Chief Information Security Officer job at Bank of Africa Uganda Limited | Apply Now

Cybersecurity Program Development and Enforcement

• Develop, implement, and monitor the Bank’s cybersecurity program in alignment with industry standards and regulatory requirements.

• Enforce the Bank’s cyber and technology policy to ensure compliance with regulatory and institutional standards for data protection, cybersecurity controls, and incident response.

• Regularly review and update the cybersecurity program and policies to reflect the latest threat intelligence, industry trends, and regulatory requirements.

Comprehensive Asset and Infrastructure Management

• Maintain an enterprise-wide knowledge base of users, devices, applications, and software licenses, along with relationships across assets to ensure complete visibility over information resources.

• Oversee the continuous management of software and hardware asset inventories, network maps (including traffic flow and boundaries), and performance data to prevent unauthorized access and identify vulnerabilities.

• Implement continuous monitoring and risk-based auditing of information assets and network infrastructure, ensuring a robust security posture across all systems.

Alignment with Strategic and Operational Objectives

• Ensure the Bank’s information systems and cybersecurity initiatives align with business strategies, risk appetite, and ICT risk management policies.

• Develop and implement user-centric security controls designed to meet the needs of internal users (management and staff) and external stakeholders (contractors, partners, and service providers).

• Collaborate with executive management to ensure the ICT strategy, including information systems and cybersecurity measures, supports the Bank’s overall business strategy and regulatory obligations.

Risk Assessment, Incident Detection, and Response

• Lead comprehensive cyber risk assessments at least annually, applying best practice industry standards and guidance to identify potential security threats and vulnerabilities.

• Establish processes for proactive monitoring and timely detection of cyber and technology events or incidents, with a robust incident response plan in place.

• Regularly update the incident response mechanism and Business Continuity Plan (BCP), incorporating scenario analyses to evaluate potential material cyber-attacks and identify control gaps.

Policy Compliance, Exception Management, and Reporting

• Review and assess risks related to any deviations or exceptions to approved cyber and technology policies, obtaining senior management approval as needed.

• Report at least quarterly to the Managing Director and to the Board on: confidentiality, integrity, and availability of information systems; detailed exceptions to cyber and technology policies; effectiveness and resilience of the cybersecurity program; and significant  cyber and technology events affecting the bank.

• Ensure prompt periodical reporting to the regulator as required by relevant regulations

• Regularly re-evaluate exceptions to ensure residual risks remain within acceptable thresholds as determined by the institution and regulatory bodies.

Cybersecurity Training and Workforce Development

• Lead the organization of professional cybersecurity-related training for Bank employees to enhance technical proficiency, ensuring alignment with the best practice standards and regulation.

• Cultivate an institution-wide cybersecurity culture that promotes awareness and best practices, engaging staff at all levels on the importance of security compliance and vigilance.

Cybersecurity Monitoring, Incident Detection, and Business Continuity

• Ensure that regular, comprehensive cyber risk assessments are conducted to evaluate emerging threats and vulnerabilities in the IT environment.

• Implement continuous monitoring mechanisms for IT systems to detect cyber incidents promptly and ensure frequent data backups to secure storage for data integrity and accessibility.

• Lead regular testing of disaster recovery and BCP arrangements to ensure the Bank’s ability to function and meet regulatory obligations following cyber incidents or disruptions.

Data Integrity, Confidentiality, and Availability

• Safeguard the confidentiality, integrity, and availability of information assets by implementing robust security controls, regularly assessing their effectiveness, and adapting to emerging threats.

• Ensure that roles and responsibilities for managing cyber risks, including during crises, are clearly defined, documented, and communicated to relevant staff.

Additional Responsibilities

• The Bank reserves the right to amend, modify, or adjust the responsibilities of this position as business needs evolve, in alignment with applicable labour laws.

• The Employee may also be required to undertake additional duties or projects from time to time, within their capabilities and consistent with the responsibilities of the role, as directed by the Employer.

Key Performance Indicators:

• Cybersecurity program compliance.

• Incident detection level and response times

• Risk assessment completion and vulnerability management (closure and tracking)

• Cybersecurity user awareness and training completion

• Effectiveness and efficiency in reporting