dfcu Bank is a fast-growing Bank in Uganda offering a wide range of financial solutions to its chosen market segments. We are seeking to recruit for the vacancy of IT Security Specialist- Infrastructure in the Operations (COO) Domain. Details are as below:
Reporting to: IT Security, Standards and Architecture Manager

Job Purpose:
Reporting to the IT Security, Standards and Architecture Manager, the role holder will be responsible for providing technical support in the Business Technology (BT) unit in order to enhance systems, applications and networks security focusing on the security administration of the network infrastructure, servers, network equipment, and software applications in the data centres.

The IT Security Specialist shall have the ability to apply cyber security and privacy principles to organisational requirements (relevant confidentiality, integrity, availability, authentication, non-repudiation). They shall work with technical teams and service providers to assess, identify, and provide appropriate security mechanisms and solutions to be integrated into the Bank’s systems operations and make recommendations for implementation.
Location: Kampala

Key Accountabilities:
• Provide IT security technical support during the development, implementation, and maintenance of IT projects.
• Implement and enforce security requirements for all mission critical applications in accordance with the Cyber security and Resilience framework.
• Coordinate with the Cyber Defence Specialist to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications).
• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Identify potential conflicts with implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
• Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise, and document and maintain records for them.
• To spearhead development and enhancement of a security information and event management (SIEM) framework for the Bank to facilitate proactive responses to security concerns.
• To monitor and ensure that IT security management controls are correctly implemented and are continuously updated to meet emerging threats.
• Contribute to the development and implementation of a robust IT Service Continuity and Disaster Recovery Plan for all critical IT services.
• Support the IT management in developing and implementing appropriate IT policies, procedures, and guidelines such as SLA management, IT Security, Change management.
• Enforce the adoption of a Security Development Lifecycle (SDL) for the internal software development processes for all business applications to ensure security compliance while reducing development costs.
• Contribute to the development of an Information Technology (IT) Risk Management Framework in liaison with the Risk Management department.
• Provide technical support and guidance in the configuration of security tools such as firewalls, anti-virus software, patch management systems, etc.
• Respond immediately to security incidents and provide post-incident analysis.
• Work with CCIO team to ensure systems and applications are developed per security standards.
• Carry out Systems security tests.

Qualifications, Experience and Competencies Required
• A minimum qualification of a Bachelor’s Degree in Computer Science, Information Technology, or a related numerical Sciences Degree.
• A Master’s Degree specializing in Digital Security would be an added advantage.
• Professional digital security certifications in relevant technologies such as Cisco, Microsoft, CISSP, Unix / Linux will be an added advantage.
• At least 5 years’ experience in a systems / network administration role.
• Work experience in a banking industry will be an added advantage.
• Experience and qualifications in Ethical Hacking.
• Working Knowledge of systems architecture and systems development.
• Knowledge and experience in Applications penetrations testing.
• Skills and training in internet applications design and security.
• Experience with Web Application Firewalls.
• Knowledge and Experience in Cyber Defense techniques and technologies.
• Experience in UNIX and Windows server administration is an added advantage.
• Technical skills in Unix and Windows and Python scripting skills.
• A demonstrated experience in writing technical reports and management reports for stakeholders is a must.
• Must possess above average problem-solving skills, organization skills and excellent communication skills.
• Considered an out of the box thinker and displays a willingness to learn.
• Ability to maintain robust stakeholder engagements, a strong work ethic, and is a team player with the ability to work well independently.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Strategic Perspective – Establish priorities, challenging goals, and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviours are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.