Job Vacancy For Manager, Information & Cyber Security Risk



Position: Manager, Information & Cyber Security Risk
Division: Risk & Compliance
Department: Security Risk Management
Location: Accra
Level: L3
Reports to: Senior Manager, Security Risk Management

Job Summary:

•To lead the development and execution of adaptive, business-aligned information and cybersecurity risk management strategies that safeguard MTN Ghana’s digital assets, infrastructure, and stakeholder interests. This role is pivotal in identifying, assessing, and mitigating cyber and information security risks across the enterprise, ensuring resilience against evolving internal and external threats.
•The Manager will implement and maintain robust frameworks, controls, and response mechanisms in alignment with Group policies and global standards (e.g., ISO 27001, NIST), while fostering a culture of shared accountability for cybersecurity across all business units. The role also ensures proactive risk monitoring, incident response readiness, and continuous improvement of the organization’s security posture in support of strategic business objectives.

Key Tasks

Cyber Risk Identification & Assessment

•Continuously identify, assess, and prioritize information and cybersecurity risks across the enterprise, including third-party and supply chain risks.
•Conduct regular threat modelling and vulnerability assessments aligned with evolving threat landscapes.

Risk Mitigation & Control Implementation

•Design and implement risk mitigation strategies and security controls based on frameworks such as NIST CSF, ISO 27001, and CIS Controls.
•Ensure integration of security controls into business processes, IT systems, and digital transformation initiatives.

Security Governance & Compliance

•Maintain compliance with internal policies and external regulations (e.g., Data Protection Act, GDPR, NCA directives).
•Support audits and regulatory inspections by providing evidence of effective risk management practices.

Security Monitoring & Incident Response

•Oversee the development and execution of incident response plans, ensuring timely detection, containment, and recovery from security incidents.
•Coordinate post-incident reviews and root cause analyses to drive continuous improvement.

Risk Reporting & Dashboarding

•Maintain and update the Information Security Risk Dashboard for executive visibility.
•Provide regular risk reports and insights to senior management, governance committees, and board sub-committees.

Business Continuity & Resilience

•Facilitate Business Impact Analyses (BIA) and ensure alignment of disaster recovery and continuity plans with critical business functions.
•Review and test recovery strategies for IT and network infrastructure.

Security Awareness & Culture

•Develop and deliver targeted cybersecurity awareness programs and simulations to promote a risk-aware culture across the organization.
•Collaborate with HR and Communications to embed security into onboarding and ongoing training.

Risk Appetite & Tolerance Alignment

•Contribute to defining and operationalizing the organization’s cyber risk appetite and tolerance levels.
•Support business units in aligning their risk-taking activities with enterprise risk thresholds.

Security Architecture & Technology Advisory

•Provide input into secure architecture design and technology selection to ensure alignment with security principles.
•Evaluate and recommend security tools and platforms to enhance threat detection and response capabilities.

Collaboration & Knowledge Sharing

•Liaise with Group Risk and Compliance functions to ensure alignment with group-wide risk strategies.
•Share best practices and lessons learned across OpCo regions and with external partners.

Metrics & Performance Management

•Define and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure the effectiveness of cybersecurity risk management.
•Support the development of risk-based audit plans and integrated assurance activities.

Qualification Required & Experience

Education

•Bachelor's Degree preferably in Risk Management, Business/ Computer Science/ Information Security.
•Professional certifications on Information Security Risk Management (CISSP, CEH, CISA, CISM etc.) a must

Experience

•At least 5 years’ experience in a similar role, with at least 3 years in a supervisory role.

Knowledge Competencies:

Cybersecurity Frameworks and Standards: Deep understanding of global standards and frameworks such as:

•ISO/IEC 27001, 27005 (Information Security Management)
•NIST Cybersecurity Framework (CSF) and Risk Management Framework (RMF)
•CIS Critical Security Controls
•COBIT for IT governance

Information Security Risk Management

•Knowledge of enterprise risk management principles and methodologies
•Familiarity with cyber risk quantification, trending, and reporting
•Experience with maturity models and capability assessments

Incident and Crisis Management

•Proficiency in incident response planning, threat detection, and recovery strategies
•Knowledge of emergency preparedness, business continuity, and disaster recovery frameworks

Threat Intelligence and Threat Hunting

•Understanding of threat modelling, attack vectors, and proactive threat hunting methodologies
•Familiarity with MITRE ATT&CK and cyber kill chain frameworks
•Corporate Governance and Compliance: Knowledge of governance frameworks such as King IV, and regulatory compliance (e.g., GDPR, Ghana Data Protection Act, NCA guidelines)

Telecommunications Industry Knowledge

•Strong understanding of mobile network infrastructure, telecom business processes, and digital service ecosystems
•Awareness of sector-specific risks and regulatory requirements

Project and Program Management

•Working knowledge of project management methodologies (e.g., Agile, PRINCE2, PMP)
•Ability to manage cross-functional security initiatives

IT Infrastructure and Architecture

•Advanced knowledge of enterprise IT systems, cloud platforms (AWS, Azure), and network security
•Familiarity with Zero Trust architecture and secure-by-design principles
•Data Privacy and Protection: Understanding of data classification, encryption, and privacy-by-design practices
•Productivity and Reporting Tools
•Proficient in Microsoft Power Tools (Power BI, Power Apps, Power Automate etc.)
•Experience with risk dashboards, GRC platforms, and data visualization tools

Skills / physical competencies:

Leadership & Interpersonal Skills:

•Strong team leadership and collaboration abilities, with a focus on coaching, mentoring, and developing high-performing teams
•Effective conflict resolution and stakeholder management across diverse business units
•High emotional intelligence with the ability to influence without authority

Strategic & Analytical Skills

•Strong analytical thinking and problem-solving capabilities, especially in complex, high-pressure environments
•Ability to interpret data and trends to inform strategic decisions and risk mitigation
•Systems thinking and global mindset to align cybersecurity with business objectives

Communication & Presentation Skills

•Excellent verbal and written communication skills, including the ability to translate technical risks into business language
•Skilled in preparing and delivering impactful presentations to executive and board-level audiences
•Strong facilitation skills for workshops, risk assessments, and cross-functional engagements

Operational & Organizational Skills

•Ability to prioritize and manage multiple initiatives simultaneously in a fast-paced, performance-driven environment
•Strong planning, organizational, and time management skills
•Proficient in knowledge sharing and documentation of processes and decisions

Behavioural qualities:

Must live the MTN Values of

•Lead with Care, Collaborate with Agility, Serve with Respect, Can Do with Integrity, Act with Inclusion

Must exhibit the MTN Vital Behaviors of

•Complete Candor, Complete Accountability, Active Collaboration & Get it done.

General working conditions

• Anywhere/Anytime work/ Ability to manage self/Personal accountability.

Location: Accra

How To Apply For The Job

Qualified Applicants should indicate Ref number MTN-R&CSRM006 -2026 as the email subject and ensure that CVs are saved in their names.

Qualified Applicants should send their Curriculum Vitae to:

MTNGhanaRecruitment@mtn.com

Values are the core of MTN's Culture, our five values called "Live Y’ello" is the force that unites and inspires each of us to make an impact that matters in the world. Tell us: Which of our five Live Yello values resonates most with you and why? (Limit 250 words).

Closing Date: 14 July, 2026

Only shortlisted applicants will be contacted.