Summary
Date Posted: Friday, August 09 2024, Base Salary: Not Disclosed

JOB DETAILS:

DEPARTMENT: RISK.
REPORTS TO: HEAD OF RISK

JOB PURPOSE.
Responsible for establishing and maintaining a bank-wide information security management program to ensure that information assets are adequately protected. He/she is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, aligns with and supports the enhancement of the Information Technology risk posture of the bank.

KEY DUTIES AND RESPONSIBILITIES.
• Conducting vulnerability assessments to identify security weaknesses within the bank's technology environments. i.e., test and identify network and system vulnerabilities, identify risk tolerances, recommend treatment plans, and disseminate reports about residual risk.
• Analysis of information protection technologies and processes including information databases and applications to identify technology security weaknesses and potential risks.
• Conduct risk assessments of data processing systems to confirm the design of logical controls and ensure that they are effective and meet business practices and regulatory and legal requirements.
• Regular risk reviews on Interface reconciliations to ensure that entries in CBS agree to interface/payment systems. i.e., regular spot checks.
• Ensuring that audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with IT policies and audit requirements.
• Regular review of system user access rights and profiles including super user counts for all critical systems.
• Regular risk reviews on cash deposit machines (CDMs), ATMs, and other delivery channels, including offsite ones.
• Conducting data protection and privacy risk assessments in line with the Data Protection Act, regulations, and the bank’s policies.
• Conducting vendors’/third parties’ risk-based reviews/assessments.
• Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken, and recommend suggested approaches to deal with lessons identified and ensure timely reporting/adequate participation in the investigation of IT security incidents.
• In collaboration with the IT department, offer guidance/Subject Matter Expertise for future system enhancements in line with the bank’s overall strategy.
• Create and manage information security and risk management awareness training programs for employees including all approved system users.
• Identify, communicate, and manage current and emerging security threats with relevant stakeholders.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the bank on identifying acceptable levels of residual risk.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of the control framework implementation.
• Independently assess, monitor and report on the bank’s back-up procedures and offer quality assurance on the bank’s overall Disaster Recovery Plan (DRP), including the tests thereof.Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Review the change management process ensuring that all changes in the system have corresponding approvals.
• Ensure that security programs comply with relevant laws, regulations, and policies to minimize risk and audit findings.

SKILLS & COMPETENCIES.
• Proficient communication skills with the ability to present to all levels of audiences.
• Good understanding of IT networking and access management concepts.
• Ability to maintain a high degree of professionalism with a high commitment to quality.
• Ability to understand and assess technology systems and applications from both a technical and business function perspective.
• Strong interpersonal skills, supervisory and managerial skills to lead and encourage a team.
• A high degree of confidentiality, dependability, and initiative.

ACADEMIC AND PROFESSIONAL REQUIREMENTS.
• A bachelor's degree in information systems, computer science, or a related field.
• Possession of additional certifications like Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), etc.
• Minimum 6 Years experience, 2 must be in a supervisory role specifically in Information security.

Work Hours: 8

Experience in Months: 72

Level of Education: Bachelor Degree

Job application procedure

Kindly send your cover letter and up-to-date CV to hr@eximbank-ug.com  with the subject: JOB APPLICATION: INFORMATION SECURITY MANAGER by close of business, FRIDAY 156th August 2024.

Only candidates who meet the minimum requirements shall be contacted.

All Jobs

QUICK ALERT SUBSCRIPTION