The Petroleum Authority of Uganda (PAU) is a statutory body established under Section 9 of the Petroleum (Exploration, Development and Production) Act 2013, and in line with the National Oil and Gas Policy for Uganda which was approved in 2008. The mandate of the PAU is to monitor and regulate the exploration, development and production, together with the refining, gas conversion, transportation and storage of petroleum in Uganda. This includes ensuring that petroleum operations in Uganda are carried out in accordance with the relevant laws, regulations, guidelines, statutes and in line with international best practice for the petroleum industry.
The Petroleum Authority of Uganda now invites applications from qualified Ugandans who fully meet the required job specifications and with the right personal attributes to occupy the following positions in the Authority’s established structure.
PAU/ICTD/083/300: MANAGER ICT SECURITY (01 VACANCY)
JOB SUMMARY
Manager ICT Security will be responsible to and report to the Director ICT and Data Management. He/she will be responsible for implementation of Enterprise Risk Management and Compliance, Business Continuity and Disaster Recovery Systems, ICT Security Controls and ensure Confidentiality, Availability and Integrity (CIA) of systems and creation of secure integration and external linkages to other E-Government Systems. He/ She will be responsible for ensuring controls are inbuilt in ICT and Data Management systems, software development, Internal Capacity building, governance, management, implementation of security monitoring and control framework to address the Authority’s information technology security risks, prevent unauthorized access to the Organization’s ICT Infrastructure, Systems Applications and data/information; and regular reporting on the threats landscape. .

KEY DUTIES AND RESPONSIBILITIES:
(a) Develop and implement the ICT Security and Compliance strategy that is aligned to overall organization strategy.
(b) Coordinate the secure integration and external linkages to other E-Government Systems.
(c) Develop, refine, maintain and implement enterprise-wide Information Security and Risk policies, procedures and standards to meet compliance responsibilities.
(d) Coordinate the design and implementation of disaster recovery system, Data Backups, business continuity planning, testing of the systems.
(e) Coordinate the development and maintenance of a comprehensive ICT and Data Management risk register.
(f) Implement, maintain and monitor the information technology security architecture consistent with relevant laws and international security standards and practices;
(g) Conduct business impact analysis to ensure that key resources both tangible and intangible are adequately protected with proper security measures and controls.
(h) Develop capacity in the use of quantitative and qualitative approaches, Cost-Benefit and risk analysis in ICT risk mitigation and control measures.
(i) Evaluate security risks, identify and define compliance strategies in accordance with policies, standards, guidelines and procedures.
(j) Implement the Data Protection control frameworks for the organization
(k) Coordinate and oversee the processes for software design, development and commissioning to ensure Quality Assurance and security controls are in-built with in
(l) Periodically undertake assessment of the ICT security landscape to identify security gaps/vulnerabilities, recommend control mechanisms;
(m) Review, develop and guide the implementation of security policies and procedures for access management, user activity monitoring, logging, and general security controls;
(n) Supervise the system tuning tasks and database optimization in order to improve the reliability of information technology security solutions;
(o) Coordinate investigations into information technology security violations to facilitate decision making;
(p) Coordinate and supervise the implementation of information security awareness and sensitization programs for staff;
(q) Prepare and submit periodic ICT Security and compliance reports
(r) Plan and manage the performance and development of staff under supervision so as to improve their productivity; and
(s) Perform any other duties as may be assigned from time to time.

QUALIFICATIONS, SKILLS AND EXPERIENCE:
Qualifications
a) Masters’ Degree in Computer Science, Information Technology, information and Network security, Cyber security management, Statistics (Computing option), Software Engineering; Computer Engineering, Management Information System (MIS), Information Systems Security from an internationally recognized University/ Institution.
b) An honors bachelor’s degree in Computer Science; Information Technology; Statistics with computing option; Mathematics with computing option; Business Computing; Commerce (Accounting and IT option); Information Systems, Information Security; Computer Engineering; Software Engineering, from an internationally recognized University or institution.
Experience
a) At least seven years (7) years’ working experience in the design and implementation of enterprise resource planning systems, Risk management and mitigation, systems security and database management, system development, system administration, enterprise security architecture design five (5) of which should have been gained at middle management level from a busy and reputable organization.
b) Demonstrated understanding and familiarity with Business Continuity and Disaster Recovery Planning, Information Systems Security and IT Risk Assessment and Management, Cyber Security, email, access lists and internet, web, application and network security techniques.
c) Demonstrated understanding and experience in conducting Enterprise Risk Assessments and mitigations, Cost Benefit Analyses, and Governance, Risk and Compliance (GRC).
Added advantage
a) Good knowledge of the ICT policies, procedures, standards and Legislations.
b) Good knowledge of software development processes and testing.
c) Professional certification such as; Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Oracle Certified Professional (OCP), Certified Information Systems Auditor (CISA), Certified in Governance and Enterprise IT (CGEIT) COBIT 5, ISO27001 Information Security Management, Project Management Professional (PMP), Data Analytics, and Microsoft Certified Technology Specialist (MCTS).
Character and Competencies
a) Possess excellent project management skills.
b) Good communication and interpersonal skills.
c) Ability to conduct research into enterprise systems, networking issues and products as required.
d) Highly self-motivated and directed, with keen attention to detail.
e) Proven analytical and problem-solving abilities.
f) Ability to effectively prioritize tasks in a high-pressure environment.
g) Strong customer service orientation.

Job Education: Masters’ Degree in Computer Science