Validity period: 22/05/2023 - 03/06/2023
Duty Station: Head office
Position: Information Security and Business Continuity Officer
Department: Risk and Internal Controls department
The Information Security & Business Continuity Officer is responsible for coordinating information security and Information Technology related business continuity initiatives within the organization and ensuring that the organization is compliant to the laid down requirements as stipulated in governing policies.
Key duties and responsibilities:
- Coordinating Business and Information Technology Continuity Planning and DR testing across FINCA Uganda Business Units and infrastructure
- Assessing and documenting cyber security posture of 3rd party vendors and their services against FINCA Uganda standards.
- Facilitating implementation and maintenance of IT Security controls within FINCA Uganda and ensuring delivery of assigned IT security tasks/activities
- Acting as cyber security subject matter expert throughout projects lifecycle, including functional requirements, design specifications, testing and quality assurance, implementation and support.
- Working with IT staff to resolve identified cyber security issues/concerns and developing recommendations for cybersecurity improvements
- Communicating and collaborating with internal clients to contribute to security direction, and providing influence and technical guidance on current and future technical directions
- Periodically reviewing activity logs / audit trails of the various bank IT systems, privileged accounts, monitoring security logs and incidents including performing investigations and follow-up on implementation of remedial actions
- Organizing and conducting system user access reviews and recertification on a quarterly basis.
- Utilizing appropriate tools to evaluate business environment against security policy and risk posture in terms of;
- Network vulnerability scanning
- Device configuration management
- Application testing
- Network monitoring
- Log review
- Threat modelling
- Source code review
- Conducting system risk assessments as per the Risk Management workplan and driving actions and enhancement of controls based on lessons learned from Root Cause Analysis
- Supporting the Head of Risk Management in checking and ensuring closure of internal & external audit issues, RCSA and updating of risk registers for Products and Innovations and Information technology.
- Monitoring the Information Technology key risk indicators
- Supporting any ongoing projects especially the Core Banking System post implementation assessments and the digital transformation projects.
- Supporting the Head of Risk Management in coordinating information security Risk awareness in FINCA Uganda through forums, training sessions etc
- Providing input in the annual Information Technology Security Budget cycle
- Developing and maintaining documentation of relevant Information Technology Systems and Security controls
- Assessing and documenting Information Technology technical compliance of FINCA Uganda and providing recommendations for FINCA Uganda security policies.
To perform the job successfully, an individual should demonstrate the following competencies:
- Must be a team player and possess excellent inter-personal skills; be an active listener; and possess good telephone and e-mail etiquette.
- Extensive multi-tasking and prioritization skills
- Ability to work beyond official hours if required to do so.
- Capability to maintain a high level of confidentiality.
- Strong verbal and written communication skills.
- Proactive self-starter demonstrates initiative and works independently with minimum supervision.
Qualifications and Experience
Bachelor’s degree in Information Technology or Computer Science, or a related field.
Professional Certifications CISA, CISM, CRISC, CISSP, CBCI, SANS GIAC, ISO 27001 are an added advantage
Security Vendor Certifications (e.g Cisco, TrendMicro, Splunk, Qualys) is a plus and Practical training in IT risk management within the financial services sector is preferred.
3+ years Information Technology experience in areas of technology governance, risk management control management or IT audit and ability to demonstrate domain knowledge of I.T infrastructure, application development/SDLC and information security
How to Apply:
All candidates who so wish to take up this role in the aforementioned capacity are encouraged to send their applications with detailed CVs including present position and copies of relevant professional/academic certificates to: email@example.com
Deadline: 2nd June 2023