Job Title: Chief Information Security Officer
Organisation: NCBA Bank Uganda Limited
Duty Station: Kampala, Uganda
About the Company:
NCBA Bank Uganda Limited, is a commercial bank in Uganda. It is one of the commercial banks licensed by the Bank of Uganda, the country’s central bank and national banking regulator.
Job Summary: The Chief information Security Officer is a key participant in shaping the Bank’s Information and Security strategy. The role focuses on security strategies to protect information assets specifically in IT operations, systems, and innovation across the business, and protecting information systems and data from threats.
Key Duties and Responsibilities:
- Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget.
- Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.
- Organizing professional cyber related trainings to improve technical proficiency of staff.
- Safeguarding the confidentiality, integrity and availability of information.
- Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
- Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
- Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
- Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
- Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
- Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
- Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
- Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
- Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
- Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
- Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis
- decision-making, are clearly defined, documented and communicated to relevant staff.
- Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
- Safeguarding the confidentiality, integrity and availability of information.
- Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.
- Drive competency focus through continuous learning and job enrichment to ensure high performance.
Qualifications, Skills and Experience:
- Bachelor of Science in Computer Science or technical field. MBA or a Master’s degree in a technology field preferred.
- IT management certifications are desirable: ITIL, COBIT, TOGAF, PRINCE2, ISO, Cloud technology, CISSP, CRISC.
Experience:
- At least 10 years’ experience in Information Technology management, 5 of which should have been in a middle management capacity in a similar sized organization having lead successful IT transformation projects and/or initiatives.
How to Apply:
All candidates who wish to join NCBA Bank are strongly encouraged to apply online at the link below.
For more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline