Vacancy title:
Cheif Information Security Officer

[Type: FULL_TIME, Industry: Consulting, Category: Computer & IT]

Jobs at:
True North

Deadline of this Job:
Monday, April 14 2025

Duty Station:
Kampala | Kampala | Uganda

Summary
Date Posted: Monday, March 31 2025, Base Salary: Not Disclosed

Similar Jobs in Uganda
Learn more about True North
True North jobs in Uganda

JOB DETAILS:

Job Purpose
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining
the Bank's information security vision, strategy, and programs. This senior executive role is
crucial in safeguarding the Bank's data, financial assets, and client information from cyber
threats while ensuring compliance with regulatory standards. The CISO will work closely
with the executive team to identify risks, establish policies, and oversee the Bank’s
information security operations, incident response, and cybersecurity resilience

Responsibilities
 Cybersecurity Program Development and Enforcement
 Develop, implement, and monitor the Bank’s cybersecurity program in alignment
with industry standards and regulatory requirements.
 Enforce the Bank’s cyber and technology policy to ensure compliance with
regulatory and institutional standards for data protection, cybersecurity controls,
and incident response.
 Regularly review and update the cybersecurity program and policies to reflect the
latest threat intelligence, industry trends, and regulatory requirements.
 Comprehensive Asset and Infrastructure Management
 Maintain an enterprise-wide knowledge base of users, devices, applications, and
software licenses, along with relationships across assets to ensure complete
visibility over information resources.
 Oversee the continuous management of software and hardware asset inventories,
network maps (including traffic flow and boundaries), and performance data to
prevent unauthorized access and identify vulnerabilities.
 Implement continuous monitoring and risk-based auditing of information assets
and network infrastructure, ensuring a robust security posture across all systems.
 Alignment with Strategic and Operational Objectives
 Ensure the Bank’s information systems and cybersecurity initiatives align with
business strategies, risk appetite, and ICT risk management policies.
 Develop and implement user-centric security controls designed to meet the needs
of internal users (management and staff) and external stakeholders (contractors,
partners, and service providers).
 Collaborate with executive management to ensure the ICT strategy, including
information systems and cybersecurity measures, supports the Bank’s overall
business strategy and regulatory obligations.
 Risk Assessment, Incident Detection, and Response
 Lead comprehensive cyber risk assessments at least annually, applying best practice
industry standards and guidance to identify potential security threats and
vulnerabilities.

JOB DESCRIPTION
 Establish processes for proactive monitoring and timely detection of cyber and
technology events or incidents, with a robust incident response plan in place.
 Regularly update the incident response mechanism and Business Continuity Plan
(BCP), incorporating scenario analyses to evaluate potential material cyber-attacks
and identify control gaps.
 Policy Compliance, Exception Management, and Reporting
 Review and assess risks related to any deviations or exceptions to approved cyber
and technology policies, obtaining senior management approval as needed.
 Report at least quarterly to the Managing Director and to the Board on:
confidentiality, integrity, and availability of information systems; detailed
exceptions to cyber and technology policies; effectiveness and resilience of the
cybersecurity program; and significant cyber and technology events affecting the
bank.
 Ensure prompt periodical reporting to the regulator as required by relevant
regulations
 Regularly re-evaluate exceptions to ensure residual risks remain within acceptable
thresholds as determined by the institution and regulatory bodies.
 Cybersecurity Training and Workforce Development
 Lead the organization of professional cybersecurity-related training for Bank
employees to enhance technical proficiency, ensuring alignment with the best
practice standards and regulation.
 Cultivate an institution-wide cybersecurity culture that promotes awareness and
best practices, engaging staff at all levels on the importance of security compliance
and vigilance.
 Cybersecurity Monitoring, Incident Detection, and Business Continuity
 Ensure that regular, comprehensive cyber risk assessments are conducted to
evaluate emerging threats and vulnerabilities in the IT environment.
 Implement continuous monitoring mechanisms for IT systems to detect cyber
incidents promptly and ensure frequent data backups to secure storage for data
integrity and accessibility.
 Lead regular testing of disaster recovery and BCP arrangements to ensure the
Bank’s ability to function and meet regulatory obligations following cyber incidents
or disruptions.
 Data Integrity, Confidentiality, and Availability
 Safeguard the confidentiality, integrity, and availability of information assets by
implementing robust security controls, regularly assessing their effectiveness, and
adapting to emerging threats.
 Ensure that roles and responsibilities for managing cyber risks, including during
crises, are clearly defined, documented, and communicated to relevant staff.
Additional Responsibilities
 The Bank reserves the right to amend, modify, or adjust the responsibilities of this
position as business needs evolve, in alignment with applicable labour laws. The
Employee may also be required to undertake additional duties or projects from time
to time, within their capabilities and consistent with the responsibilities of the role,
as directed by the Employer.
Key Performance Indicators
 Cybersecurity program compliance.
 Incident detection level and response times

JOB DESCRIPTION
 Risk assessment completion and vulnerability management (closure and tracking)
 Cybersecurity user awareness and training completion
 Effectiveness and efficiency in reporting
Financial Responsibility
 Departmental budget

Person Specification
Education, Training,

Skills & Experience
Education & Training
 Bachelor’s in Information Security, Computer Science, or a related field. Advanced
certifications such as CISSP (Certified Information Systems Security Professional),
CISM (Certified Information Security Manager), or CRISC (Certified in Risk and
Information Systems Control) are strongly preferred
 A master’s degree is an added advantage

 Skills & Experience
 Experience: 10+ years in information security, with at least 5 years in a senior
leadership role, ideally within a regulated financial institution.
 Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO
27001) and banking regulations for information security, combined with proficiency
in asset management, risk management, and network security.
 Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability
management, and regulatory compliance aligned with international standards and
best practices.
 Leadership Abilities: Proven track record in leading cross-functional teams,
influencing organizational change, and communicating effectively with executive
and board-level stakeholders.

Work Hours: 8

Experience in Months: 120

Level of Education: bachelor degree

Job application procedure
Interested in applying for this job? Click here to submit your application now.

Interested candidates are invited to send their CV, cover letter, and relevant academic documents in PDF or MS Word format Please indicate the specific role either HEAD BUSINESS TECHNOLOGY or CHIEF INFORMATION SECURITY OFFICER in the subject line of your email by 14th April, 2025.

All applications shall be acknowledged as received but only shortlisted candidates will be contacted.

All applicants should share their CV's and Cover Letters in PDF or MS Word STRICTLY.

All Jobs | QUICK ALERT SUBSCRIPTION