Job Title: Manager, Workplace Banking Organisation: NCBA Bank Uganda Limited…
Head Information Security Employment Opportunity – Ecobank Uganda Limited
Job Title: Head Information Security
Organisation: Ecobank Uganda Limited
Duty Station: Kampala, Uganda
About US:
Ecobank Uganda Limited is the leading commercial bank offering wholesale, retail, transaction banking services and products to individuals, governments, financial institutions, multinationals, international organizations, medium and small enterprises.
Key Duties and Responsibilities:
- To Act as a Head of Information Security and represent the wider Group Information security strategies at the affiliate level.
- Serves as an Internal Information Security Consultant to the Bank
- Monitors compliance with information security policies and procedures, referring exceptions to Country Head of Operations & Technology and the CISO.
- Works closely with Group Security to implement security initiatives for the affiliate on behalf of Ecobank Group
- Liaises with regulatory agencies to address the banks security and compliance issues
- Liaises with contractors and service providers to ensure that all activities are in line with the Banks Information Security Policy
- Provides direct Information Security Awareness training and oversight to all employees, and other third parties, ensuring proper information security clearance in accordance with established bank information security policies and procedures
- Initiates, facilitates, and promotes activities to create information security awareness within the Bank
- Develop and implement an ongoing risk assessment program targeting information security and business systems. Recommend methods for vulnerability detection and remediation.
- Perform information security risk, vulnerability assessments and serves as an internal assessor for security issues
- Develop and implement an incident reporting system to address security incidents, respond to alleged policy violations from staff, contractors and external parties
- Provides guidance and direction for the physical and logical protection of Information Technology resources to other functional systems
- Reviews all systemrelated security plans throughout the bank’s network
- Conducts investigations on security breaches, report findings and make recommendations to Executive Management
- Monitors the internal control systems to ensure that appropriate access levels are maintained
- Serves as a coordinator of the Banks Business Continuity and Disaster Recovery Plan
- Reviews security logs on critical servers and communicate exceptions to Executive Head, IT and Operations
- Establishes a reporting process to ensure that Executive Management is kept appraised of the effectiveness of Information Technology Security and problem resolution.
- Be a local champion at the affiliate level for Business Continuity Management, Disaster Recovery and Crisis Management.
- Perform any other duties assigned by Supervisor
- Design, implement, and maintain the overall affilaite Data Protection & Privacy program.
- Determines data protection & privacy compliance requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying personally identifiable data ; and conducting data mapping.
- Promote privacy by design and conduct privacy impact assessments to meet compliance specifications and timelines as the business processes sensitive or personal data
- Measure and report on business operations compliance with various Data Protection Acts, especially with General Data Protection Regulation (GDPR).
- Design and enforce risk mitigation cases and highlight any high risk practices and activities to senior management.
- Work with the Information Security Manager to implement agreed data security policies and ensure relevant monitoring is in place to protect against and check for potential data breaches
- Prepares system security reports by collecting, analyzing, and summarizing data and trends.
- Articulates the business benefits of data protection & privacy initiatives to stakeholders ensuring support and buyin, delivering those initiatives to planned timescales and costs
Qualifications, Skills and Experience:
- The applicant must hold a Bachelor’s degree or Industry Certified Security Professional Certification.
- Relevant Security Experience, at least 5 years in Information Security field.
- Experience of Managing Projects
- Experience of Managing Team’s Performance
- Familiarity with industry standards, guidelines and regulatory compliance requirements related to information security, Data protection and privacy and cloud computing such as ISO 27001, Cloud Security Alliance (CSA), NIST 80053, PCI DSS, GDPR, SSAE16 and SABSA etc.
- Ability to work in a Multicultural Environment
- Proven track record of achieving results and managing teams.
- Ability to build rapport with VPs and Cluster/Regional Managers
- Constructively manage all stakeholders and break barriers
- Ability to build and lead effective and successful teams
- Analytical thinker combined with skills of thinking outside the box
- Ability to effectively use technology to leapfrog the competition
- Withstanding pressure without it having effect on efficiency or quality
- Open to change and ability to create and drive change
- Ability to deal with ambiguity and a changing environment
- Strong analytical and diagnostic skills
How to Apply:
All suitably qualified and interested candidates are encouraged to apply online at the link below.
Deadline: 23rd August 2023
For more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline