Job Summary

To support the Information Risk Management function in protecting Absa Bank Uganda’s information assets by assisting in the implementation, monitoring, and enforcement of controls across Records Management, Data Privacy, and Logical Access Management.

The role aims to build foundational expertise in managing information risk, ensuring compliance with regulatory requirements, and promoting a strong risk-aware culture within the bank.

The apprentice will contribute to maintaining confidentiality, integrity, and availability of information while gaining hands-on experience in banking risk management frameworks, governance processes, and control environments.

Job Description

Logical Access Mgt

Outputs:

• Assist in the timely and accurate provisioning of system access based on approved requests.
• Support periodic user access reviews (UAR) across critical banking systems.
• Assist business owners in validating appropriate access rights.
• Track, document, and follow up on access review exceptions and remediation actions.
• Maintain evidence of completed recertification exercises for audit purposes.
• Assist in identifying and flagging potential segregation of duties conflicts
• Assist in monitoring and controlling privileged (high-risk) accounts.
• Ensure privileged access is granted only with appropriate approvals and justification.
• Support periodic review of administrator and super-user accounts
• Ensure access management activities comply with Absa Group policies and regulatory requirements.
• Assist in identifying control gaps and recommending improvements.
• Support initiatives to improve automation and efficiency in access management processes
• Contribute to enhancing control effectiveness and operational resilience.

Data Privacy

Outputs:

• Assist in ensuring compliance with the Uganda Data Protection and Privacy Act, 2019, Bank of Uganda guidelines, and Absa Group policies.
• Support implementation of data privacy frameworks, standards, and controls across business units.
• Support implementation of data privacy principles and controls across business units.
• Assist in maintaining the Record of Processing Activities (RoPA).
• Participating in Data Protection Impact Assessments (DPIAs).
• Support handling of data subject rights requests (access, correction, deletion).
• Assist in tracking and reporting data breaches and privacy incidents.
• Monitor compliance of third-party data processors with privacy requirements.

Records Management

Outputs:

• Assist in implementing and maintaining compliance with records management policies, standards, and procedures.
• Maintain and update records inventories and classification registers.
• Support implementation of records retention and disposal schedules.
• Assist in ensuring secure storage, archival, retrieval, and destruction of records.
• Participate in records management audits and compliance reviews.
• Support awareness initiatives to promote proper records handling practices

Continuous Learning & Improvement

• Actively develop knowledge in information security, data privacy, and risk management.
• Stay informed about emerging risks, regulatory changes, and industry best practices.
• Contribute to process improvements and efficiency initiatives within the IRM function.

Technical Skills & Competencies

Preferred

• Detailed Basic understanding of: Information Security & Risk Management principles, Data Protection and Privacy laws, IT access controls and identity management
• Familiarity with: Microsoft Office (Excel, Word, PowerPoint), Document/records management systems, Access management tools (entry-level exposure)
• High level of integrity and confidentiality
• Strong attention to detail
• Good analytical and problem-solving skills
• Effective communication and interpersonal skills
• Willingness to learn and adapt in a regulated environment

Key Success Measures / Key Performance Indicators

• Accuracy and timeliness of access user management
• Reduction in unauthorized or excessive access risk
• Timely and accurate handling of data subject requests
• Accuracy and completeness of records inventories
• Compliance with retention and disposal requirements
• Efficiency in records retrieval and archival processes
• Reduction in records-related audit findings

Experience and Qualifications

Essentials

• Bachelor’s degree in: Information Technology, Information & Cyber Security, Records & Archives Management or related field.
• Knowledge of a variety of software, hardware and operating systems
• Knowledge of data protection laws in Uganda is an added advantage

Requirements;

Degree Classification:

• First Class or Second-Class Upper

O’Level Results:

• Credit or higher in both Mathematics and English

A’Level Results:

• At least two principal passes

Year of graduation:

• Should have graduated between 2024 to 2026

Education

Higher Certificates and Advanced National (Vocational) Certificates: Business, Commerce and Management Studies (Required)