IT Security Risk Manager job at Exim Bank (Uganda) Limited | Apply Now

Conducting vulnerability assessments to identify security weaknesses within the bank's technology environments. i.e., test and identify network and system vulnerabilities, identify risk tolerances, recommend treatment plans, and disseminate reports about residual risk.

Analysis of information protection technologies and processes including information databases and applications to identify technology security weaknesses and potential risks.

Conduct risk assessments of data processing systems to confirm the design of logical controls and ensure that they are effective and meet business practices and regulatory and legal requirements.

Regular risk reviews on Interface reconciliations to ensure that entries in CBS agree to interface/payment systems. i.e., regular spot checks.

Ensuring that audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with IT policies and audit requirements.

Regular review of system user access rights and profiles including super user counts for all critical systems.

Regular risk reviews on cash deposit machines (CDMs), ATMs, and other delivery channels, including offsite ones.

Conducting data protection and privacy risk assessments in line with the Data Protection Act, regulations, and the bank’s policies.

Conducting vendors’/third parties’ risk-based reviews/assessments.

Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken, and recommend suggested approaches to deal with lessons identified and ensure timely reporting/adequate participation in the investigation of IT security incidents.

In collaboration with the IT department, offer guidance/Subject Matter Expertise for future system enhancements in line with the bank’s overall strategy.

Create and manage information security and risk management awareness training programs for employees including all approved system users.

Identify, communicate, and manage current and emerging security threats with relevant stakeholders.

Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.

Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the bank on identifying acceptable levels of residual risk.

Work with various stakeholders to identify information asset owners to classify data and systems as part of the control framework implementation.

Independently assess, monitor and report on the bank’s back-up procedures and offer quality assurance on the bank’s overall Disaster Recovery Plan (DRP), including the tests thereof.Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.

Review the change management process ensuring that all changes in the system have corresponding approvals.

Ensure that security programs comply with relevant laws, regulations, and policies to minimize risk and audit findings.