Job Title: IT Risk Officer
Organisation: BRAC Uganda Bank Ltd
Duty Station: Kampala, Uganda
Reports to: Head of Risk
About the Company:
BRAC Uganda Bank Ltd launched on 25 April 2019 and attained its current status as a Tier II Credit institution following a successful background as the leading Microfinances services provider in Uganda. The bank operates 32 regulated branches and 131 satellite offices covering 84 districts in Uganda targeting Micro, Small. and Medium Entrepreneurs. BRAC Uganda Bank Ltd promotes financial inclusion by extending financial services to unserved and underserved populations especially women and youth as well as people living in poverty in rural areas. The Bank is operationally and financially self-sustaining with over 231,000 active customers and a loan book in excess of Ushs.175 billion.
Job Summary: To assume a pivotal role in safeguarding BUBL’s digital assets, emphasizing the preservation of confidentiality, integrity, and availability of information.
This role encompasses the evaluation, analysis, and mitigation of ICT-related risks, along with the formulation and execution of robust risk management strategies and policies.
Key Duties and Responsibilities:
Conduct comprehensive risk assessments:
- Assess and analyse the bank’s ICT systems, applications, and processes to identify vulnerabilities and potential risks.
- Regularly review bank’s systems and banking application user rights and develop/update user right matrices.
- Maintain criteria for assessing applications and systems to measure compliance with company policies, procedures, standards, security training programs, technical infrastructure, and development efforts against internal compliance baselines.
Evaluate and enhance risk management processes:
- Analyse existing ICT risk management processes and recommend improvements to ensure a clear separation of operational and compliance responsibilities.
- Collaborate with IT teams to assess and evaluate new technologies, systems, ICT projects, IT vendors and applications for potential risks and vulnerabilities.
- Analyse database activities and user actions to detect and investigate any unauthorized or suspicious activities.
- Review the implemented security controls and hardening measures for database systems.
Training and awareness:
- Conduct training sessions for staff, emphasizing ICT risks and mitigation measures related to operations, strategy, and compliance.
Policy and guideline development:
- Develop and implement ICT risk management policies, procedures, and guidelines to ensure compliance with regulatory requirements and industry best practices.
- Assist with assessments of vendors and business contracts for evaluation and tracking of risk changes.
Incident monitoring and reporting:
- Review and analyse security incidents, conduct root cause analysis, and recommend corrective actions to prevent future occurrences.
- Prepare and present detailed reports on ICT risk assessments, incidents, and mitigation strategies to senior management and stakeholders.
Governance and Compliance:
- Monitor ICT activities to ensure adherence to set policies, procedures, and guidelines governing risk identification, assessment, control, and overall risk management processes.
- Work closely with Compliance to identify compliance baselines from legislative requirements and corporate objectives.
- Analyse audit findings and assist in implementing audit recommendations
Qualifications, Skills and Experience:
- Bachelor’s Degree: Typically, in a relevant field such as Computer Science, Information Technology, Cybersecurity, or Business with a strong IT focus.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC) is an added advantage.
Knowledge, Skills & Competences
- IT Knowledge: A solid understanding of information technology systems, networks, and infrastructure is essential.
- Cybersecurity: Proficiency in cybersecurity principles, threats, and best practices is crucial.
- Risk Assessment: The ability to identify and assess IT-related risks and vulnerabilities.
- Compliance: Understanding and ensuring compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001).
- Data Analysis: Analyzing data to identify trends, patterns, and anomalies that may indicate potential risks.
- Interpersonal Skills: Effective communication with team members, management, and other stakeholders.
- Reporting: The ability to communicate risk assessments and recommendations clearly and concisely to non-technical stakeholders.
- Problem-solving skills: The ability to respond effectively to IT security incidents and breaches.
- Industry Knowledge: Familiarity with industry-specific IT risks and regulations (e.g., healthcare, finance, government) can be advantageous.
- Team Player: Collaboration with cross-functional teams, including IT, legal, compliance, and management, is often required to address IT risks effectively.
How to Apply:
Interested candidates should email their application letter, Curriculum Vitae, and copies of relevant academic documents, IN ONE PDF FILE mentioning the job title as the subject matter to [email protected] All applications should be addressed to the Head Human Resource BRAC Uganda Bank Ltd in one PDF.
Deadline: 19th May 2025
Note: Only shortlisted candidates will be contacted.
For more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline