The Ugandan Jobline

Job Title:   Chief Information Security Officer (CISO)

Organisation: Bank of Africa Uganda

Duty Station:  Kampala, Uganda

About the Company:

Bank of Africa Uganda Limited is part of GROUPE BANK OF AFRICA (BOA) comprising 16 Commercial Banks, 3 Leasing Companies, 2 Investment Companies, a Stock Brokerage Company, an Asset Management Company and a Mortgage Bank. It spans 15 African countries and France, employing over 5,000 people.

Job Summary:   The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the Bank’s information security vision, strategy, and programs. This senior executive role is crucial in safeguarding the Bank’s data, financial assets, and client information from cyber threats while ensuring compliance with regulatory standards. The CISO will work closely with the executive team to identify risks, establish policies, and oversee the Bank’s information security operations, incident response, and cybersecurity resilience.

Key Duties and Responsibilities:

Cybersecurity Program Development and Enforcement

• Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.
• Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.
• Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.

Comprehensive Asset and Infrastructure Management

• Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources.
• Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities.
• Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.

Alignment with Strategic and Operational Objectives

• Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.
• Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).
• Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.

Risk Assessment, Incident Detection, and Response

• Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities.
• Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.
• Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.

Policy Compliance, Exception Management, and Reporting

• Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.
• Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant cyber and technology events affecting the bank.
• Ensure prompt periodical reporting to the regulator as required by relevant regulations
• Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.

Cybersecurity Training and Workforce Development

• Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.
• Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.

Cybersecurity Monitoring, Incident Detection, and Business Continuity

• Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment.
• Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.
• Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank’s ability to function and meet regulatory obligations following cyber incidents or disruptions.

Data Integrity, Confidentiality, and Availability

• Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.
• Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff.

Additional Responsibilities

• The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labour laws. The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer.

Key Performance Indicators:

• Cybersecurity program compliance.
• Incident detection level and response times
• Risk assessment completion and vulnerability management (closure and tracking)
• Cybersecurity user awareness and training completion
• Effectiveness and efficiency in reporting

Qualifications, Skills and Experience:

• Education: Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field. Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred.
• Experience: 10+ years in information security, with at least 5 years in a senior leadership role, ideally within a regulated financial institution.
• Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security.
• Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices.
• Leadership Abilities: Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.

Additional Requirements/Competencies:

• Strategic Vision: Ability to define and execute a long-term cybersecurity strategy that aligns with institutional goals and regulatory requirements.
• Problem-Solving and Decision-Making: Strong capability to make informed decisions under pressure and effectively manage and respond to cyber threats.
• Communication Skills: Proficiency in conveying complex cybersecurity concepts to both technical and non-technical audiences, with clear and effective reporting to executive leadership.
• Ethics and Integrity: Commitment to maintaining the highest ethical standards.
• Collaboration: Ability to collaborate with IT, Risk, Compliance, and Audit functions to ensure cohesive cybersecurity risk management across the Bank.

How to Apply:

All candidates who wish to join Bank of Africa should apply online at the link below.

Click Here

Deadline: 31st January 2025

For more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline

Related Jobs