JOB DETAILS:

1. 1. CYBER SECURITY OFFICER
   2. This position reports directly to the Head of I.T and will be based at Head Office.
   3. Role of the Job:
   4. Responsible for enforcing compliance to all aspects of computer, network, and Information security in Yako Bank. The job entails operationalizing of the Cyber Security Strategy, Policies, Standards, Procedures, Methods, best practices, architecture and systems to protect the Bank’s data and ICT systems from Cyber threats while evaluating the Bank’s ICT environment and data processing to ensure compliance to applicable standards & laws and relevance with industry security norms.
   5. Key Result Areas:

1. ▪ Implement, maintain and monitor Yako Bank’s Cyber Security Strategy and participation in the design and implementation of up-to-date IT standards, policies, guidelines and appropriate architectural principles to ensure the Yako Bank IT Security goals continue to be met
2. ▪ Manage the Bank’s IT Security systems and tools, e.g. firewalls, data protection controls, log analyzers, end-point-security, patching, encryption, vulnerability scanning and pen testing etc. ensuring that they are used optimally, including, monitoring and enforcing security access procedures to the Bank’s Information Technology Systems and networks.
3. ▪ Monitor the network and systems for suspicious activity, including attempted
4. ▪ unauthorized access, malware, and other cyber threats
5. ▪ Research, evaluate, design, test, recommend and/or plan technological upgrade
6. ▪ improvements and major changes to the IT Security environment, and analyze their
7. ▪ impact on the existing environment, while overseeing their proper deployment,
8. ▪ configuration, and functioning.
9. ▪ Identity and Access Management: Develop and implement identity and access
10. ▪ management policies and procedures to control user access to sensitive data and systems
11. ▪ Providing training to IT Security personnel and IT Security Awareness trainings to Yako Bank.
12. ▪ personnel as per established IT security training programs to promote good security
13. ▪ hygiene.
14. ▪ Serve as the department’s representative to support IT security & operational audits by
15. ▪ Yako Bank’s internal assurance functions or third-parties to ensure the Bank maintains a strong security posture including ensuring that service-level agreements with outsourced ICT security services providers are enforced.
16. ▪ Enforce the Bank’s ICT Change and Incident management activities and processes ensuring that they are in line with the approved IT Policies.
17. ▪ Work with ICT staffs to ensure that all Audit, Risk, Vulnerability & compliance findings
18. ▪ are appreciated and closed in time.
19. ▪ Enforce the day-to-day activities of threat and vulnerability management, identify risk
20. ▪ tolerances, recommend and support implementation of treatment plans
21. ▪ Provide guidance during security incidents and investigations, ensuring root-cause
22. ▪ analysis is undertaken and input suggested approaches to deal with lessons identified
23. ▪ Ensure that systems and the information within them comply with the Data-Protection and-Privacy-Act-2019 of Uganda and other relevant legal and regulatory requirements.
24. ▪ Work with the IT team to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, Software’s and 3rd party connections before being introduced into the ICT environment in compliance with current Security Policies
25. ▪ Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations
26. ▪ Support the Manager Cyber Security in developing and planning of the IT Security section’s annual Budgets and work plans and execution of the same.
28. Minimum educational and technical competence requirements:
29. ▪ Bachelor’s degree in Computer Science, Information Technology or other relevant degree from a recognized University and any certification in Systems, Databases or Networks
30. ▪ Minimum of 2 years’ experience in an organization of at least the same nature preferably a, Financial institution, Government institution, Telecom institution or a consulting firm
31. ▪ Have well-developed IT skills and experience in related jobs in IT, such as a network
32. ▪ engineer/Administrator, a database administrator, a systems analyst, applications developer, IT auditing, IT risk analyst, etc.
33. ▪ Professional IT Security Certifications / Trainings e.g. CISSP, CEH, CCSP, MSCE, CISA, CISM, NSE etc. and Network certifications e.g. CCNA, CCNP are an added advantage
34. ▪ Must have excellent verbal and written communication skills and excellent interpersonal skills with the ability.
35. ▪ Knowledge and understanding of the Data-Protection-and-Privacy-Act-2019 of Uganda and
36. ▪ other relevant legal and regulatory requirements.
37. ▪ Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
38. ▪ Ability to understand and assess technology systems and applications from both a technical and business function perspective
39. ▪ Understanding of information security principles and best practices (e.g., ISO27001/2,
40. ▪ COBIT, NIST, PCI and ISF Standards of Good Practice for Information Security).
41. ▪ Excellent analytical and problem-solving abilities to analyze security requirements and relate them to appropriate security controls
42. ▪ Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
43. ▪ Knowledge of industry best practices regarding digitalization and automation of banking services.
44. ▪ Knowledge of UNIX Operating Systems, Microsoft Server Operating Systems, Virtualization technologies, Intrusion Prevention & Detection systems and advanced enterprise networks
45. ▪ (LANs & WANs)