Job Title: Risk Analyst
Organisation: National
Information Technology Authority-Uganda (NITA-U)
Information Technology Authority-Uganda (NITA-U)
Duty Station: Kampala,
Uganda
Uganda
Reports to: Information
Security Compliance Manager
Security Compliance Manager
About US:
The National Information Technology Authority-Uganda (NITA-U) was established
as a statutory body under the National Information Technology Authority, Uganda
Act, 2009 as one of the key players in the Information and Communications
Technology Sector. Its mandated is to coordinate, promote and monitor IT
development within the context of national social and economic development,
with a vision as “a facilitator of a knowledge-based, globally competitive
Uganda where social transformation and economic development is supported
through IT enabled services.”
as a statutory body under the National Information Technology Authority, Uganda
Act, 2009 as one of the key players in the Information and Communications
Technology Sector. Its mandated is to coordinate, promote and monitor IT
development within the context of national social and economic development,
with a vision as “a facilitator of a knowledge-based, globally competitive
Uganda where social transformation and economic development is supported
through IT enabled services.”
Job Summary: The Risk Analyst
will guide organizations in performing security analysis and evaluating their
risk exposure enabling them improve their information security practices and
posture as well as to provide information assurance to their stakeholders.
will guide organizations in performing security analysis and evaluating their
risk exposure enabling them improve their information security practices and
posture as well as to provide information assurance to their stakeholders.
Key Duties and Responsibilities:
·
Carry
out information security risk assessments to ensure appropriate information
security and business continuity controls exist in organizations including
describing and estimating the risks
Carry
out information security risk assessments to ensure appropriate information
security and business continuity controls exist in organizations including
describing and estimating the risks
·
Identify
and evaluate technology risks, mitigating controls, and opportunities for
control improvement
Identify
and evaluate technology risks, mitigating controls, and opportunities for
control improvement
·
Evaluate
organizations criteria for previous handling of risks
Evaluate
organizations criteria for previous handling of risks
·
Offer
technical support for organizational risk reporting in an appropriate manner
across strategic, tactical and operational levels
Offer
technical support for organizational risk reporting in an appropriate manner
across strategic, tactical and operational levels
·
Providing
support, education and training to staff to build capacity in risk awareness,
analysis and management within organizations
Providing
support, education and training to staff to build capacity in risk awareness,
analysis and management within organizations
·
Regularly
monitor systems and identify and report violations of risk limits.
Regularly
monitor systems and identify and report violations of risk limits.
·
Evaluate
the effectiveness of organizational controls, perform risk analysis and
management activities and develop appropriate mitigation plans.
Evaluate
the effectiveness of organizational controls, perform risk analysis and
management activities and develop appropriate mitigation plans.
·
Suggest
enhancements to organisational processes and policies to avoid operational
risks.
Suggest
enhancements to organisational processes and policies to avoid operational
risks.
·
Undertake
audits of organizational policies and compliance to National standards,
legislations and frameworks.
Undertake
audits of organizational policies and compliance to National standards,
legislations and frameworks.
·
Analyse
audit findings and assist in implementing audit recommendations.
Analyse
audit findings and assist in implementing audit recommendations.
·
Support
organizations develop effective risk registers.
Support
organizations develop effective risk registers.
·
Review
and recommend improvements to existing risk modelling techniques.
Review
and recommend improvements to existing risk modelling techniques.
·
Perform
procedures and assessments necessary to ensure the safety of information
assets.
Perform
procedures and assessments necessary to ensure the safety of information
assets.
·
Support
in the development of policies/Standards/Guidelines/ Best Practices.
Support
in the development of policies/Standards/Guidelines/ Best Practices.
·
Keenly
review business contracts, terms and scope to identify any risks.
Keenly
review business contracts, terms and scope to identify any risks.
·
Propose
new techniques and technologies for risk analysis and management.
Propose
new techniques and technologies for risk analysis and management.
·
Perform
any other duties as may be assigned.
Perform
any other duties as may be assigned.
Qualifications, Skills and
Experience:
Experience:
·
The ideal candidate for the Risk Analyst job
vacancy should hold a Bachelor’s
degree in Computer Science, Information Technology, Information Science,
Information Systems, Information Security or a related field from a recognized
university
The ideal candidate for the Risk Analyst job
vacancy should hold a Bachelor’s
degree in Computer Science, Information Technology, Information Science,
Information Systems, Information Security or a related field from a recognized
university
·
Industry
Certifications such as CRISC, CISA, ISO 27001 and ISO 31000, COBIT will be of
an advantage
Industry
Certifications such as CRISC, CISA, ISO 27001 and ISO 31000, COBIT will be of
an advantage
·
A minimum of three years’ experience in Risk Management or
Information Security Management or ICT Audit consulting or in a related field.
A minimum of three years’ experience in Risk Management or
Information Security Management or ICT Audit consulting or in a related field.
·
Previous
experience with Governance Risk and Compliance tools as well as mechanisms
Previous
experience with Governance Risk and Compliance tools as well as mechanisms
·
Working
knowledge of National information risk management frameworks and standards
Working
knowledge of National information risk management frameworks and standards
·
Broad
knowledge and understanding of Information Security
Broad
knowledge and understanding of Information Security
·
IT
background (infrastructure & application)
IT
background (infrastructure & application)
·
Knowledge
of Risk Management
Knowledge
of Risk Management
·
Basic
Knowledge of Project Methodology
Basic
Knowledge of Project Methodology
·
Computer
literacy i.e. proficiency in the use of Microsoft Word, Excel and Power Point
(Visio is a plus)
Computer
literacy i.e. proficiency in the use of Microsoft Word, Excel and Power Point
(Visio is a plus)
·
Excellent
analytical and problem –solving skills
Excellent
analytical and problem –solving skills
·
Good
Communication & interpersonal skill across strategic, tactical and
operational levels
Good
Communication & interpersonal skill across strategic, tactical and
operational levels
·
Stakeholder
Management skills
Stakeholder
Management skills
·
Flexibility,
persistence and willingness to work on a variety of activities/tasks
Flexibility,
persistence and willingness to work on a variety of activities/tasks
·
Excellent
organizational skills
Excellent
organizational skills
Clearance: The successful applicant will be subject to National
Security Vetting in line with the National Information Security Framework
(NISF).
Security Vetting in line with the National Information Security Framework
(NISF).
How to Apply:
All candidates who meet the job requirements/specifications and with
the right personal attributes are invited to complete and submit their
application form, download
here, with a cover letter, supported by curriculum vitae, copies of
certificates and testimonials, and must specify day time telephone contact,
postal and email addresses of both the applicant and three referees, to the
address below.
the right personal attributes are invited to complete and submit their
application form, download
here, with a cover letter, supported by curriculum vitae, copies of
certificates and testimonials, and must specify day time telephone contact,
postal and email addresses of both the applicant and three referees, to the
address below.
The Executive Director,
National Information Technology
Authority – UGANDA (NITA-U),
Palm Courts, Plot 7A, Rotary Avenue (former Lugogo bypass)
P.O. Box 33151, Kampala-Uganda
Tel: 0417 801 038
Or via email: [email protected]
(application must not exceed 10MBs)
(application must not exceed 10MBs)
Applicants must also submit with their application verifiable evidence
supporting previous relevant appointments such as appointment letters and
employment contracts.
supporting previous relevant appointments such as appointment letters and
employment contracts.
Deadline: 21st
October, 2016 by 17.00 hrs.
October, 2016 by 17.00 hrs.
For more of the latest jobs, please visit https://www.theugandanjobline.com or
find us on our facebook page https://www.facebook.com/UgandanJobline
find us on our facebook page https://www.facebook.com/UgandanJobline