Manager IT Security Governance
2025-03-31T05:15:48+00:00
dfcu Bank
https://www.greatugandajobs.com/jsjobsdata/data/employer/comp_1087/logo/dfcu.jpg
https://www.www.dfcugroup.com/
FULL_TIME
kampala
Kampala
00256
Uganda
Information Technology
Computer & IT
2025-04-09T17:00:00+00:00
Uganda
8
JOB PURPOSE:
Reporting to the Head Information and Cybersecurity, the role holder will be responsible for developing, implementing, and overseeing security policies, frameworks, and strategies to ensure compliance with regulations, alignment with business objectives, and effective risk management across the organization.
KEY ACCOUNTABILITIES:
1. Security policy development and management:
- Develop, implement, and maintain security policies, standards, and guidelines.
- Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.).
- Periodically review and update policies to address evolving risks and technologies.
2. Risk Management:
- Lead department risk assessment process in line with ISO 27001.
- Test the controls identified within the department RCSA and implement identified gaps.
- Develop and oversee risk treatment plans to mitigate identified vulnerabilities.
- Facilitate regular risk assessments and track the resolution of high-priority risks.
3. Regulatory Compliance:
- Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
- Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues.
- Monitor changes in relevant regulations and update governance practices accordingly.
4. Security framework Implementation:
- Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate.
- Establish and maintain an Information Security Management System (ISMS) for structured governance.
5. Metrics and Reporting:
- Automation of the information security reporting dashboard and management of update of the same.
- Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status.
6. Governance Committees and Stakeholder Engagement:
- Participate in security governance committees, ensuring cross-functional alignment on security goals.
- Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance.
8. Incident and Crisis Management Oversight:
- Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements.
- Ensure lessons learned from incidents are integrated into governance improvements.
9. Training and Awareness Programs:
- Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices.
10. Continuous Improvement:
- Develop and refine the organization’s long-term information security strategy.
- Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively.
- Benchmark the bank’s information security program against industry best practices.
KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:
- Minimum: Bachelor’s degree in computer science, Information Technology, or a related field.
- Preferred: Master’s degree specializing in Digital Security.
- Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent.
- Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment.
- Information security framework implementation and audit knowledge. For example, ISO 27001 framework.
- PCI -DSS standard implementation knowledge.
- System Security Assessments
- Team leadership skills and stakeholder management
- Strategic & Analytical thinking
Security policy development and management: Develop, implement, and maintain security policies, standards, and guidelines. Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.). Periodically review and update policies to address evolving risks and technologies. 2. Risk Management: Lead department risk assessment process in line with ISO 27001. Test the controls identified within the department RCSA and implement identified gaps. Develop and oversee risk treatment plans to mitigate identified vulnerabilities. Facilitate regular risk assessments and track the resolution of high-priority risks. 3. Regulatory Compliance: Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024. Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues. Monitor changes in relevant regulations and update governance practices accordingly. 4. Security framework Implementation: Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate. Establish and maintain an Information Security Management System (ISMS) for structured governance. 5. Metrics and Reporting: Automation of the information security reporting dashboard and management of update of the same. Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status. 6. Governance Committees and Stakeholder Engagement: Participate in security governance committees, ensuring cross-functional alignment on security goals. Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance. 8. Incident and Crisis Management Oversight: Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements. Ensure lessons learned from incidents are integrated into governance improvements. 9. Training and Awareness Programs: Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices. 10. Continuous Improvement: Develop and refine the organization’s long-term information security strategy. Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively. Benchmark the bank’s information security program against industry best practices.
Minimum: Bachelor’s degree in computer science, Information Technology, or a related field. Preferred: Master’s degree specializing in Digital Security. Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent. Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment. Information security framework implementation and audit knowledge. For example, ISO 27001 framework. PCI -DSS standard implementation knowledge. System Security Assessments Team leadership skills and stakeholder management Strategic & Analytical thinking
JOB-67ea250424f37
Vacancy title:
Manager IT Security Governance
[Type: FULL_TIME, Industry: Information Technology, Category: Computer & IT]
Jobs at:
dfcu Bank
Deadline of this Job:
Wednesday, April 9 2025
Duty Station:
kampala | Kampala | Uganda
Summary
Date Posted: Monday, March 31 2025, Base Salary: Not Disclosed
Similar Jobs in Uganda
Learn more about dfcu Bank
dfcu Bank jobs in Uganda
JOB DETAILS:
JOB PURPOSE:
Reporting to the Head Information and Cybersecurity, the role holder will be responsible for developing, implementing, and overseeing security policies, frameworks, and strategies to ensure compliance with regulations, alignment with business objectives, and effective risk management across the organization.
KEY ACCOUNTABILITIES:
1. Security policy development and management:
- Develop, implement, and maintain security policies, standards, and guidelines.
- Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.).
- Periodically review and update policies to address evolving risks and technologies.
2. Risk Management:
- Lead department risk assessment process in line with ISO 27001.
- Test the controls identified within the department RCSA and implement identified gaps.
- Develop and oversee risk treatment plans to mitigate identified vulnerabilities.
- Facilitate regular risk assessments and track the resolution of high-priority risks.
3. Regulatory Compliance:
- Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
- Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues.
- Monitor changes in relevant regulations and update governance practices accordingly.
4. Security framework Implementation:
- Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate.
- Establish and maintain an Information Security Management System (ISMS) for structured governance.
5. Metrics and Reporting:
- Automation of the information security reporting dashboard and management of update of the same.
- Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status.
6. Governance Committees and Stakeholder Engagement:
- Participate in security governance committees, ensuring cross-functional alignment on security goals.
- Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance.
8. Incident and Crisis Management Oversight:
- Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements.
- Ensure lessons learned from incidents are integrated into governance improvements.
9. Training and Awareness Programs:
- Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices.
10. Continuous Improvement:
- Develop and refine the organization’s long-term information security strategy.
- Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively.
- Benchmark the bank’s information security program against industry best practices.
KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:
- Minimum: Bachelor’s degree in computer science, Information Technology, or a related field.
- Preferred: Master’s degree specializing in Digital Security.
- Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementer or Lead Auditor equivalent.
- Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment.
- Information security framework implementation and audit knowledge. For example, ISO 27001 framework.
- PCI -DSS standard implementation knowledge.
- System Security Assessments
- Team leadership skills and stakeholder management
- Strategic & Analytical thinking
Work Hours: 8
Experience in Months: 36
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
All Jobs | QUICK ALERT SUBSCRIPTION
