 |
| Dfcu |
Manager IT Security Governance Post
Location: Jobs in Uganda 2025 - 2026
Work Hours: Full-time, 08 hours per day
Salary:
UGX
No. of vacancies: 01
Deadline: 09 April 2025
Hiring Organization: Dfcu
Job Details:
REPORTING TO:
Head Information & Cybersecurity
LOCATION:
Kampala
JOB PURPOSE:
Reporting to the Head Information and Cybersecurity, the role holder will be
responsible for developing, implementing, and overseeing security policies,
frameworks, and strategies to ensure compliance with regulations, alignment
with business objectives, and effective risk management across the
organization.
KEY
ACCOUNTABILITIES:
1. Security
policy development and management:
Develop,
implement, and maintain security policies, standards, and guidelines.
Ensure
policies align with `bank goals, industry standards, and regulatory
requirements (e.g., ISO 27001, NIST.).
Periodically
review and update policies to address evolving risks and technologies.
2. Risk
Management:
Lead
department risk assessment process in line with ISO 27001.
Test the
controls identified within the department RCSA and implement identified gaps.
Develop and
oversee risk treatment plans to mitigate identified vulnerabilities.
Facilitate
regular risk assessments and track the resolution of high-priority risks.
3. Regulatory
Compliance:
Ensure the
bank complies with legal, regulatory, and contractual obligations related to
information security. This includes ensuring quarterly reporting to Bank of
Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
Act as a liaison
during audits or assessments and ensure audit findings are addressed timely.
This involves working with other team members resolve audit issues timely and
effectively to avoid repeat issues.
Monitor
changes in relevant regulations and update governance practices accordingly.
4. Security
framework Implementation:
Implement and
manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as
appropriate.
Establish and
maintain an Information Security Management System (ISMS) for structured governance.
5. Metrics
and Reporting:
Automation of
the information security reporting dashboard and management of update of the
same.
Provide
regular reports to Executive management and the board on the organization’s
security posture, risks, and compliance status.
6. Governance
Committees and Stakeholder Engagement:
Participate
in security governance committees, ensuring cross-functional alignment on
security goals.
Develop and
enforce third-party security agreements and ensure they align with organizational
risk tolerance.
8. Incident and
Crisis Management Oversight:
Provide
governance support during security incidents by ensuring the incident response
process aligns with policies and compliance requirements.
Ensure
lessons learned from incidents are integrated into governance improvements.
9. Training
and Awareness Programs:
Establish and
oversee security awareness programs to educate employees and customers on
security policies, risks, and best practices.
10.
Continuous Improvement:
Develop and
refine the organization’s long-term information security strategy.
Stay informed
about emerging threats, technologies, and governance trends to adapt practices
proactively.
Benchmark the
bank’s information security program against industry best practices.
KNOWLEDGE, SKILLS,
AND EXPERIENCE REQUIRED:
Minimum:
Bachelor’s degree in computer science, Information Technology, or a related
field.
Preferred:
Master’s degree specializing in Digital Security.
Certifications:
CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementor or Lead Auditor
equivalent.
Experience:
At least 6 years, with a minimum of 3 years in information security within a
bank/financial services environment.
Information
security framework implementation and audit knowledge. For example, ISO 27001
framework.
PCI -DSS
standard implementation knowledge.
System
Security Assessments
Team
leadership skills and stakeholder management
Strategic & Analytical thinking
Application procedure
If you
believe you meet the requirements as noted above, please forward your
application with a detailed CV including present position and copies of
relevant professional/academic certificates, to the email address indicated
below:
Vacanciesbank@dfcugroup.com
Deadline:
09th April 2025.
Dfcu Bank is
an equal opportunity employer. We do not discriminate on the basis of religion,
age, citizenship, marital or family status, disability, or gender. Only
short-listed candidates will be contacted.
Date Posted: 2025-03-30
MORE JOBS IN UGANDA HERE
NEVER MISS OUT ON A JOB ALERT, CLICK HERE TO JOIN JOB SPACE UGANDA WHATSAPP GROUP TODAY
0 Comments