Chief Information Security Officer (Ciso)
2025-06-30T14:25:27+00:00
I&M Bank
https://cdn.greatugandajobs.com/jsjobsdata/data/employer/comp_3675/logo/I&M%20Bank.png
https://www.imbankgroup.com/
FULL_TIME
Kampala
Kampala
00256
Uganda
Banking
Management
2025-07-04T17:00:00+00:00
Uganda
8
Chief Information Security Officer (Ciso) at I&M Bank Uganda
Job purpose:
A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management.
Key Responsibilities.
Risk Governance and Strategy
- Overseeing and implementing the institution's cybersecurity program and enforcing cyber and technology policy.
- Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
- Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
- Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.
Risk Identification, Assessment, and Mitigation
- Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
- Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
- Safeguarding the confidentiality, integrity, and availability of information.
Fraud Risk Management
- Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
- Responsiveness and effectiveness in addressing fraud... risk events.
Business Continuity Planning (BCP) and Crisis Management)
- Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
- Ensure frequent data backups of critical IT systems to separate storage locations.
- Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
- Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.
Leadership and Culture
- Design cybersecurity controls considering all levels of users (internal and external).
- Organize professional cyber-related trainings to improve staff technical proficiency.
Reporting and Communication
- Report to the CEO at least quarterly on:
- Confidentiality, integrity, and availability of systems,
- Exceptions to cyber policies,
- Effectiveness of the cybersecurity program,
- Material cyber and tech events affecting the institution.
Technology and Innovation
- Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Educational Requirements.
Bachelor’s Degree (Required):
- Computer Science, Cybersecurity, Information Technology, or related field.
Master’s Degree (Preferred):
- MBA, M.S. in Cybersecurity, or Information Security.
Preferred Certifications.
- CISSP, CISM, CISA, CRISC, CEH.
Additional Knowledge Areas:
- Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.
Leadership Skills
- Strong leadership and team management capabilities.
- Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
- Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.
Strategic and Analytical Thinking
- Strong problem-solving and decision-making skills under uncertainty.
- Ability to anticipate emerging risks and proactively design mitigation strategies.
- Exceptional analytical skills to evaluate and prioritize risks based on potential impact.
Behavioral Competencies
- High ethical standards and integrity.
- Resilience under pressure and ability to navigate crises effectively.
- Adaptability to changing regulatory landscapes and evolving risk environments.
Risk Governance and Strategy Overseeing and implementing the institution's cybersecurity program and enforcing cyber and technology policy. Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite. Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval. Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable. Risk Identification, Assessment, and Mitigation Ensure regular and comprehensive cyber risk assessments are conducted at least once a year. Ensure monitoring processes detect cyber and technology events and incidents in a timely manner. Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps. Safeguarding the confidentiality, integrity, and availability of information. Fraud Risk Management Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses). Responsiveness and effectiveness in addressing fraud... risk events. Business Continuity Planning (BCP) and Crisis Management) Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence. Ensure frequent data backups of critical IT systems to separate storage locations. Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated. Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity. Leadership and Culture Design cybersecurity controls considering all levels of users (internal and external). Organize professional cyber-related trainings to improve staff technical proficiency. Reporting and Communication Report to the CEO at least quarterly on: Confidentiality, integrity, and availability of systems, Exceptions to cyber policies, Effectiveness of the cybersecurity program, Material cyber and tech events affecting the institution. Technology and Innovation Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Bachelor’s Degree (Required): Computer Science, Cybersecurity, Information Technology, or related field. Master’s Degree (Preferred): MBA, M.S. in Cybersecurity, or Information Security. Preferred Certifications. CISSP, CISM, CISA, CRISC, CEH.
No Requirements
JOB-68629e573dc2e
Vacancy title:
Chief Information Security Officer (Ciso)
[Type: FULL_TIME, Industry: Banking, Category: Management]
Jobs at:
I&M Bank
Deadline of this Job:
Friday, July 4 2025
Duty Station:
Kampala | Kampala | Uganda
Summary
Date Posted: Monday, June 30 2025, Base Salary: Not Disclosed
Similar Jobs in Uganda
Learn more about I&M Bank
I&M Bank jobs in Uganda
JOB DETAILS:
Chief Information Security Officer (Ciso) at I&M Bank Uganda
Job purpose:
A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management.
Key Responsibilities.
Risk Governance and Strategy
- Overseeing and implementing the institution's cybersecurity program and enforcing cyber and technology policy.
- Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
- Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
- Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.
Risk Identification, Assessment, and Mitigation
- Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
- Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
- Safeguarding the confidentiality, integrity, and availability of information.
Fraud Risk Management
- Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
- Responsiveness and effectiveness in addressing fraud... risk events.
Business Continuity Planning (BCP) and Crisis Management)
- Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
- Ensure frequent data backups of critical IT systems to separate storage locations.
- Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
- Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.
Leadership and Culture
- Design cybersecurity controls considering all levels of users (internal and external).
- Organize professional cyber-related trainings to improve staff technical proficiency.
Reporting and Communication
- Report to the CEO at least quarterly on:
- Confidentiality, integrity, and availability of systems,
- Exceptions to cyber policies,
- Effectiveness of the cybersecurity program,
- Material cyber and tech events affecting the institution.
Technology and Innovation
- Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Educational Requirements.
Bachelor’s Degree (Required):
- Computer Science, Cybersecurity, Information Technology, or related field.
Master’s Degree (Preferred):
- MBA, M.S. in Cybersecurity, or Information Security.
Preferred Certifications.
- CISSP, CISM, CISA, CRISC, CEH.
Additional Knowledge Areas:
- Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.
Leadership Skills
- Strong leadership and team management capabilities.
- Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
- Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.
Strategic and Analytical Thinking
- Strong problem-solving and decision-making skills under uncertainty.
- Ability to anticipate emerging risks and proactively design mitigation strategies.
- Exceptional analytical skills to evaluate and prioritize risks based on potential impact.
Behavioral Competencies
- High ethical standards and integrity.
- Resilience under pressure and ability to navigate crises effectively.
- Adaptability to changing regulatory landscapes and evolving risk environments.
Work Hours: 8
Experience: No Requirements
Level of Education: bachelor degree
Job application procedure
Interested and Qualified? Click Here to Apply
All Jobs | QUICK ALERT SUBSCRIPTION
