Manager IT Risk and Compliance Job Placement – Stanbic Bank

Organisation: Stanbic Bank
  Kampala, Uganda
Stanbic Bank Uganda Limited is a
subsidiary of Stanbic Africa Holdings Limited which is in turn owned by
Standard Bank Group Limited (“the Group”), Africa’s leading banking and
financial services group. The Standard Bank Group is the leading banking group
focused on emerging markets. It is the largest African banking group ranked by
assets and earnings. Stanbic Bank Uganda Limited is the largest bank in Uganda
by assets and market capitalization. It offers a full range of banking services
through two business units; Personal and Business Banking (PBB), and Corporate
and Investment Banking (CIB).
Job Summary:  The Manager IT Risk and Compliance will
support Stanbic Bank in;
Assessing controls in the business processes, the
underlying IT infrastructure and implement the bank’s risk management
The role of Manager IT Risk and Compliance is part
of the Technology Risk and Information Security (TRIS) team.  The holder partners with various stakeholders
within the business to assess controls in business processes, the underlying IT
infrastructure and implement the bank’s risk management framework.
The incumbent provides IT controls expertise, advisory
on Information Risk Management, Information Security and oversees the ongoing
management of information security policy, standards, procedures enforcement
and technical systems in order to maintain, the confidentiality, integrity and
availability of all of the Banks information systems.
The job holder also ensures that access control,
disaster recovery, business continuity, incident management and response needs
of the Bank are properly addressed; and continuously measures, analyzes, and
monitors the Bank’s risk exposure.
Key Duties and Responsibilities:  
Policy and Governance:
Identify regulatory compliance requirements,
business and threat trends, review business needs and continuously establish
amendments required on policies and areas that require the formulation and
cover by new policies.
Technically support the enforcement, implementation
and review IT governance policies, standards, procedures, and controls to
govern the management of Bank’s information systems.
Risk Management:
Provide assurance that IT governance and information
security reviews are conducted to ensure that all information systems have
effective and quality documentation in place. Such reviews include: Qualitative
risk assessments , current and effective Information security plans, Annual system
self-assessments; Current and tested contingency plans; and current
certification and accreditations
Carry out Self –Assessments of the Bank’s
information security program to ensure the Bank’s effective implementation of
and compliance with established policies, standards and procedures.
Carry out weekly, monthly and annual user access
reviews to ensure users are operating in appropriate user profiles as defined
by the business and risk. Ensure that the requisite attestation and
recertification is completed consistently.
Conduct a periodic Information Technology General
Controls (ITGC) review to ensure the controls on Logical Access management, IT
Operations and Change management are operating as intended.
Document, address and correct any identified
weaknesses from assessments and audit exercises. Support risk assessments of
on-boarding applications and infrastructure initiatives to ensure the bank’s
mandatory security requirements such as Maker-Checker, audit logs and
validation are effectively implemented.
Facilitate and support the audit management process.
Activities include coordinate IT based Audit assignments, audit issue
consolidation, resolution and closure.
Actively monitor developments in risk management
approaches in the industry, assess viability and recommend actions for implementation.
Monitor targets and Key Risk Indicators across the
IT function.
Report the violation of risk policy with proposal of
appropriate measures.
Establish and Implement a compliance program /
framework clearly indicating controls activities to be done and frequency.
Establish and implement a process to ensure that all
users receive periodic Information security awareness briefs on policies,
standards and procedures and copies of rules of behaviour, are trained to
fulfil their Information Security responsibilities and understand the
consequences of non-compliance.
Incident Management:
Monitor Business systems through adequate logging,
scanning and monitoring processes.
Actively monitor, document and ensure resolution of
all incidents, implement incident handling and escalation procedures, and
report all incidents to Manager Risk and Information Security, Head IT and
Operation Risk.
Business Continuity Management:
Support the Business Continuity and Disaster
recovery efforts for IT systems. And provide assurance that the BCM and DR
tests and conducted.
Perform other related duties as assigned
Qualifications, Skills and Experience:  
The ideal candidate for the Stanbic Bank Manager IT
Risk and Compliance should hold a University graduate with a degree Computer Science,
Electrical Engineering, Telecommunications Engineering, Computer
Engineering,  Information Technology or a
related subject
Hold Information Security and /or Information
Technology industry certification (CISSP, CISM, CEH, CISSP-ISSMP, CISA, CRISC
or GIAC equivalent) strongly preferred.
A minimum of three years’ experience with exposure
to reviewing and advancing Information Security in a bank environment.
At least two to three years’ experience in leading
Information Security / information Risk function
Two to three years in Leadership/management
experience working with individuals and teams from diverse cultures
Significant experience in an information technology
or information security leadership role within the banking and /or financial
services sector
Preferred experience working with international
cross-functional teams fostering collaboration and team work
Prior experience as interim / acting Chief
Information Security Officer, or extensive experience  reporting to a CIO, Chief Audit Officer,
Chief Risk Officer or other senior 
executive in a global or regional organization is an added advantage
Prior experience in assessing and mitigating
technology risk (Solid understanding of Risk Management processes)
Past exposure and experience and or qualification in
Oracle databases, networks and systems management and ICT Projects
Broad knowledge of process and project management
Including knowledge of ITIL processes including
change, incident and problem management.
Working knowledge of standard business processes
including work prioritization, best practices.
Working knowledge of the ISO 27002 Standard and PCI
Knowledge of the domestic and international banking
Knowledge of the Bank’s business, products, key
clients, business strategy and strategic issues
Knowledge of regulatory requirements of home markets
to Apply:
All candidates who wish to join the one
of Africa’s biggest Banking Groups, Standard Bank in the aforementioned
capacity are encouraged to Apply Online by visiting Link below.
12th October, 2015
For More Ugandan Jobs, Please Visit or
find us on our Facebook page

Leave a Reply

Your email address will not be published. Required fields are marked *