I&M Bank Uganda is a commercial bank headquartered at Kingdom Kampala with a growing regional presence. The Bank offers a wide range of commercial banking and financial products and services, and prides itself on introducing innovative products and services based on the needs of its customers. We are seeking to recruit a competent and highly motivated individual with extensive experience and abilities to support business growth in the following position:

JOB PURPOSE
The Manager, IT Risk will manage the delivery of the Information Technology risk management framework. She/he will manage the process of independent IT risk assessment and reporting. He/ She will be responsible for resolving challenging issues and for managing multiple issues to completion. Typically, someone in this position is responsible for a mixture of ongoing day-to-day Risk Management responsibilities, ad hoc requests and issues, and some long-term initiatives.

KEY RESPONSIBILITIES:
• Conduct Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements, and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Perform periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.
• Identifying and evaluating business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Providing guidance over the general activities and concerns of the organization’s information technology function including governance, policy, control design, general operational effectiveness, and internal controls.
• Liaise and coordinate with respective BROMs, review IT risk and control self-assessments.
• Creation and monitoring of IT key risk indicators.
• Monitoring and tracking IT risk events and following up associated actions plans to closure. Work with control owners to ensure control accuracy and remediate any issues related to control exceptions.
• Identification and analysis of emerging IT risks.
• Preparing management / executive reporting on IT Risks.

KEY PERFORMANCE INDICATORS:
• Effectiveness of risk policies in mitigating fraud and other loss events
• Alignment of growth opportunities with pre-set risk-return standards
• Maturity on the implementation of the risk management framework
• Achievement of risk management implementation plan
• Proactive identification of emerging risks
• Quality of credit portfolio
• High internal and external customer satisfaction index
• External rating ccompliance with internal and external policies and regulations

Minimum Education Qualification:
1. BA or BS in Management Information Systems, Computer Science, or Engineering, or equivalent experience required.
2. Possesses one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.

Work Experience:
• Minimum of 7 years’ experience in IT, IT Risk Management, or IT Audit.
• 2-3 years demonstrated in an IT security related role, information systems within governance, risk, Audit, and compliance role.
• Demonstrates proven success in a role that emphasizes the following: IT Risk Management, Governance and / or Technical Privacy.
• Demonstrates domain knowledge of IT infrastructure, application development / SDLC and / or information security.

Required Competencies (Knowledge, Skills & Abilities)
• Ability to effectively manage multiple competing priorities.
• This position requires strong organizational skills, resourcefulness, good judgment, persistence and follow through, and the ability to influence and “effectively challenge” others.
• Demonstrates an ability to work in a collaborative environment and influence others.
• Strong project management skillset.
• Detail oriented and strong communication skills.
• Industry experience in financial services preferred.