The Ugandan Jobline

• Develop, refine, maintain and implement enterprise-wide Information
  Security and Risk policies, procedures and standards to meet compliance
  responsibilities.
• Develop and implement strategies to align information security with
  MOPS business objectives and goals, protecting the integrity,
  confidentiality and availability of data on the IPPS existing software
  application in preparation for transition to the HCM.
• Work directly with the IPPS users, third parties and other internal
  departments to facilitate information security risk analysis and risk
  management processes to identify acceptable levels of residual risk.
• Assess information security alerts, threats and vulnerabilities to
  the IPPS/HCM environment, recommend and manage the appropriate security
  controls & measures for information systems.
• Conduct detailed risk assessments and baseline control analysis, and
  provide actionable recommendations.
• Conduct business impact analysis to ensure that key resources both
  tangible and intangible are adequately protected with proper security
  measures and controls.
• Participate in cost-benefit and risk analysis.
• Manage the update and maintenance of an enterprise risk framework (a
  single view of the risk profiles and tolerance.)
• Evaluate security risks, identify and define compliance strategies
  in accordance with policies, standards, guidelines and procedures.
• Monitor systems, identify and report residual risks,
  vulnerabilities, security exposures, security violations and violations of
  risk limits/controls, including misuse of information assets and
  noncompliance.
• Provide support in security incident and response management and
  assist in troubleshooting, identification of root causes and resolving
  security related issues and problems.
• Maintain risk management procedures, Institution continuity
  scenarios, and contingencies and advise on Institution continuity and
  disaster recovery plans.
• Participate in designated projects such as HCM, developments or
  business initiatives, advising on information security risks through the
  project life cycle.;
• Undertake continuous risk based system audits in accordance with the
  annual work plans and provide support to business during internal or
  external audit sessions, including Penetration Tests & Ethical hacks;
• Provide technical support and guidance in the review and
  implementation of change requests.
• Generate appropriate communication, process and educational plans
  for mitigating the disruption of change in accordance with the MOPS IT
  Change management policy.
• Develop, deliver IT risk & security awareness and compliance
  training programs and. build staff capacity in risk awareness, analysis
  and management.
• Perform any other duties as may be assigned from time to time.

• Enterprise-wide security policies, procedures, baselines and
  Standard Operating Procedures (SOPs) to meet compliance responsibilities
  developed.
• Enterprise-wide security policies, procedures Standard Operating
  Procedures (SOPs) for security and risk management disseminated and
  implemented.
• Evaluation report on system security and internal controls of the
  existing information systems and related ICT infrastructure.
• Guidelines on the required information system security controls and
  remedial actions to support transition to the HCM.
• Audit engagement plan developed and maintained for every audit
  engagement.
• Information System security audit reports provided quarterly.
• Strategy and plan for staff capacity building in information
  security and risk awareness, analysis and management developed.
• Enterprise Risk management strategy developed
• Comprehensive risk register maintained.
• Quarterly and annual reports on Compliance with security policies,
  standards, guidelines and procedures.
• Quarterly and Annual Performance reports on the effectiveness of
  information security and adoption of new policies and procedures
• Quarterly evaluations of security controls, mechanisms and goals in
  comparison to best practices.
• Disaster recovery test plans for IPPS/HCM.
• Periodic Business Continuity and Data Recovery test drill reports.
• Implementation plans for activities related to compliance, control
  assurance, risk management, security, and infrastructure/information asset
  protection.

• The ideal candidate must hold a Bachelor’s degree in Computer
  Science, Information Technology, Information Science, Information Systems,
  Information Security or a related field from a recognized university.
• A professional qualification in IT Industry Certifications such as
  CRISC / CISA / CISM/ CISSP/ ISO 27001/ ISO 31000 is required.
• Possession of PMP, PRINCE2, and/or ITIL will be an added advantage.
• Four (4) years working experience in Risk Management or Information
  Security, Management of Information Systems Audit or ICT Audit consulting
  or a related Information Security field with two (2) years at a
  supervisory level in IT Security.
• Demonstrable experience of using Risk Management and Security
  frameworks.
• Experience in designing and implementing security solutions,
  Governance, Risk and Compliance tools as well as mechanisms.
• Demonstrable experience in Information System Security techniques,
  with a broad range of exposure to systems analysis, application
  development, systems administration
• Experience in relational databases such as Oracle, networks and
  systems management and implementation of ICT projects.
• Knowledge of National information risk management frameworks and
  standards.
• Knowledge of information security industry trends.
• Good Communication & interpersonal skill across strategic,
  tactical and operational levels.
• Stakeholder Management skills.
• Flexibility, persistence and willingness to work on a variety of
  activities/tasks and work under pressure.
• Logical and objective attention to detail, analytical abilities and
  the ability to recognize trends in data.
• A proactive, methodical and well-organized approach to work with the
  confidence to make decisions.
• Confidentiality of Government information.

Related Jobs