Skills - Trustworthy, integrity and ethical in dealings
•Operating Skills - Ability to focus on priorities and plans, shares knowledge effectively
•Organizational Positioning Skills - Good written and verbal communication, presentation skills, commitment to the organization
•Global thinker, Analytical thinking and Problem-solving abilities.

Must live the MTN Values of

•Lead with Care, Collaborate with Agility, Serve with Respect, Can Do with Integrity, Act with Inclusion

Must exhibit the MTN Vital Behaviors of

•Complete Candor, Complete Accountability, Active Collaboration & Get it done.

General working conditions

•Anywhere/Anytime work/ Ability to manage self/Personal accountability.

Location: Accra

How To Apply For The Job

Qualified Applicants should indicate Ref number MTN-R&CCyber003-2026 as the email subject and ensure that CVs are saved in their names. Qualified Applicants should send their Curriculum Vitae to:

MTNGhanaRecruitment@mtn.com

Values are the core of MTN's Culture, our five values called "Live Y’ello" is the force that unites and inspires each of us to make an impact that matters in the world. Tell us: Which of our five Live Yello values resonates most with you and why? (Limit 250 words).

Closing Date: 14 March, 2026

Only shortlisted applicants will be contacted.