Information Security & Risk Manager at KCB Bank Uganda
Website :
919 Days Ago
Linkedid Twitter Share on facebook

Vacancy title:
Information Security & Risk Manager

[ Type: FULL TIME , Industry: Banking , Category: Computer & IT ]

Jobs at:

KCB Bank Uganda

Deadline of this Job:
04 October 2021  

Duty Station:
Within Uganda , Kampala , East Africa

Summary
Date Posted: Tuesday, September 21, 2021 , Base Salary: Not Disclosed


JOB DETAILS:
Job Purpose:
Reporting to the Head of Information Technology, the role will be responsible for maintaining and enhancing the security policies and standards to ensure all issues of security, risk and performance are fully addressed and to provide Information Security services to the Bank (e.g., Unauthorized access, cyber-attacks, etc.). The incumbent will also be tasked with upholding confidentiality, integrity, and availability of the information technology environment by ensuring responsibility for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and proactive compliance with industry regulations related to information security.

KEY RESPONSIBILITIES
IT Security Management:
• Protects systems by defining access privileges, control structures, and resources.
• Define, Implement, and maintain policies, procedures, processes, standards, and guidelines for systems security administration and appropriate use.
• Manage and ensure optimal security configurations of all servers/end point OS, Virtual environments, Databases, Middleware, Applications, Networks and end points.
• Conduct research and make recommendations on systems security products, services, protocols, and standards in support of systems security continuous improvements.
• Provide “ownership” of security incidents and problems through final resolution for the Bank’s servers/endpoint OS, Virtual environments, Databases, Middleware and Applications.
• Provide systems security statistics and reports to aid in management decisions.
• Maintain an inventory of security systems hardware and software equipment
• Monitoring of systems security, resolving and escalating incidents appropriately.
• Prepare and maintain systems security documentation and layouts.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Determines security violations and inefficiencies by conducting periodic audits.
• Record security incidences registered within the bank
• Carry out security checks to ensure adherence to the security standards
• Inspect the physical environment to identify any breaches in security
• Ensure the bank’s employees are aware of cybersecurity issues, are trained in good cybersecurity practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others.
• Adhere to SLA on TAT user requests
• Respond to calls for assistance to provide IT Security technical support to return programs and systems to operational mode.
IT Risk Management:
• Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
• Oversight of the vulnerability management program.
• Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
• Support the first line to design, implement, and maintain the organization’s cybersecurity plan and perform assurance checks on this plan.
• Perform assessment of security controls and evaluate results relative to risk assessment.
• Work with Information Technology and other business unit stakeholders during project and product development efforts to ensure that appropriate security controls are considered during vendor selection, development efforts and sign-off of security and risk assessments before deployment to production.
• Monitor regulations and technology trends that affect financial institutions. Evaluate compliance and develop plans for compliance with regards to information security. Educate bank employees and act as a champion for compliance throughout the bank.
• Work closely with the Bank Risk Management Department to ensure the integrity of Information Security controls in the business through enforcement of self-assessments (RCSA/KRIs) and giving prompt feedback to the first line of defence. Actively participate in a robust review and challenge process with technology inclined units on their Risk & Control Self Assessments and overall performance.
• Follow up and ensure that all Technology related Internal/External Audit and BOU inspection findings have been fully resolved and that no repeat findings arise in subsequent audits.
• Conduct periodic risk-based Unit assurance reviews to monitor how effective their risk management practices are and recommend for remedial actions where there are control weaknesses.
• Support the bank’s digital strategy by performing the quality assurance role on bank projects while ensuring any risks/threats to the bank’s technology platforms are proactively identified and advised to the Head of IT or Head of Risk.
• Coordination of the bank’s Business Continuity Management activities including review of the Disaster Recovery Plan, testing of this plan and quality assurance of the same. Ensure up to date IT Disaster Recovery runbooks.
• Any other duty as may be assigned by the line manager.

Skills And Requirements:
For the above position, the successful applicant should meet the following criteria;
• Bachelor’s Degree - Information Technology, Computer Science, Computer Engineering, IT security or related field
• Professional Qualifications - (ITIL, CISM, CISA, Security+, CASP, CCNA security or CISSP)
• Certification in Cyber Security
• Microsoft Server Operating Systems, AS400, Linux and UNIX
• Risk Analysis/ Assessment experience

Experience:
• Banking Experience
• Knowledge of Information security policies as well as applicable government regulations
• Ability to influence at senior levels on matters relating to security and information risk
• Systems and network security hands on experience
• Positive attitude towards learning and development demonstrated by a record of continuing professional development
• Application development skills
• Risk Analysis/ Assessment experience
• Security and Cybersecurity

Work Hours: 8


Experience in Months: 36

Level of Education:
Bachelor Degree

 

{module 317}

Job application procedure
If your career ambitions match the requirements of this exciting career opportunity, please visit our website https://ug.kcbgroup.com/about/careers and use the link below to log in to our Recruitment portal to submit your application with a detailed CV. Your cover letter should explain what you believe you can offer KCB Bank Uganda. Only shortlisted candidates will be contacted.
To be considered your application must be received by Wednesday, 4th October 2021.


All Jobs

QUICK ALERT SUBSCRIPTION

{module 321}

Job Info
Job Category: Computer/ IT jobs in Uganda
Job Type: Full-time
Deadline of this Job: 04 October 2021
Duty Station: Uganda
Posted: 21-09-2021
No of Jobs: 1
Start Publishing: 22-09-2021
Stop Publishing (Put date of 2030): 21-09-2065
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.