Cheif Information Security Officer
2025-03-31T07:40:28+00:00
True North
https://www.greatugandajobs.com/jsjobsdata/data/employer/comp_1862/logo/True%20North%20Consult%20Ltd.png
https://www.truenorthafrica.com
FULL_TIME
Kampala
Kampala
00256
Uganda
Consulting
Computer & IT
2025-04-14T17:00:00+00:00
Uganda
8
Job Purpose
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining
the Bank's information security vision, strategy, and programs. This senior executive role is
crucial in safeguarding the Bank's data, financial assets, and client information from cyber
threats while ensuring compliance with regulatory standards. The CISO will work closely
with the executive team to identify risks, establish policies, and oversee the Bank’s
information security operations, incident response, and cybersecurity resilience
Responsibilities
Cybersecurity Program Development and Enforcement
Develop, implement, and monitor the Bank’s cybersecurity program in alignment
with industry standards and regulatory requirements.
Enforce the Bank’s cyber and technology policy to ensure compliance with
regulatory and institutional standards for data protection, cybersecurity controls,
and incident response.
Regularly review and update the cybersecurity program and policies to reflect the
latest threat intelligence, industry trends, and regulatory requirements.
Comprehensive Asset and Infrastructure Management
Maintain an enterprise-wide knowledge base of users, devices, applications, and
software licenses, along with relationships across assets to ensure complete
visibility over information resources.
Oversee the continuous management of software and hardware asset inventories,
network maps (including traffic flow and boundaries), and performance data to
prevent unauthorized access and identify vulnerabilities.
Implement continuous monitoring and risk-based auditing of information assets
and network infrastructure, ensuring a robust security posture across all systems.
Alignment with Strategic and Operational Objectives
Ensure the Bank’s information systems and cybersecurity initiatives align with
business strategies, risk appetite, and ICT risk management policies.
Develop and implement user-centric security controls designed to meet the needs
of internal users (management and staff) and external stakeholders (contractors,
partners, and service providers).
Collaborate with executive management to ensure the ICT strategy, including
information systems and cybersecurity measures, supports the Bank’s overall
business strategy and regulatory obligations.
Risk Assessment, Incident Detection, and Response
Lead comprehensive cyber risk assessments at least annually, applying best practice
industry standards and guidance to identify potential security threats and
vulnerabilities.
JOB DESCRIPTION
Establish processes for proactive monitoring and timely detection of cyber and
technology events or incidents, with a robust incident response plan in place.
Regularly update the incident response mechanism and Business Continuity Plan
(BCP), incorporating scenario analyses to evaluate potential material cyber-attacks
and identify control gaps.
Policy Compliance, Exception Management, and Reporting
Review and assess risks related to any deviations or exceptions to approved cyber
and technology policies, obtaining senior management approval as needed.
Report at least quarterly to the Managing Director and to the Board on:
confidentiality, integrity, and availability of information systems; detailed
exceptions to cyber and technology policies; effectiveness and resilience of the
cybersecurity program; and significant cyber and technology events affecting the
bank.
Ensure prompt periodical reporting to the regulator as required by relevant
regulations
Regularly re-evaluate exceptions to ensure residual risks remain within acceptable
thresholds as determined by the institution and regulatory bodies.
Cybersecurity Training and Workforce Development
Lead the organization of professional cybersecurity-related training for Bank
employees to enhance technical proficiency, ensuring alignment with the best
practice standards and regulation.
Cultivate an institution-wide cybersecurity culture that promotes awareness and
best practices, engaging staff at all levels on the importance of security compliance
and vigilance.
Cybersecurity Monitoring, Incident Detection, and Business Continuity
Ensure that regular, comprehensive cyber risk assessments are conducted to
evaluate emerging threats and vulnerabilities in the IT environment.
Implement continuous monitoring mechanisms for IT systems to detect cyber
incidents promptly and ensure frequent data backups to secure storage for data
integrity and accessibility.
Lead regular testing of disaster recovery and BCP arrangements to ensure the
Bank’s ability to function and meet regulatory obligations following cyber incidents
or disruptions.
Data Integrity, Confidentiality, and Availability
Safeguard the confidentiality, integrity, and availability of information assets by
implementing robust security controls, regularly assessing their effectiveness, and
adapting to emerging threats.
Ensure that roles and responsibilities for managing cyber risks, including during
crises, are clearly defined, documented, and communicated to relevant staff.
Additional Responsibilities
The Bank reserves the right to amend, modify, or adjust the responsibilities of this
position as business needs evolve, in alignment with applicable labour laws. The
Employee may also be required to undertake additional duties or projects from time
to time, within their capabilities and consistent with the responsibilities of the role,
as directed by the Employer.
Key Performance Indicators
Cybersecurity program compliance.
Incident detection level and response times
JOB DESCRIPTION
Risk assessment completion and vulnerability management (closure and tracking)
Cybersecurity user awareness and training completion
Effectiveness and efficiency in reporting
Financial Responsibility
Departmental budget
Person Specification
Education, Training,
Skills & Experience
Education & Training
Bachelor’s in Information Security, Computer Science, or a related field. Advanced
certifications such as CISSP (Certified Information Systems Security Professional),
CISM (Certified Information Security Manager), or CRISC (Certified in Risk and
Information Systems Control) are strongly preferred
A master’s degree is an added advantage
Skills & Experience
Experience: 10+ years in information security, with at least 5 years in a senior
leadership role, ideally within a regulated financial institution.
Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO
27001) and banking regulations for information security, combined with proficiency
in asset management, risk management, and network security.
Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability
management, and regulatory compliance aligned with international standards and
best practices.
Leadership Abilities: Proven track record in leading cross-functional teams,
influencing organizational change, and communicating effectively with executive
and board-level stakeholders.
Cybersecurity Program Development and Enforcement Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements. Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response. Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements. Comprehensive Asset and Infrastructure Management Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources. Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities. Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems. Alignment with Strategic and Operational Objectives Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies. Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers). Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations. Risk Assessment, Incident Detection, and Response Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities. JOB DESCRIPTION Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place. Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps. Policy Compliance, Exception Management, and Reporting Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed. Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant cyber and technology events affecting the bank. Ensure prompt periodical reporting to the regulator as required by relevant regulations Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies. Cybersecurity Training and Workforce Development Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation. Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance. Cybersecurity Monitoring, Incident Detection, and Business Continuity Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment. Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility. Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank’s ability to function and meet regulatory obligations following cyber incidents or disruptions. Data Integrity, Confidentiality, and Availability Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats. Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff. Additional Responsibilities The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labour laws. The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer
Education & Training Bachelor’s in Information Security, Computer Science, or a related field. Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred A master’s degree is an added advantage Skills & Experience Experience: 10+ years in information security, with at least 5 years in a senior leadership role, ideally within a regulated financial institution. Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security. Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices. Leadership Abilities: Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.
JOB-67ea46ec2851c
Vacancy title:
Cheif Information Security Officer
[Type: FULL_TIME, Industry: Consulting, Category: Computer & IT]
Jobs at:
True North
Deadline of this Job:
Monday, April 14 2025
Duty Station:
Kampala | Kampala | Uganda
Summary
Date Posted: Monday, March 31 2025, Base Salary: Not Disclosed
Similar Jobs in Uganda
Learn more about True North
True North jobs in Uganda
JOB DETAILS:
Job Purpose
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining
the Bank's information security vision, strategy, and programs. This senior executive role is
crucial in safeguarding the Bank's data, financial assets, and client information from cyber
threats while ensuring compliance with regulatory standards. The CISO will work closely
with the executive team to identify risks, establish policies, and oversee the Bank’s
information security operations, incident response, and cybersecurity resilience
Responsibilities
Cybersecurity Program Development and Enforcement
Develop, implement, and monitor the Bank’s cybersecurity program in alignment
with industry standards and regulatory requirements.
Enforce the Bank’s cyber and technology policy to ensure compliance with
regulatory and institutional standards for data protection, cybersecurity controls,
and incident response.
Regularly review and update the cybersecurity program and policies to reflect the
latest threat intelligence, industry trends, and regulatory requirements.
Comprehensive Asset and Infrastructure Management
Maintain an enterprise-wide knowledge base of users, devices, applications, and
software licenses, along with relationships across assets to ensure complete
visibility over information resources.
Oversee the continuous management of software and hardware asset inventories,
network maps (including traffic flow and boundaries), and performance data to
prevent unauthorized access and identify vulnerabilities.
Implement continuous monitoring and risk-based auditing of information assets
and network infrastructure, ensuring a robust security posture across all systems.
Alignment with Strategic and Operational Objectives
Ensure the Bank’s information systems and cybersecurity initiatives align with
business strategies, risk appetite, and ICT risk management policies.
Develop and implement user-centric security controls designed to meet the needs
of internal users (management and staff) and external stakeholders (contractors,
partners, and service providers).
Collaborate with executive management to ensure the ICT strategy, including
information systems and cybersecurity measures, supports the Bank’s overall
business strategy and regulatory obligations.
Risk Assessment, Incident Detection, and Response
Lead comprehensive cyber risk assessments at least annually, applying best practice
industry standards and guidance to identify potential security threats and
vulnerabilities.
JOB DESCRIPTION
Establish processes for proactive monitoring and timely detection of cyber and
technology events or incidents, with a robust incident response plan in place.
Regularly update the incident response mechanism and Business Continuity Plan
(BCP), incorporating scenario analyses to evaluate potential material cyber-attacks
and identify control gaps.
Policy Compliance, Exception Management, and Reporting
Review and assess risks related to any deviations or exceptions to approved cyber
and technology policies, obtaining senior management approval as needed.
Report at least quarterly to the Managing Director and to the Board on:
confidentiality, integrity, and availability of information systems; detailed
exceptions to cyber and technology policies; effectiveness and resilience of the
cybersecurity program; and significant cyber and technology events affecting the
bank.
Ensure prompt periodical reporting to the regulator as required by relevant
regulations
Regularly re-evaluate exceptions to ensure residual risks remain within acceptable
thresholds as determined by the institution and regulatory bodies.
Cybersecurity Training and Workforce Development
Lead the organization of professional cybersecurity-related training for Bank
employees to enhance technical proficiency, ensuring alignment with the best
practice standards and regulation.
Cultivate an institution-wide cybersecurity culture that promotes awareness and
best practices, engaging staff at all levels on the importance of security compliance
and vigilance.
Cybersecurity Monitoring, Incident Detection, and Business Continuity
Ensure that regular, comprehensive cyber risk assessments are conducted to
evaluate emerging threats and vulnerabilities in the IT environment.
Implement continuous monitoring mechanisms for IT systems to detect cyber
incidents promptly and ensure frequent data backups to secure storage for data
integrity and accessibility.
Lead regular testing of disaster recovery and BCP arrangements to ensure the
Bank’s ability to function and meet regulatory obligations following cyber incidents
or disruptions.
Data Integrity, Confidentiality, and Availability
Safeguard the confidentiality, integrity, and availability of information assets by
implementing robust security controls, regularly assessing their effectiveness, and
adapting to emerging threats.
Ensure that roles and responsibilities for managing cyber risks, including during
crises, are clearly defined, documented, and communicated to relevant staff.
Additional Responsibilities
The Bank reserves the right to amend, modify, or adjust the responsibilities of this
position as business needs evolve, in alignment with applicable labour laws. The
Employee may also be required to undertake additional duties or projects from time
to time, within their capabilities and consistent with the responsibilities of the role,
as directed by the Employer.
Key Performance Indicators
Cybersecurity program compliance.
Incident detection level and response times
JOB DESCRIPTION
Risk assessment completion and vulnerability management (closure and tracking)
Cybersecurity user awareness and training completion
Effectiveness and efficiency in reporting
Financial Responsibility
Departmental budget
Person Specification
Education, Training,
Skills & Experience
Education & Training
Bachelor’s in Information Security, Computer Science, or a related field. Advanced
certifications such as CISSP (Certified Information Systems Security Professional),
CISM (Certified Information Security Manager), or CRISC (Certified in Risk and
Information Systems Control) are strongly preferred
A master’s degree is an added advantage
Skills & Experience
Experience: 10+ years in information security, with at least 5 years in a senior
leadership role, ideally within a regulated financial institution.
Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO
27001) and banking regulations for information security, combined with proficiency
in asset management, risk management, and network security.
Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability
management, and regulatory compliance aligned with international standards and
best practices.
Leadership Abilities: Proven track record in leading cross-functional teams,
influencing organizational change, and communicating effectively with executive
and board-level stakeholders.
Work Hours: 8
Experience in Months: 120
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
Interested candidates are invited to send their CV, cover letter, and relevant academic documents in PDF or MS Word format Please indicate the specific role either HEAD BUSINESS TECHNOLOGY or CHIEF INFORMATION SECURITY OFFICER in the subject line of your email by 14th April, 2025.
All applications shall be acknowledged as received but only shortlisted candidates will be contacted.
All applicants should share their CV's and Cover Letters in PDF or MS Word STRICTLY.
All Jobs | QUICK ALERT SUBSCRIPTION