Chief Information Security Officer
2025-03-31T08:04:27+00:00
True North
https://www.greatugandajobs.com/jsjobsdata/data/employer/comp_1862/logo/True%20North%20Consult%20Ltd.png
https://www.truenorthafrica.com
FULL_TIME
kampala
Kampala
00256
Uganda
Information Technology
Management Officer
2025-04-14T17:00:00+00:00
Uganda
8
Job Purpose
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the Bank's information security vision, strategy, and programs. This senior executive role is crucial in safeguarding the Bank's data, financial assets, and client information from cyber threats while ensuring compliance with regulatory standards. The CISO will work closely with the executive team to identify risks, establish policies, and oversee the Bank’s information security operations, incident response, and cybersecurity resilience
Responsibilities
Cybersecurity Program Development and Enforcement
Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.
Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.
Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.
Comprehensive Asset and Infrastructure Management
Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources.
Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities.
Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.
Alignment with Strategic and Operational Objectives
Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.
Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).
Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.
Risk Assessment, Incident Detection, and Response
Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities.
Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.
Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.
Policy Compliance, Exception Management, and Reporting
Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.
Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed
exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant cyber and technology events affecting the bank.
Ensure prompt periodical reporting to the regulator as required by relevant regulations
Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.
Cybersecurity Training and Workforce Development
Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.
Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.
Cybersecurity Monitoring, Incident Detection, and Business Continuity
Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment.
Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.
Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank's ability to function and meet regulatory obligations following cyber incidents or disruptions.
Data Integrity, Confidentiality, and Availability
Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.
Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff.
Additional Responsibilities
The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labor laws. The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer.
Key Performance Indicators
Cybersecurity program compliance.
Incident detection level and response times
Risk assessment completion and vulnerability management (closure and tracking)
Cybersecurity user awareness and training completion
Effectiveness and efficiency in reporting
Financial Responsibility
Departmental budget
Education, Training,
Skills & Experience
Education & Training
Bachelors in Information Security, Computer Science, or a related field. Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred
A master’s degree is an added advantage
Skills & Experience
Experience: 10+ years in information security, with at least 5 years in a senior leadership role, ideally within a regulated financial institution.
Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security.
Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices.
Leadership Abilities: Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.
Cybersecurity Program Development and Enforcement Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements. Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response. Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements. Comprehensive Asset and Infrastructure Management Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources. Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities. Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems. Alignment with Strategic and Operational Objectives Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies. Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers). Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations. Risk Assessment, Incident Detection, and Response Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities. Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place. Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps. Policy Compliance, Exception Management, and Reporting Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed. Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant cyber and technology events affecting the bank. Ensure prompt periodical reporting to the regulator as required by relevant regulations Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies. Cybersecurity Training and Workforce Development Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation. Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance. Cybersecurity Monitoring, Incident Detection, and Business Continuity Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment. Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility. Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank's ability to function and meet regulatory obligations following cyber incidents or disruptions. Data Integrity, Confidentiality, and Availability Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats. Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff. Additional Responsibilities The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labor laws. The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer.
Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security. Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices. Leadership Abilities: Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.
Bachelors in Information Security, Computer Science, or a related field. Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred A master’s degree is an added advantage
JOB-67ea4c8be34db
Vacancy title:
Chief Information Security Officer
[Type: FULL_TIME, Industry: Information Technology, Category: Management Officer]
Jobs at:
True North
Deadline of this Job:
Monday, April 14 2025
Duty Station:
kampala | Kampala | Uganda
Summary
Date Posted: Monday, March 31 2025, Base Salary: Not Disclosed
Similar Jobs in Uganda
Learn more about True North
True North jobs in Uganda
JOB DETAILS:
Job Purpose
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the Bank's information security vision, strategy, and programs. This senior executive role is crucial in safeguarding the Bank's data, financial assets, and client information from cyber threats while ensuring compliance with regulatory standards. The CISO will work closely with the executive team to identify risks, establish policies, and oversee the Bank’s information security operations, incident response, and cybersecurity resilience
Responsibilities
Cybersecurity Program Development and Enforcement
Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.
Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.
Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.
Comprehensive Asset and Infrastructure Management
Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources.
Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities.
Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.
Alignment with Strategic and Operational Objectives
Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.
Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).
Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.
Risk Assessment, Incident Detection, and Response
Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities.
Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.
Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.
Policy Compliance, Exception Management, and Reporting
Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.
Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed
exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant cyber and technology events affecting the bank.
Ensure prompt periodical reporting to the regulator as required by relevant regulations
Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.
Cybersecurity Training and Workforce Development
Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.
Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.
Cybersecurity Monitoring, Incident Detection, and Business Continuity
Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment.
Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.
Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank's ability to function and meet regulatory obligations following cyber incidents or disruptions.
Data Integrity, Confidentiality, and Availability
Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.
Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff.
Additional Responsibilities
The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labor laws. The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer.
Key Performance Indicators
Cybersecurity program compliance.
Incident detection level and response times
Risk assessment completion and vulnerability management (closure and tracking)
Cybersecurity user awareness and training completion
Effectiveness and efficiency in reporting
Financial Responsibility
Departmental budget
Education, Training,
Skills & Experience
Education & Training
Bachelors in Information Security, Computer Science, or a related field. Advanced certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are strongly preferred
A master’s degree is an added advantage
Skills & Experience
Experience: 10+ years in information security, with at least 5 years in a senior leadership role, ideally within a regulated financial institution.
Technical Skills: Deep understanding of cybersecurity frameworks (such as NIST, ISO 27001) and banking regulations for information security, combined with proficiency in asset management, risk management, and network security.
Analytical Skills: Expertise in cyber risk assessment, policy compliance, vulnerability management, and regulatory compliance aligned with international standards and best practices.
Leadership Abilities: Proven track record in leading cross-functional teams, influencing organizational change, and communicating effectively with executive and board-level stakeholders.
Work Hours: 8
Experience in Months: 120
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
All Jobs | QUICK ALERT SUBSCRIPTION