JOB DETAILS:

Bank of Baroda (Uganda) Limited invites applications for employment on Contractual basis from suitably qualified Ugandan Citizens willing to serve at our Head Office, Kampala for the position Chief Information Security Officer (CISO).

Job Responsibilities:
➢ To oversee and implement the bank’s cybersecurity program and enforcing the cyber and technology policy.
➢ To ensure that the bank maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships.
➢ To ensure that information systems meet the needs of the Bank, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the Bank.
➢ To design cybersecurity controls with the consideration of users at all levels of the organization, including internal and external users.
➢ To organize professional cyber related trainings to improve technical proficiency of staff.
➢ To ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
➢ To ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
➢ To review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
➢ To review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
➢ To prepare various periodical reports to the Executive Director regarding assessment of confidentiality, integrity, and availability of information systems, exceptions of approved to the approved cyber and technology policies and procedure, assessment of effectiveness of cyber security programs and all material cyber and security events in the bank.
➢ To ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
➢ To incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
➢ To ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
➢ To ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
➢ To continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the Bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
➢ To safeguard the confidentiality, integrity and availability of information.

Qualification:

1. University Graduate with minimum of a Bachelor’s degree in the field of Compute Science, Information Technology, Information Security or related fields from an accredited university.
2. Candidates with certifications like Certified Information Systems Security Professional (CISSP), Certified Security Manager (CISM) or Certified Information Systems Auditor (CISA) qualification may be given preference.
3. Experiences, preferably in a banking environment.
4. Working knowledge of IFRS, Ugandan tax legislation, and Financial Institutions Act (FIA) 2004.

Requirements:
Applicant should possess good experience in cyber security management, risk governance and strategic risk in technology and innovation.

Experience:
• Five (5) years post-qualification experience, preferably in banking sector in Uganda.
• Risk management, regulatory compliance, security frame work i.e. NIST, ISO 27001 and business continuity planning
• Strong leadership and team management capabilities
• Ability to influence and collaborate with Board members, senior management and cross functional team
• Exceptional analytical skills to evaluate and prioritize risk based or potential impact.
• Excellent communication and presentation skills to convey complex risk concept to diverse audiences.
• High ethical standards and integrity

Age:
Preferably -35- years. However, Management reserves the right for determining the age criteria even below/beyond -35- years keeping in view the experience / qualifications etc