Summary
Date Posted: Thursday, January 30 2025, Base Salary: Not Disclosed

JOB DETAILS:
JOB PURPOSE:
The Chief Information Security Officer (CISO) is responsible for overseeing and executing the institution’s comprehensive cybersecurity program, ensuring its alignment with the overall ICT strategy, business objectives, and risk management policies. The CISO plays a crucial role in safeguarding the confidentiality, integrity, and availability of information systems, while also ensuring that the institution’s cybersecurity infrastructure remains resilient to emerging cyber threats.

KEY RESPONSIBILITIES:
• Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory, Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
• Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Organizing professional cyber-related training to improve the technical proficiency of staff.
• Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
• Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Reporting to the CEO on an agreed interval but not less than once per quarter on the following:
• Assessment of the confidentiality, integrity and availability of the information systems in the institutions.
• Detailed exceptions to the approved cyber and technology policies and procedures.
• Assessment of the effectiveness of the approved cybersecurity program.
• All material cyber and technology events that affected the institution during the period.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigate actions, and identify potential control gaps.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Safeguarding confidentiality, integrity and availability of information.

KEY ATRIBUTES
• Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security.
• Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices.
• Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.
• Good understanding of IT networking and access management concepts.
• Ability to assess technology systems and applications from both a technical and business function perspective.

REQUIREMENTS.
• 8 years’ experience in information security, with at least 5 years in a senior leadership role, within a regulated financial institution.
• Bachelor’s degree in information technology, Computer Science, or a related field.
• Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred.


Work Hours: 8

Experience in Months: 96

Level of Education: Bachelor Degree

Job application procedure

Kindly send your cover letter and up to date CV to hr@eximbank-ug.com with the subject: JOB APPLICATION: CHIEF INFORMATION SECURITY OFFICER by close of business, Thursday 6th February 2025.

Only candidates who meet the minimum requirements shall be contacted.


All Jobs

QUICK ALERT SUBSCRIPTION