JOB DETAILS:
Job purpose:
Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Key Result Areas:
• Proactively identify and evaluate IT and cyber security threats to the Bank’s information assets and their mitigating controls while considering the current risk appetites to reduce the impact and probability of occurrences of threats applicable to the organization at an acceptable level.
• Regularly report on the Bank’s ICT risk profile and progress made to reduce ICT risk levels to an acceptable threshold.
• Continuously review the system of identification, assessment and monitoring of IT, cyber and data protection risk exposures in the Bank and make relevant recommendations for changes to the bank’s risk management framework with a view to either prevent or be prepared to take remedial actions when faced with those threats.
• Conduct regular system user access reviews on all critical bank IT systems and as prescribed in the bank’s risk management program and advise on exceptions noted.
• Provide advice and follow up on the implementation of IT, cyber security and data protection controls in new business propositions through participation in the process of implementation of IT related projects and initiatives.
• Continuously assess the bank’s ICT security risk awareness program and ascertain that it considers all requirements, expectations and prevailing IT security threats to ensure that all system users are aware of appropriate security behaviors.
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
• Deliver training across all business units to staff members who are involved in data handling or processing.
• Proactively review and monitor management of a Bank wide map (cartography) of the storage areas and flows of sensitive data in view of appropriately securing them in line with relevant policies.
• Continuously review and offer assurance on the effectiveness of the bank’s IT disaster recovery plan.
• Review the bank’s ICT incident response plan and monitor implementation of the same for each relevant event/incident to provide assurance on the plan’s adequacy and effectiveness.
• Perform the post-mortem analysis or investigations of all security issues, reported, discovered or otherwise to define and incorporate lessons learnt to enhance the bank’s capabilities to proactively protect the information assets of the organization.
• Conduct objective, fair and timely cybercrime investigations either independently or part of a team, whenever required, in accordance with the bank policy and best practice, provide accurate reports to line management and follow up on implementation of recommendations made.
Requirements
Qualifications & Experience
• Bachelor’s Degree in Computer Science /IT or related field
• IT Security related Certifications and/or IT Security postgraduate education an added advantage
• At least three (3) years’ IT Security and Risk Management experience from a Supervised Financial Institution, is required
• At least two (2) years’ experience supporting implementation and/or managing of complex IT security projects is required
Job application procedure
Interested and qualified? Click here to apply
All Jobs
More Information
- Address Kampala, Uganda, East Africa
