Reports to: Head of Risk

About the Company:

NCBA Bank Uganda Limited, is a commercial bank in Uganda. It is one of the commercial banks licensed by the Bank of Uganda, the country’s central bank and national banking regulator.

Job Summary:   The purpose of this role is to provide continuous independent assurance on NCBA Bank’s information systems security, specifically on integrity, confidentiality and availability of information by ensuring appropriate security controls are in place to protect the Bank’s asset from ICT related risks while at the same time managing compliance of the Bank’s ICT and information security policies with laws, regulatory guidelines and applicable standards.

Key Duties and Responsibilities:

• Responsible for supporting the achievement of profitability of the bank through management/ cost savings of set departmental budgets.

Internal business

• Threat and Vulnerability Assessment: Collaborate with internal stakeholders to assess threats to information assets, identify vulnerabilities, and recommend  risk mitigation measures to reduce residual risk to acceptable levels.
• Risk Assessments: Conduct ICT risk assessments of the Bank’s systems and provide recommendations for appropriate and adequate IT security controls to mitigate ICT risks.
• Process Review: Review ICT processes, including Information Security, Security Operations, IT governance, and IT asset management, to identify deficiencies and recommend improvements.
• IT Risk Guidance: Provide guidance to departments on IT  risk management topics, including compliance with standards and policies and ensuring alignment with the Bank’s risk appetite.
• ICT Controls Review: Continuously assess the effectiveness of existing ICT controls and recommend improvements as necessary.
• Risk Appetite Alignment: Ensure that the Bank’s ICT risk management practices align with the risk appetite and tolerance defined by senior management and key
• Risk Register Management: Ensure the completeness and accuracy of the ICT & BCM risk register. Policy and Standard Evaluation: Evaluate information systems policies, standards, and procedures to ensure they meet both internal and external requirements
• Risk Response: Identify and evaluate risk response options, providing management with the necessary information to make informed decisions.
• Risk Posture Monitoring: Monitor the Bank’s ICT risk posture and communicate findings to relevant stakeholders to maintain the effectiveness of the enterprise risk management strategy.
• Regulatory Compliance: Conduct periodic reviews to ensure compliance with internal policies and regulatory requirements.
• Collaboration: Work closely with other enterprise risk team members on multiple projects to proactively identify and mitigate IT risk concerns.
• Framework Development: Support the development and enhancement of IT risk management practices, frameworks, and methodologies.
• Drive customer satisfaction through adherence of set SLAs and issuing stakeholders timely feedback. Promote ICT/information security awareness within the Bank by providing guidance, consulting and coordinating relevant programs to ensure an IS complaint culture
• Learning and growth Responsible for delivering the performance objectives set and managing his/her own learning and development to build capacity and avail him/herself for coaching and training opportunities.

Qualifications, Skills and Experience:

• Academic Minimum of a bachelor’s degree in cybersecurity, computer science, information systems, information security or similar technology-related field Minimum Upper 2nd Class honors or 3.0 GPA.
• Professional: Relevant certifications in information security and risk management knowledge areas such as Information Systems Audit, Information Security Management and Ethical
• Desired work experience: 3 years of experience working in a highly computerized and regulated environment
• At least 2 years of experience within technology security, risk or assurance functions.
• Practical knowledge of risk and control frameworks and application in financial services industry.
• Ability to undertake threat and vulnerability assessments so as to identify, quantify, and prioritize the vulnerabilities and threats to information systems.
• Ability to undertake security assessment and testing to reveal flaws in the security mechanisms of information systems including specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation.
• Knowledge and good understanding of Information Security and Control Objectives
• Fair understanding of information systems architecture and operational practices
• Behavioural Competencies Interpersonal skills to effectively communicate with and manage expectations of all team members and other stakeholders who mpact performance.

NB: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.