Job purpose:
Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
Key Result Areas:
• Ensure that the institution maintains a current enterprise wide knowledge of its users, devices, applications, software licenses and their relationships, including but not limited to Software and hardware asset inventory, Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
• Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
• Ensuring the bank’s cyber security controls and procedures are up to date to prevent breaches of the bank’s systems by internal and external actors.
• Timely detection and action to identify compromises to the IT systems and controls and speedy rectification to avoid financial and operational losses.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Organizing professional cyber related trainings to improve technical proficiency of staff.
• Ensure that regular and comprehensive cyber risk assessments are conducted.
• Ensure that adequate processes are in place for monitoring IT systems to detect
• cyber and technology events and incidents in a timely manner.
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Reporting to the CEO on an agreed interval but not less than once per month on the assessment of the confidentiality, integrity and availability of the information systems in the institutions, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
Requirements
Qualifications & Experience:
• Bachelor’s Degree in Information/ Cyber Security, Computer Science, Information Technology, Engineering or equivalent
• Specialist security certifications such as GSEC (GIAC Security Essentials), CISSP (Certified Information Systems Security Professional) or related field is an added advantage
• Minimum of five years’ experience in information security at a Managerial level.
• Experience with incident response, risk assessment, and management.
Personal skills and abilities:
• Maintain relevant industry, information technology, and process knowledge expertise
• Ability to present cyber-related reports to internal and external stakeholders
• Ability to maintain confidentiality
• Ability to lead a team
• Exceptional planning and organisational skills, and excellent written and oral communication
• Adept at building internal and external relationships with a focus on customer service
• Analytical mind with the ability to quickly get to the root cause of issues
• An overall understanding of relevant scripting and source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Python and others that are in use.
• An up to date working knowledge of IT Security related hardware, software and vendor solutions.
Job application procedure
Interested and qualified, Click here to apply.
More Information
- Address Kampala, Uganda, East Africa
