Description

NCBA Bank Uganda is hiring a Manager – ICT Risk to provide continuous independent oversight on the implementation of the Bank’s Information Technology and information security programs, compliance to related policies & procedures and to monitor controls, that give assurance on the Bank’s ability to adapt, recover or mitigate the impact of Information and Cyber risks on its business, customers, employees, shareholders and other stakeholders.Uganda Job Portal

Key Duties and Responsibilities:

• Undertake risk assessments, analyse the effectiveness of technical and procedural control activities, and provide actionable recommendations to management.
• Assess the Bank’s information and Cyber Security capabilities, operations and supporting technology controls to identify risks and recommend pragmatic risk mitigation measures.
• Identify and assess business disruption risks and their impacts associated with current business practices and strategic plans.
• Identify critical points of failure in the Bank’s ICT disaster recovery plans and recommend risk mitigation measures based on best practice standards and Regulatory requirements.
• Annual and periodical independent review of Business Continuity Plans (BCP) and Business Impact Assessments (BIA) and recommend improvements.
• Review and report on the residual ICT risks.
• Review and improve the training and awareness programs for Information and Cyber Security in the bank.
• Succinctly frame emerging threats and risk in alignment with the existing risk profile.
• Distil complex risk, process and control relationships into simple dashboards/reports.
• Demonstrate robust risk management oversight in supporting various internal assessments and regulatory examinations.
• Support the development of the IT risk management practice, framework and methodologies.
• Review, report and follow-up on closure of any noted gaps during the ICT risk assessments.
• Drive customer satisfaction through timely ICT risk Assessments that have been put in place to support business.
• Responsible for delivering the performance objectives set and managing his/her own learning and development to build capacity and avail him/herself for coaching and training opportunities.

Qualifications, Skills and Experience:

• University Degree in a relevant field
• Masters degree will be an added advantage
• Relevant certifications in Information Security and Risk Management knowledge areas such as CRISC, CISM, CISA, CISSP or equivalent.
• At least 5 – 7 years’ experience in a similar role with exposure to Banking operations, Technology or Assurance functions.
• Practical Knowledge of BOU guidelines on ICT Risk Management.
• Practical Knowledge of risk and control frameworks and their application within the Financial Services industry.

• Undertake risk assessments, analyse the effectiveness of technical and procedural control activities, and provide actionable recommendations to management.
• Assess the Bank’s information and Cyber Security capabilities, operations and supporting technology controls to identify risks and recommend pragmatic risk mitigation measures.
• Identify and assess business disruption risks and their impacts associated with current business practices and strategic plans.
• Identify critical points of failure in the Bank’s ICT disaster recovery plans and recommend risk mitigation measures based on best practice standards and Regulatory requirements.
• Annual and periodical independent review of Business Continuity Plans (BCP) and Business Impact Assessments (BIA) and recommend improvements.
• Review and report on the residual ICT risks.
• Review and improve the training and awareness programs for Information and Cyber Security in the bank.
• Succinctly frame emerging threats and risk in alignment with the existing risk profile.
• Distil complex risk, process and control relationships into simple dashboards/reports.
• Demonstrate robust risk management oversight in supporting various internal assessments and regulatory examinations.
• Support the development of the IT risk management practice, framework and methodologies.
• Review, report and follow-up on closure of any noted gaps during the ICT risk assessments.
• Drive customer satisfaction through timely ICT risk Assessments that have been put in place to support business.
• Responsible for delivering the performance objectives set and managing his/her own learning and development to build capacity and avail him/herself for coaching and training opportunities.

• Computer Security

• University Degree in a relevant field
• Masters degree will be an added advantage
• Relevant certifications in Information Security and Risk Management knowledge areas such as CRISC, CISM, CISA, CISSP or equivalent.
• Practical Knowledge of BOU guidelines on ICT Risk Management.
• Practical Knowledge of risk and control frameworks and their application within the Financial Services industry.