Chief Information Security Officer
2025-04-08T06:18:14+00:00
NCBA
https://www.greatugandajobs.com/jsjobsdata/data/employer/comp_3292/logo/NCBA%20Bank.png
https://www.ug.ncbagroup.com
FULL_TIME
kampala
Kampala
00256
Uganda
Information Technology
Admin & Office
2025-04-19T17:00:00+00:00
Uganda
8
Job Purpose Statement
The Chief information Security Officer is a key participant in shaping the Bank’s Information and Security strategy. The role focuses on security strategies to protect information assets specifically in IT operations, systems, and innovation across the business, and protecting information systems and data from threats.
Key Accountabilities (Duties and Responsibilities)
- Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget.
• Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.
• Organizing professional cyber related trainings to improve technical proficiency of staff.
• Safeguarding the confidentiality, integrity and availability of information.
• Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
• Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
• Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis
• decision-making, are clearly defined, documented and communicated to relevant staff.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Safeguarding the confidentiality, integrity and availability of information.
• Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.
• Drive competency focus through continuous learning and job enrichment to ensure high performance.
Job Specifications
Academic and Professional Certifications:
• Bachelor of Science in Computer Science or technical field. MBA or a Master’s degree in a technology field preferred.
• IT management certifications are desirable: ITIL, COBIT, TOGAF, PRINCE2, ISO, Cloud technology, CISSP, CRISC.
Experience:
At least 10 years’ experience in Information Technology management, 5 of which should have been in a middle management capacity in a similar sized organization having lead successful IT transformation projects and/or initiatives.
Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget. • Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period. • Organizing professional cyber related trainings to improve technical proficiency of staff. • Safeguarding the confidentiality, integrity and availability of information. • Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy. • Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data. • Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution. • Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers). • Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year. • Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner. • Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments. • Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level. • Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered. • Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps. • Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location. • Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis • decision-making, are clearly defined, documented and communicated to relevant staff. • Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime. • Safeguarding the confidentiality, integrity and availability of information. • Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent. • Drive competency focus through continuous learning and job enrichment to ensure high performance.
Bachelor of Science in Computer Science or technical field. MBA or a Master’s degree in a technology field preferred. • IT management certifications are desirable: ITIL, COBIT, TOGAF, PRINCE2, ISO, Cloud technology, CISSP, CRISC. Experience: At least 10 years’ experience in Information Technology management, 5 of which should have been in a middle management capacity in a similar sized organization having lead successful IT transformation projects and/or initiatives.
JOB-67f4bfa6119b4
Vacancy title:
Chief Information Security Officer
[Type: FULL_TIME, Industry: Information Technology, Category: Admin & Office]
Jobs at:
NCBA
Deadline of this Job:
Saturday, April 19 2025
Duty Station:
kampala | Kampala | Uganda
Summary
Date Posted: Tuesday, April 8 2025, Base Salary: Not Disclosed
Similar Jobs in Uganda
Learn more about NCBA
NCBA jobs in Uganda
JOB DETAILS:
Job Purpose Statement
The Chief information Security Officer is a key participant in shaping the Bank’s Information and Security strategy. The role focuses on security strategies to protect information assets specifically in IT operations, systems, and innovation across the business, and protecting information systems and data from threats.
Key Accountabilities (Duties and Responsibilities)
- Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget.
• Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.
• Organizing professional cyber related trainings to improve technical proficiency of staff.
• Safeguarding the confidentiality, integrity and availability of information.
• Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.
• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.
• Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.
• Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
• Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
• Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis
• decision-making, are clearly defined, documented and communicated to relevant staff.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Safeguarding the confidentiality, integrity and availability of information.
• Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.
• Drive competency focus through continuous learning and job enrichment to ensure high performance.
Job Specifications
Academic and Professional Certifications:
• Bachelor of Science in Computer Science or technical field. MBA or a Master’s degree in a technology field preferred.
• IT management certifications are desirable: ITIL, COBIT, TOGAF, PRINCE2, ISO, Cloud technology, CISSP, CRISC.
Experience:
At least 10 years’ experience in Information Technology management, 5 of which should have been in a middle management capacity in a similar sized organization having lead successful IT transformation projects and/or initiatives.
Work Hours: 8
Experience in Months: 60
Level of Education: bachelor degree
Job application procedure
Interested and qualified? Click here
All Jobs | QUICK ALERT SUBSCRIPTION
