Chief Information Security Officer Job at NCBA

Jobspace Uganda April 08, 2025

NCBA

Chief Information Security Officer Job Post

Location:  Jobs in Uganda 2025 - 2026


Work Hours: Full-time, 08 hours per day

Salary: UGX

No. of vacancies: 01

Deadline: April 19 2025

Hiring Organization: NCBA

Job Details:

Job Purpose Statement

The Chief information Security Officer is a key participant in shaping the Bank’s Information and Security strategy. The role focuses on security strategies to protect information assets specifically in IT operations, systems, and innovation across the business, and protecting information systems and data from threats.

Key Accountabilities (Duties and Responsibilities)

  •  Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget.
    •    Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.
    •    Organizing professional cyber related trainings to improve technical proficiency of staff.
    •    Safeguarding the confidentiality, integrity and availability of information.
    •    Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy. 
    •    Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
    •    Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
    •    Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
    •    Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
    •    Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner. 
    •    Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
    •    Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level. 
    •    Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
    •    Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
    •    Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
    •    Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis 
    •    decision-making, are clearly defined, documented and communicated to relevant staff.
    •    Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
    •    Safeguarding the confidentiality, integrity and availability of information.
    •    Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.
    •    Drive competency focus through continuous learning and job enrichment to ensure high performance.

Job Specifications

Academic and Professional Certifications:
•    Bachelor of Science in Computer Science or technical field. MBA or a Master’s degree in a technology field preferred. 
•    IT management certifications are desirable: ITIL, COBIT, TOGAF, PRINCE2, ISO, Cloud technology, CISSP, CRISC.
Experience:
At least 10 years’ experience in Information Technology management, 5 of which should have been in a middle management capacity in a similar sized organization having lead successful IT transformation projects and/or initiatives.

Application procedure

Interested and qualified? Click here

Date Posted: 2025-04-08

MORE JOBS IN UGANDA HERE

NEVER MISS OUT ON A JOB ALERT, CLICK HERE TO JOIN JOB SPACE UGANDA WHATSAPP GROUP TODAY


CLICK HERE TO JOIN OUR WHATSAPP CHANNEL

Jobspace Uganda

Posted by Jobspace Uganda

Post a Comment

0 Comments