Head Information Security Job at Ecobank Uganda

Ecobank Uganda

Head Information Security Job Post

Location: Jobs in Uganda 2023 - 2024

Work Hours: Full-time, 08 hours per day

Salary: UGX

No. of vacancies: 01

Deadline: August 23 2023

Hiring Organization: Ecobank Uganda

Job Details:

Job Description
Key Responsibilities
• To Act as a Head of Information Security and represent the wider Group Information security strategies at the affiliate level.
• Serves as an Internal Information Security Consultant to the Bank
• Monitors compliance with information security policies and procedures, referring exceptions to Country Head of Operations & Technology and the CISO.
• Works closely with Group Security to implement security initiatives for the affiliate on behalf of Ecobank Group
• Liaises with regulatory agencies to address the banks security and compliance issues
• Liaises with contractors and service providers to ensure that all activities are in line with the Banks Information Security Policy
• Provides direct Information Security Awareness training and oversight to all employees, and other third parties, ensuring proper information security clearance in accordance with established bank information security policies and procedures
• Initiates, facilitates, and promotes activities to create information security awareness within the Bank
• Develop and implement an ongoing risk assessment program targeting information security and business systems. Recommend methods for vulnerability detection and remediation.
• Perform information security risk, vulnerability assessments and serves as an internal assessor for security issues
• Develop and implement an incident reporting system to address security incidents, respond to alleged policy violations from staff, contractors and external parties
• Provides guidance and direction for the physical and logical protection of Information Technology resources to other functional systems
• Reviews all system-related security plans throughout the bank's network
• Conducts investigations on security breaches, report findings and make recommendations to Executive Management
• Monitors the internal control systems to ensure that appropriate access levels are maintained
• Serves as a coordinator of the Banks Business Continuity and Disaster Recovery Plan
• Reviews security logs on critical servers and communicate exceptions to Executive Head, IT and Operations
• Establishes a reporting process to ensure that Executive Management is kept appraised of the effectiveness of Information Technology Security and problem resolution.
• Be a local champion at the affiliate level for Business Continuity Management, Disaster Recovery and Crisis Management.
• Perform any other duties assigned by Supervisor
• Design, implement, and maintain the overall affilaite Data Protection & Privacy program.
• Determines data protection & privacy compliance requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying personally identifiable data ; and conducting data mapping.
• Promote privacy by design and conduct privacy impact assessments to meet compliance specifications and timelines as the business processes sensitive or personal data
• Measure and report on business operations compliance with various Data Protection Acts, especially with General Data Protection Regulation (GDPR).
• Design and enforce risk mitigation cases and highlight any high risk practices and activities to senior management.
• Work with the Information Security Manager to implement agreed data security policies and ensure relevant monitoring is in place to protect against and check for potential data breaches
• Prepares system security reports by collecting, analyzing, and summarizing data and trends.
• Articulates the business benefits of data protection & privacy initiatives to stakeholders ensuring support and buy-in, delivering those initiatives to planned timescales and costs

Job Profile
Experience & Qualifications
• Bachelor’s degree or Industry Certified Security Professional Certification.
• Relevant Security Experience, at least 5 years in Information Security field.
• Experience of Managing Projects
• Experience of Managing Team’s Performance

Skills, Capabilities & Personal attributes
• Familiarity with industry standards, guidelines and regulatory compliance requirements related to information security, Data protection and privacy and cloud computing such as ISO 27001, Cloud Security Alliance (CSA), NIST 800-53, PCI DSS, GDPR, SSAE16 and SABSA etc.
• Ability to work in a Multicultural Environment
• Proven track record of achieving results and managing teams.
• Ability to build rapport with VPs and Cluster/Regional Managers
• Constructively manage all stakeholders and break barriers
• Ability to build and lead effective and successful teams
• Analytical thinker combined with skills of thinking outside the box
• Ability to effectively use technology to leapfrog the competition
• Withstanding pressure without it having effect on efficiency or quality
• Open to change and ability to create and drive change
• Ability to deal with ambiguity and a changing environment
• Strong analytical and diagnostic skills