IT Security Risk Manager Employment Opportunity – DFCU Bank

Job Title:    IT Security Risk Manager

Organisation: DFCU Bank

Duty Station:  Kampala, Uganda

Reports to: Head of Operational Risk Management


About US:

DFCU Bank is a fast growing commercial bank offering a variety of innovative products and services. DFCU Limited was started by the Commonwealth Development Corporation (CDC) of the United Kingdom and the Government of Uganda through the Uganda Development Corporation (UDC) under the name of Development Finance Company of Uganda Limited. Later restructuring brought in DEG (of Germany) and International Finance Corporation (IFC) as equal partners with CDC and UDC, each having a 25% stake in the company. Its objective was to support long-term development projects whose financing needs and risk did not appeal to the then existing financial commercial lending institutions.


Job Summary:  Reporting to the Head of Operational Risk Management, the IT Security Risk Manager will be responsible for upholding confidentiality, integrity, and availability of the information technology environment by ensuring responsibility for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and proactive compliance with industry regulations related to information security.


Key Duties and Responsibilities:  

  • Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
  • Oversight of the vulnerability management program.
  • Develop the information security workplan, policies and standards in conjunction with the technology team within the Bank.
  • Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
  • Oversee security awareness activities for bank employees and customers. Ensure that bank culture maintains a commitment to security.
  • Support the first line to design, implement, and maintain the organization’s cybersecurity plan and perform assurance checks on this plan.
  • Perform assessment of security controls and evaluate results relative to risk assessment.
  • Work with Information Technology and other business unit stakeholders during project and product development efforts and work as well with Business Technology to ensure that appropriate security controls are considered during vendor selection and development efforts.
  • Monitor regulations and technology trends that affect financial institutions. Evaluate compliance and develop plans for compliance with regards to information security. Educate bank employees and act as a champion for compliance throughout the bank.
  • Establish and maintain successful external relationships with security technology and service providers, industry experts, local law enforcement, industry consortiums, and regulatory agencies.
  • Ensure the integrity of Information Security controls in the business through enforcement of self-assessments (RCSA/KRIs) and giving prompt feedback to the first line of defence. Actively participate in a robust review and challenge process with technology inclined units on their Risk & Control Self Assessments and overall performance.
  • Follow up and ensure that all Technology related Internal/External Audit and BOU inspection findings have been fully resolved and that no repeat findings arise in subsequent audits.
  • Conduct periodic risk-based Unit assurance reviews to monitor how effective their risk management practices are and recommend for remedial actions where there are control weaknesses.
  • Support the bank’s digital strategy by performing the quality assurance role on bank projects while ensuring any risks/threats to the bank’s technology platforms are proactively identified and advised to the Head of Operational Risk Management or CRO.
  • Coordination of the bank’s Business Continuity Management activities including review of the Disaster Recovery Plan, testing of this plan and quality assurance of the same.
  • Monitoring and review of IT related SLAs.
  • Develop and maintain a procedure for monitoring system support and performance levels.

Qualifications, Skills and Experience:

  • The ideal candidate for the DFCU Bank IT Security Risk Manager job placement must hold a Bachelors or Graduate Degree with sufficient background in information security and business management disciplines.
  • Professional digital security certifications in relevant technologies such as Cisco, Microsoft, CISSP, Unix / Linux will be an added advantage.
  • Seven years of working experience of which 3 should be in an information security related role.
  • Experience managing projects and programs to achieve information security objectives.
  • Demonstrated exceptional written and verbal communication skills.
  • Understanding of current technology and regulatory trends affecting financial institution information security programs.
  • Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels.
  • Demonstrated ability to analyze security and technology control effectiveness.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Good analytical decision making skills to enable the effective handling of all systems while retaining the integrity of data.
  • Ability to be proactive and lead cross-functional teams to achieve information security objectives.
  • Good report writing techniques in order to review and redesign operational and management information reports to suit departmental reporting purposes. nix / Linux will be an added advantage.
  • Excellent communications and engagement skills.
  • Strong attention to detail and personal effectiveness.
  • High-level of integrity and standards.
  • Self-drive and initiative.
  • Customer Dedication and Community Immersion.
  • Relationship Building.
  • Team Player.
  • Creative Initiative.
  • Unafraid to take responsibility, partner with the business whilst retaining independence to challenge the business.
  • Ability to work effectively with local contemporaries and peers in other clusters and regions to maintain a collaborative culture.


How to Apply:

If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates (University Transcript, O & A level), by close of business to the email address indicated below;


dfcu Bank is committed to give equal opportunities in employment and aims to ensure that it does not discriminate against gender or race. Only short-listed candidates will be contacted through +256 312 300391.


Deadline: 25th June 2021


For more of the latest jobs, please visit or find us on our facebook page

Leave a Reply

Your email address will not be published. Required fields are marked *