About this job:

Q-Sourcing Limited trading as Q-Sourcing Servtec is a manpower management solutions firm operating in the East African Region in the countries of Uganda, Kenya, Tanzania, Rwanda, and South Sudan.

On behalf of our client in Uganda in the Banking Sector, we are looking for a competent and experienced IT Security Specialist Governance to work in Kampala Uganda.

Reports to : Manager Information Security Governance

Purpose of the Role:

IT Security Governance Specialist is responsible for maintaining, and continually improving the organization's information security posture. The position is responsible for overseeing key aspects of IT security governance, including identity and access management, cybersecurity awareness, third-party security, and the enforcement of security standards. E.g. ISO 27001 and PCI DSS

KEY ACCOUNTABILITIES:

Identity and Access Management (IAM):

•    Develop, implement, and maintain IAM policies, standards, and procedures in alignment with industry best practices and regulatory requirements.

•    Oversee the lifecycle management of user identities and access privileges, including provisioning, de-provisioning, access reviews, and role-based access control (RBAC).

Cybersecurity Awareness:

•    Design, develop, and deliver comprehensive cybersecurity awareness training programs for all employees, tailored to distinct roles and risk levels.

•    Develop engaging communication materials, campaigns, and phishing simulations to foster a strong security culture.

•    Track and report on the effectiveness of awareness programs and identify areas for improvement.

3rd Party security management

•    Conduct third party security assessments, and ongoing monitoring of third-party access and activities.

•    Track third-party security exceptions and remediation efforts.

•    Collaborate with legal and procurement teams to ensure security requirements are integrated into contracts and service agreements.

Minimum Security Baseline Standards:

•    Define, document, and enforce minimum security baseline standards for all IT systems, applications, networks, and infrastructure components.

•    Collaborate with technical teams to ensure these baselines are implemented and regularly reviewed for compliance.

•    Develop metrics and reporting mechanisms to track adherence to security baselines.

Maintenance of ISMS and PCI DSS Standards and Requirements:

•    Lead the ongoing maintenance and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards.

•    Ensure continuous compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements, including leading annual assessments and remediation activities.

•    Develop, review, and update information security policies, procedures, and guidelines to reflect current threats, technologies, and regulatory changes.

Governance Risk and Compliance:

•    Coordinate and facilitate internal and external information security audits (e.g., ISO 27001, PCI DSS, regulatory audits).

•    Work as a point of contact for audits engagements ensuring timely closing of findings.

•    Prepare and submit accurate and timely quarterly information security reports to the Bank of Uganda as per regulatory requirements.

•    Develop and present comprehensive security reports and dashboards to management, highlighting key security metrics, risks, compliance status, and improvement initiatives.

Contributes to planning of the enterprise information security budget.

Requirements

KNOWLEDGE, SKILLS AND EXPERIENCE REQUIRED:

•    A minimum qualification of a bachelor’s degree in computer science, Information Technology, or a related numerical sciences degree. 

•    A master’s degree is an added advantage

•    Information Security and /or Information Technology industry certification (CISSP, CISM, CEH, CISA, CRISC, ISO27001 Lead implementor) is required

•    Minimum of 3 years of experience in information security.

•    Proven experience in identifying, assessing, and mitigating technology risks, with a strong grasp of cybersecurity risk management frameworks.

•    Familiarity with relevant cybersecurity laws, regulations, organizational policies, and ethical standards, particularly related to data privacy and protection.

•    Working knowledge and practical application of ISO/IEC 27001 and PCI DSS standards.

•    Demonstrated ability to evaluate the design, resilience, and reliability of security systems, and understand how environmental or operational changes impact their effectiveness.

•    Effective Communication

•    Analytical Thinking & Inductive Reasoning

•    Problem Solving.

•    Stakeholder Management

•    Self-Driven Development