JOB DETAILS:

About Organisation:

Guaranty Trust Bank Uganda is one of the leading banks in Africa. They acquired a 70% stake in the Fina Bank group in to enable them enter the East African market. Guaranty Trust Bank (Uganda) Limited is a member Company of Guaranty Trust Bank Holding Co. PLC (GTCO), one of the leading banks in Africa.

Job Summary: This is a Senior management position whose holder is responsible to focuses on security strategies to protect information assets specifically in IT operations, systems, and innovation across the business, and protecting information systems and data from threats.

Key Duties and Responsibilities: This shall involve;

• Reporting on an agreed interval but not less than once per quarter on the following:
• Assessment of the confidentiality, integrity and availability of the information systems in the Bank.
• Detailed exceptions to the approved cyber and technology policies and procedures.
• Assessment of the effectiveness of the approved cybersecurity program.
• All material cyber and technology events that affected the institution during the period.
• Organizing professional cyber related trainings to improve technical proficiency of staff.
• Safeguarding the confidentiality, integrity and availability of information.
• Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to:
• Software and hardware asset inventory;
• Network maps (including boundaries, traffic and data flow); and
• Network utilization and performance data.
• Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
• Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis.
• Decision-making, are clearly defined, documented and communicated to relevant staff.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Safeguarding the confidentiality, integrity and availability of information.
• Design and maintain a functional structure that is best suited and adaptive to the strategy.
• Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.

Qualifications, Skills and Experience:

• Degree in Information Technology, Computer Science, or a related field.
• Certification in ICT Security (e.g., CISA, CISM); Cisco Certified Security Professional (CCSP) and Cisco Certified Network Administrator (CCNA) will be an added advantage.
• A minimum of 8 years’ experience, with at least five (5) at managerial level.
• Familiarity with various network and database monitoring tools.
• Proven experience in a similar role.
• Thorough understanding of networks (LAN/WAN), firewalls, and other ICT security–related vulnerabilities.
• Strong interpersonal and communication skills (both verbal and written).

Technical Competencies

• Information Technology and Information Strategy
• Able to form a clear vision of the long-term direction and shape of the business and the position of IT within it. Aligns technological advances with ongoing organizational development opportunities.
• Able to understand, appreciate and see the bigger picture, and demonstrate their breadth of thinking. Ensures that short term actions align to long term goals for IT and the organization.
• Can use an extremely broad range of influencing approaches, tactics and styles in order to engage effectively with the stakeholder landscape, whilst recognizing the cultural context.
• Naturally inquisitive and successful in researching key issues. Can reflect on what needs to happen next, what might get in the way, and therefore what needs to be put in place to ensure progress. Is aware of what constitutes best practice in the IT sector and strives to deliver this.
• Creates a technology team framework that ensures that tasks are performed by staff members with appropriate capacity and authority level (based on knowledge, skills and competence).
• Effective in establishing appropriate goals and objectives and can ensure that they are delivered on time and within budget.
• Business Analysis
• Assess the organization’s vision, goals, objectives, and strategies to identify the desired future. Can analyses the existing organizational structure, policies, politics, problems, opportunities, technology, etc., to build a compelling business case for change.
• Anticipates internal and or external business challenges and/or regulatory issues and recommends process, product or service improvements.
• Safeguards the ROI of an organization by ensuring the right investments are being made in at the right time for the right reasons
• Project Management
• Inculcates a culture of project management excellence –project leadership, accountability, high-performance teams, customer and market focus, robust solutions, alignment, discipline, speed and quality.
• Implements incentives and metrics to support such agility.
• Product Management
• Expert-level knowledge of product(s): (a) in-depth understanding of global product offering, design, application, positioning within segments, pricing, revenue potential: (b) integration to existing product offering: (c) relationship to complementary, related and competing products, etc.
• Financial Acumen
• Understands financial concepts and terms, can use them to describe events and can incorporate the same in problem solving and decision making.
• Networking Skills
• Continuously builds and strengthens networks for the institution within all spheres of the economy within the region; at all levels of commerce, government, society, etc.
• Is a successful relationship builder who “networks” for “networking sake” where there is not always an immediate outcome in sight. This serves as a key element of their role in managing and utilizing strategic alliances and partnerships.

Behavioral Competencies

• Emotional Intelligence
• Knows own strengths and limits; aware of own emotions and the effect they have on others and has the self-control to keep disruptive emotions and impulses in check.
• Social Cross-Cultural Awareness
• Interacts with people (colleagues, customers, stakeholders and the public at large) in different social and cultural environments, showing respect and positive regard for them in an ethical and appropriate that are consistently with the values of the organization.
• Agile
• Able to change plans, methods, opinions or goals in light of new information, with the readiness to act on opportunities. Highly effective in adapting to differing environments.
• Inculcates a digital mind-set in the organization, institutionalizing cross functional collaboration, flattening hierarchies, devolving decision making to smaller teams, and building environments that creatively partnering with external companies to extend necessary capabilities to encourage the generation of new ideas and developing more iterative and rapid ways of doing things.
• Implements incentives and metrics to support such agility.
• Self-Development
• Have a strategic approach to personal and professional development actively seeking feedback from others to which they will respond by establishing self-development goals.
• Seek to experience a range of relevant career opportunities in the context of a long term plan enabling them to deliver the truly outstanding contribution required.

All interested candidates should send their application including cover letter, CV, and academic documents to the Head of Human Resources, Guaranty Trust Bank Uganda by hand delivery