Chief Information Security Officer job at NCBA Bank Uganda Limited | Apply Now

Along-side the EXCOM, is accountable for achievement of the set targets and strategic outcomes within approved budget.

Reporting to the Executive Director on an agreed interval but not less than once per quarter on; assessment of the confidentiality, integrity and availability of the information systems in the Bank, detailed exceptions to the approved cyber and technology policies and procedures, assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution during the period.

Organizing professional cyber related trainings to improve technical proficiency of staff.

Safeguarding the confidentiality, integrity and availability of information.

Overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.

Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow); and Network utilization and performance data.

Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.

Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).

Ensure that regular and comprehensive cyber risk assessments are conducted at least once a year.

Ensure that adequate processes are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.

Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.

Review periodically the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.

Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.

Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.

Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.

Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis

decision-making, are clearly defined, documented and communicated to relevant staff.

Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.

Safeguarding the confidentiality, integrity and availability of information.

Define and implement recruitment, learning and performance management strategies, as well as cultural practices that attract, nurture and retain the best talent.

Drive competency focus through continuous learning and job enrichment to ensure high performance.