Job
Title: Manager IT Risk and Compliance
Title: Manager IT Risk and Compliance
Organisation: Stanbic Bank
Duty
Station: Kampala, Uganda
Station: Kampala, Uganda
Job
ID: 13055
ID: 13055
About
Stanbic:
Stanbic:
Stanbic Bank Uganda Limited is a
subsidiary of Stanbic Africa Holdings Limited which is in turn owned by
Standard Bank Group Limited (“the Group”), Africa’s leading banking and
financial services group. The Standard Bank Group is the leading banking group
focused on emerging markets. It is the largest African banking group ranked by
assets and earnings. Stanbic Bank Uganda Limited is the largest bank in Uganda
by assets and market capitalization. It offers a full range of banking services
through two business units; Personal and Business Banking (PBB), and Corporate
and Investment Banking (CIB).
subsidiary of Stanbic Africa Holdings Limited which is in turn owned by
Standard Bank Group Limited (“the Group”), Africa’s leading banking and
financial services group. The Standard Bank Group is the leading banking group
focused on emerging markets. It is the largest African banking group ranked by
assets and earnings. Stanbic Bank Uganda Limited is the largest bank in Uganda
by assets and market capitalization. It offers a full range of banking services
through two business units; Personal and Business Banking (PBB), and Corporate
and Investment Banking (CIB).
Job Summary: The Manager IT Risk and Compliance will
support Stanbic Bank in;
support Stanbic Bank in;
·
Assessing controls in the business processes, the
underlying IT infrastructure and implement the bank’s risk management
framework.
Assessing controls in the business processes, the
underlying IT infrastructure and implement the bank’s risk management
framework.
·
The role of Manager IT Risk and Compliance is part
of the Technology Risk and Information Security (TRIS) team. The holder partners with various stakeholders
within the business to assess controls in business processes, the underlying IT
infrastructure and implement the bank’s risk management framework.
The role of Manager IT Risk and Compliance is part
of the Technology Risk and Information Security (TRIS) team. The holder partners with various stakeholders
within the business to assess controls in business processes, the underlying IT
infrastructure and implement the bank’s risk management framework.
·
The incumbent provides IT controls expertise, advisory
on Information Risk Management, Information Security and oversees the ongoing
management of information security policy, standards, procedures enforcement
and technical systems in order to maintain, the confidentiality, integrity and
availability of all of the Banks information systems.
The incumbent provides IT controls expertise, advisory
on Information Risk Management, Information Security and oversees the ongoing
management of information security policy, standards, procedures enforcement
and technical systems in order to maintain, the confidentiality, integrity and
availability of all of the Banks information systems.
·
The job holder also ensures that access control,
disaster recovery, business continuity, incident management and response needs
of the Bank are properly addressed; and continuously measures, analyzes, and
monitors the Bank’s risk exposure.
The job holder also ensures that access control,
disaster recovery, business continuity, incident management and response needs
of the Bank are properly addressed; and continuously measures, analyzes, and
monitors the Bank’s risk exposure.
Key Duties and Responsibilities:
1.
Policy and Governance:
Policy and Governance:
·
Identify regulatory compliance requirements,
business and threat trends, review business needs and continuously establish
amendments required on policies and areas that require the formulation and
cover by new policies.
Identify regulatory compliance requirements,
business and threat trends, review business needs and continuously establish
amendments required on policies and areas that require the formulation and
cover by new policies.
·
Technically support the enforcement, implementation
and review IT governance policies, standards, procedures, and controls to
govern the management of Bank’s information systems.
Technically support the enforcement, implementation
and review IT governance policies, standards, procedures, and controls to
govern the management of Bank’s information systems.
2.
Risk Management:
Risk Management:
·
Provide assurance that IT governance and information
security reviews are conducted to ensure that all information systems have
effective and quality documentation in place. Such reviews include: Qualitative
risk assessments , current and effective Information security plans, Annual system
self-assessments; Current and tested contingency plans; and current
certification and accreditations
Provide assurance that IT governance and information
security reviews are conducted to ensure that all information systems have
effective and quality documentation in place. Such reviews include: Qualitative
risk assessments , current and effective Information security plans, Annual system
self-assessments; Current and tested contingency plans; and current
certification and accreditations
·
Carry out Self –Assessments of the Bank’s
information security program to ensure the Bank’s effective implementation of
and compliance with established policies, standards and procedures.
Carry out Self –Assessments of the Bank’s
information security program to ensure the Bank’s effective implementation of
and compliance with established policies, standards and procedures.
·
Carry out weekly, monthly and annual user access
reviews to ensure users are operating in appropriate user profiles as defined
by the business and risk. Ensure that the requisite attestation and
recertification is completed consistently.
Carry out weekly, monthly and annual user access
reviews to ensure users are operating in appropriate user profiles as defined
by the business and risk. Ensure that the requisite attestation and
recertification is completed consistently.
·
Conduct a periodic Information Technology General
Controls (ITGC) review to ensure the controls on Logical Access management, IT
Operations and Change management are operating as intended.
Conduct a periodic Information Technology General
Controls (ITGC) review to ensure the controls on Logical Access management, IT
Operations and Change management are operating as intended.
·
Document, address and correct any identified
weaknesses from assessments and audit exercises. Support risk assessments of
on-boarding applications and infrastructure initiatives to ensure the bank’s
mandatory security requirements such as Maker-Checker, audit logs and
validation are effectively implemented.
Document, address and correct any identified
weaknesses from assessments and audit exercises. Support risk assessments of
on-boarding applications and infrastructure initiatives to ensure the bank’s
mandatory security requirements such as Maker-Checker, audit logs and
validation are effectively implemented.
·
Facilitate and support the audit management process.
Activities include coordinate IT based Audit assignments, audit issue
consolidation, resolution and closure.
Facilitate and support the audit management process.
Activities include coordinate IT based Audit assignments, audit issue
consolidation, resolution and closure.
·
Actively monitor developments in risk management
approaches in the industry, assess viability and recommend actions for implementation.
Actively monitor developments in risk management
approaches in the industry, assess viability and recommend actions for implementation.
·
Monitor targets and Key Risk Indicators across the
IT function.
Monitor targets and Key Risk Indicators across the
IT function.
·
Report the violation of risk policy with proposal of
appropriate measures.
Report the violation of risk policy with proposal of
appropriate measures.
3.
Compliance:
Compliance:
·
Establish and Implement a compliance program /
framework clearly indicating controls activities to be done and frequency.
Establish and Implement a compliance program /
framework clearly indicating controls activities to be done and frequency.
·
Establish and implement a process to ensure that all
users receive periodic Information security awareness briefs on policies,
standards and procedures and copies of rules of behaviour, are trained to
fulfil their Information Security responsibilities and understand the
consequences of non-compliance.
Establish and implement a process to ensure that all
users receive periodic Information security awareness briefs on policies,
standards and procedures and copies of rules of behaviour, are trained to
fulfil their Information Security responsibilities and understand the
consequences of non-compliance.
4.
Incident Management:
Incident Management:
·
Monitor Business systems through adequate logging,
scanning and monitoring processes.
Monitor Business systems through adequate logging,
scanning and monitoring processes.
·
Actively monitor, document and ensure resolution of
all incidents, implement incident handling and escalation procedures, and
report all incidents to Manager Risk and Information Security, Head IT and
Operation Risk.
Actively monitor, document and ensure resolution of
all incidents, implement incident handling and escalation procedures, and
report all incidents to Manager Risk and Information Security, Head IT and
Operation Risk.
5.
Business Continuity Management: Support the Business Continuity and Disaster
recovery efforts for IT systems. And provide assurance that the BCM and DR
tests and conducted.
Business Continuity Management: Support the Business Continuity and Disaster
recovery efforts for IT systems. And provide assurance that the BCM and DR
tests and conducted.
6.
Others: Perform other related duties as assigned
Others: Perform other related duties as assigned
Qualifications, Skills and Experience:
·
The ideal candidate for the Stanbic Bank Manager IT
Risk and Compliance should hold a University graduate with a degree Computer Science,
Electrical Engineering, Telecommunications Engineering, Computer
Engineering, Information Technology or a
related subject
The ideal candidate for the Stanbic Bank Manager IT
Risk and Compliance should hold a University graduate with a degree Computer Science,
Electrical Engineering, Telecommunications Engineering, Computer
Engineering, Information Technology or a
related subject
·
Hold Information Security and /or Information
Technology industry certification (CISSP, CISM, CEH, CISSP-ISSMP, CISA, CRISC
or GIAC equivalent) strongly preferred.
Hold Information Security and /or Information
Technology industry certification (CISSP, CISM, CEH, CISSP-ISSMP, CISA, CRISC
or GIAC equivalent) strongly preferred.
·
A minimum of three years’ experience with exposure
to reviewing and advancing Information Security in a bank environment.
A minimum of three years’ experience with exposure
to reviewing and advancing Information Security in a bank environment.
·
At least two to three years’ experience in leading
Information Security / information Risk function
At least two to three years’ experience in leading
Information Security / information Risk function
·
Two to three years in Leadership/management
experience working with individuals and teams from diverse cultures
Two to three years in Leadership/management
experience working with individuals and teams from diverse cultures
·
Significant experience in an information technology
or information security leadership role within the banking and /or financial
services sector
Significant experience in an information technology
or information security leadership role within the banking and /or financial
services sector
·
Preferred experience working with international
cross-functional teams fostering collaboration and team work
Preferred experience working with international
cross-functional teams fostering collaboration and team work
·
Prior experience as interim / acting Chief
Information Security Officer, or extensive experience reporting to a CIO, Chief Audit Officer,
Chief Risk Officer or other senior
executive in a global or regional organization is an added advantage
Prior experience as interim / acting Chief
Information Security Officer, or extensive experience reporting to a CIO, Chief Audit Officer,
Chief Risk Officer or other senior
executive in a global or regional organization is an added advantage
·
Prior experience in assessing and mitigating
technology risk (Solid understanding of Risk Management processes)
Prior experience in assessing and mitigating
technology risk (Solid understanding of Risk Management processes)
·
Past exposure and experience and or qualification in
Oracle databases, networks and systems management and ICT Projects
Past exposure and experience and or qualification in
Oracle databases, networks and systems management and ICT Projects
·
Broad knowledge of process and project management
Broad knowledge of process and project management
·
Including knowledge of ITIL processes including
change, incident and problem management.
Including knowledge of ITIL processes including
change, incident and problem management.
·
Working knowledge of standard business processes
including work prioritization, best practices.
Working knowledge of standard business processes
including work prioritization, best practices.
·
Working knowledge of the ISO 27002 Standard and PCI
DSS
Working knowledge of the ISO 27002 Standard and PCI
DSS
·
Knowledge of the domestic and international banking
industry
Knowledge of the domestic and international banking
industry
·
Knowledge of the Bank’s business, products, key
clients, business strategy and strategic issues
Knowledge of the Bank’s business, products, key
clients, business strategy and strategic issues
·
Knowledge of regulatory requirements of home markets
Knowledge of regulatory requirements of home markets
How
to Apply:
to Apply:
All candidates who wish to join the one
of Africa’s biggest Banking Groups, Standard Bank in the aforementioned
capacity are encouraged to Apply Online by visiting Link below.
of Africa’s biggest Banking Groups, Standard Bank in the aforementioned
capacity are encouraged to Apply Online by visiting Link below.
Deadline:
12th October, 2015
12th October, 2015
For More Ugandan Jobs, Please Visit https://www.theugandanjobline.com or
find us on our Facebook page https://www.facebook.com/UgandanJobline
find us on our Facebook page https://www.facebook.com/UgandanJobline