Manager IT Security Governance job at dfcu Bank
New
Website :
2 Days Ago
Linkedid Twitter Share on facebook
Manager IT Security Governance
2025-03-31T05:15:48+00:00
dfcu Bank
https://www.greatugandajobs.com/jsjobsdata/data/employer/comp_1087/logo/dfcu.jpg
FULL_TIME
 
kampala
Kampala
00256
Uganda
Information Technology
Computer & IT
UGX
 
MONTH
2025-04-09T17:00:00+00:00
 
Uganda
8

JOB PURPOSE:

Reporting to the Head Information and Cybersecurity, the role holder will be responsible for developing, implementing, and overseeing security policies, frameworks, and strategies to ensure compliance with regulations, alignment with business objectives, and effective risk management across the organization.

KEY ACCOUNTABILITIES:

1. Security policy development and management:

  • Develop, implement, and maintain security policies, standards, and guidelines.
  • Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.).
  • Periodically review and update policies to address evolving risks and technologies.

2. Risk Management:

  • Lead department risk assessment process in line with ISO 27001.
  • Test the controls identified within the department RCSA and implement identified gaps.
  • Develop and oversee risk treatment plans to mitigate identified vulnerabilities.
  • Facilitate regular risk assessments and track the resolution of high-priority risks.

3. Regulatory Compliance:

  • Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
  • Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues.
  • Monitor changes in relevant regulations and update governance practices accordingly.

4. Security framework Implementation:

  • Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate.
  • Establish and maintain an Information Security Management System (ISMS) for structured governance.

5. Metrics and Reporting:

  • Automation of the information security reporting dashboard and management of update of the same.
  • Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status.

6. Governance Committees and Stakeholder Engagement:

  • Participate in security governance committees, ensuring cross-functional alignment on security goals.
  • Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance.

8. Incident and Crisis Management Oversight:

  • Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements.
  • Ensure lessons learned from incidents are integrated into governance improvements.

9. Training and Awareness Programs:

  • Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices.

10. Continuous Improvement:

  • Develop and refine the organization’s long-term information security strategy.
  • Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively.
  • Benchmark the bank’s information security program against industry best practices.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

  • Minimum: Bachelor’s degree in computer science, Information Technology, or a related field.
  • Preferred: Master’s degree specializing in Digital Security.
  • Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent.
  • Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment.
  • Information security framework implementation and audit knowledge. For example, ISO 27001 framework.
  • PCI -DSS standard implementation knowledge.
  • System Security Assessments
  • Team leadership skills and stakeholder management
  • Strategic & Analytical thinking
Security policy development and management: Develop, implement, and maintain security policies, standards, and guidelines. Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.). Periodically review and update policies to address evolving risks and technologies. 2. Risk Management: Lead department risk assessment process in line with ISO 27001. Test the controls identified within the department RCSA and implement identified gaps. Develop and oversee risk treatment plans to mitigate identified vulnerabilities. Facilitate regular risk assessments and track the resolution of high-priority risks. 3. Regulatory Compliance: Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024. Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues. Monitor changes in relevant regulations and update governance practices accordingly. 4. Security framework Implementation: Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate. Establish and maintain an Information Security Management System (ISMS) for structured governance. 5. Metrics and Reporting: Automation of the information security reporting dashboard and management of update of the same. Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status. 6. Governance Committees and Stakeholder Engagement: Participate in security governance committees, ensuring cross-functional alignment on security goals. Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance. 8. Incident and Crisis Management Oversight: Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements. Ensure lessons learned from incidents are integrated into governance improvements. 9. Training and Awareness Programs: Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices. 10. Continuous Improvement: Develop and refine the organization’s long-term information security strategy. Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively. Benchmark the bank’s information security program against industry best practices.
 
Minimum: Bachelor’s degree in computer science, Information Technology, or a related field. Preferred: Master’s degree specializing in Digital Security. Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent. Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment. Information security framework implementation and audit knowledge. For example, ISO 27001 framework. PCI -DSS standard implementation knowledge. System Security Assessments Team leadership skills and stakeholder management Strategic & Analytical thinking
bachelor degree
36
JOB-67ea250424f37

Vacancy title:
Manager IT Security Governance

[Type: FULL_TIME, Industry: Information Technology, Category: Computer & IT]

Jobs at:
dfcu Bank

Deadline of this Job:
Wednesday, April 9 2025

Duty Station:
kampala | Kampala | Uganda

Summary
Date Posted: Monday, March 31 2025, Base Salary: Not Disclosed

Similar Jobs in Uganda
Learn more about dfcu Bank
dfcu Bank jobs in Uganda

JOB DETAILS:

JOB PURPOSE:

Reporting to the Head Information and Cybersecurity, the role holder will be responsible for developing, implementing, and overseeing security policies, frameworks, and strategies to ensure compliance with regulations, alignment with business objectives, and effective risk management across the organization.

KEY ACCOUNTABILITIES:

1. Security policy development and management:

  • Develop, implement, and maintain security policies, standards, and guidelines.
  • Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.).
  • Periodically review and update policies to address evolving risks and technologies.

2. Risk Management:

  • Lead department risk assessment process in line with ISO 27001.
  • Test the controls identified within the department RCSA and implement identified gaps.
  • Develop and oversee risk treatment plans to mitigate identified vulnerabilities.
  • Facilitate regular risk assessments and track the resolution of high-priority risks.

3. Regulatory Compliance:

  • Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
  • Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues.
  • Monitor changes in relevant regulations and update governance practices accordingly.

4. Security framework Implementation:

  • Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate.
  • Establish and maintain an Information Security Management System (ISMS) for structured governance.

5. Metrics and Reporting:

  • Automation of the information security reporting dashboard and management of update of the same.
  • Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status.

6. Governance Committees and Stakeholder Engagement:

  • Participate in security governance committees, ensuring cross-functional alignment on security goals.
  • Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance.

8. Incident and Crisis Management Oversight:

  • Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements.
  • Ensure lessons learned from incidents are integrated into governance improvements.

9. Training and Awareness Programs:

  • Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices.

10. Continuous Improvement:

  • Develop and refine the organization’s long-term information security strategy.
  • Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively.
  • Benchmark the bank’s information security program against industry best practices.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

  • Minimum: Bachelor’s degree in computer science, Information Technology, or a related field.
  • Preferred: Master’s degree specializing in Digital Security.
  • Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent.
  • Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment.
  • Information security framework implementation and audit knowledge. For example, ISO 27001 framework.
  • PCI -DSS standard implementation knowledge.
  • System Security Assessments
  • Team leadership skills and stakeholder management
  • Strategic & Analytical thinking

 

Work Hours: 8

Experience in Months: 36

Level of Education: bachelor degree

Job application procedure
Interested in applying for this job? Click here to submit your application now.

All Jobs | QUICK ALERT SUBSCRIPTION

Job Info
Job Category: Computer/ IT jobs in Uganda
Job Type: Full-time
Deadline of this Job: Wednesday, April 9 2025
Duty Station: kampala | Kampala | Uganda
Posted: 31-03-2025
No of Jobs: 1
Start Publishing: 31-03-2025
Stop Publishing (Put date of 2030): 31-03-2066
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.