Information Security & Risk Manager at KCB Bank Uganda
- Company: KCB Bank Uganda
- Location: Uganda
- State: Uganda
- Job type: Full-Time
- Job category: IT/Telecom Jobs in Uganda
Job Description
Reporting to the Head of Information Technology, the role will be responsible for maintaining and enhancing the security policies and standards to ensure all issues of security, risk and performance are fully addressed and to provide Information Security services to the Bank (e.g., Unauthorized access, cyber-attacks, etc.). The incumbent will also be tasked with upholding confidentiality, integrity, and availability of the information technology environment by ensuring responsibility for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and proactive compliance with industry regulations related to information security.
KEY RESPONSIBILITIES
IT Security Management:
- Protects systems by defining access privileges, control structures, and resources.
- Define, Implement, and maintain policies, procedures, processes, standards, and guidelines for systems security administration and appropriate use.
- Manage and ensure optimal security configurations of all servers/end point OS, Virtual environments, Databases, Middleware, Applications, Networks and end points.
- Conduct research and make recommendations on systems security products, services, protocols, and standards in support of systems security continuous improvements.
- Provide “ownership” of security incidents and problems through final resolution for the Bank’s servers/endpoint OS, Virtual environments, Databases, Middleware and Applications.
- Provide systems security statistics and reports to aid in management decisions.
- Maintain an inventory of security systems hardware and software equipment
- Monitoring of systems security, resolving and escalating incidents appropriately.
- Prepare and maintain systems security documentation and layouts.
- Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
- Determines security violations and inefficiencies by conducting periodic audits.
- Record security incidences registered within the bank
- Carry out security checks to ensure adherence to the security standards
- Inspect the physical environment to identify any breaches in security
- Ensure the bank’s employees are aware of cybersecurity issues, are trained in good cybersecurity practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others.
- Adhere to SLA on TAT user requests
- Respond to calls for assistance to provide IT Security technical support to return programs and systems to operational mode.
IT Risk Management:
- Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
- Oversight of the vulnerability management program.
- Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
- Support the first line to design, implement, and maintain the organization’s cybersecurity plan and perform assurance checks on this plan.
- Perform assessment of security controls and evaluate results relative to risk assessment.
- Work with Information Technology and other business unit stakeholders during project and product development efforts to ensure that appropriate security controls are considered during vendor selection, development efforts and sign-off of security and risk assessments before deployment to production.
- Monitor regulations and technology trends that affect financial institutions. Evaluate compliance and develop plans for compliance with regards to information security. Educate bank employees and act as a champion for compliance throughout the bank.
- Work closely with the Bank Risk Management Department to ensure the integrity of Information Security controls in the business through enforcement of self-assessments (RCSA/KRIs) and giving prompt feedback to the first line of defence. Actively participate in a robust review and challenge process with technology inclined units on their Risk & Control Self Assessments and overall performance.
- Follow up and ensure that all Technology related Internal/External Audit and BOU inspection findings have been fully resolved and that no repeat findings arise in subsequent audits.
- Conduct periodic risk-based Unit assurance reviews to monitor how effective their risk management practices are and recommend for remedial actions where there are control weaknesses.
- Support the bank’s digital strategy by performing the quality assurance role on bank projects while ensuring any risks/threats to the bank’s technology platforms are proactively identified and advised to the Head of IT or Head of Risk.
- Coordination of the bank’s Business Continuity Management activities including review of the Disaster Recovery Plan, testing of this plan and quality assurance of the same. Ensure up to date IT Disaster Recovery runbooks.
- Any other duty as may be assigned by the line manager.
Skills And Requirements:
For the above position, the successful applicant should meet the following criteria;
- Bachelor’s Degree – Information Technology, Computer Science, Computer Engineering, IT security or related field
- Professional Qualifications – (ITIL, CISM, CISA, Security+, CASP, CCNA security or CISSP)
- Certification in Cyber Security
- Microsoft Server Operating Systems, AS400, Linux and UNIX
- Risk Analysis/ Assessment experience
Experience:
- Banking Experience
- Knowledge of Information security policies as well as applicable government regulations
- Ability to influence at senior levels on matters relating to security and information risk
- Systems and network security hands on experience
- Positive attitude towards learning and development demonstrated by a record of continuing professional development
- Application development skills
- Risk Analysis/ Assessment experience
- Security and Cybersecurity
Method of Application
Submit your CV and Application on Company Website : Click HereClosing Date : 10th Oct. 2021