|
Chief Information Security Officer (CISO) job at I&M Bank
Posted by: great-volunteer
Posted date: 2025-Jun-23
Location: Uganda, Kampala
Chief Information Security Officer (CISO) 2025-06-23T07:25:53+00:00 I&M Bank https://cdn.ugashare.com/jsjobsdata/data/employer/comp_3675/logo/I&M%20Bank.png https://www.imbankgroup.com/ FULL_TIME Uganda Kampala 00256 Uganda Banking Media, Communications & Writing 2025-07-04T17:00:00+00:00 Uganda 8 A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management. Key Responsibilities. Risk Governance and Strategy - Overseeing and implementing the institution's cybersecurity program and enforcing cyber and technology policy.
- Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
- Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
- Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.
Risk Identification, Assessment, and Mitigation
- Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
- Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
- Safeguarding the confidentiality, integrity, and availability of information.
Fraud Risk Management - Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
- Responsiveness and effectiveness in addressing fraud... risk events.
Business Continuity Planning (BCP) and Crisis Management) - Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
- Ensure frequent data backups of critical IT systems to separate storage locations.
- Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
- Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.
Leadership and Culture - Design cybersecurity controls considering all levels of users (internal and external).
- Organize professional cyber-related trainings to improve staff technical proficiency.
Reporting and Communication - Report to the CEO at least quarterly on:
- Confidentiality, integrity, and availability of systems,
- Exceptions to cyber policies,
- Effectiveness of the cybersecurity program,
- Material cyber and tech events affecting the institution.
Technology and Innovation - Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Educational Requirements.
Bachelor’s Degree (Required):
- Computer Science, Cybersecurity, Information Technology, or related field.
Master’s Degree (Preferred): - MBA, M.S. in Cybersecurity, or Information Security.
Preferred Certifications. - CISSP, CISM, CISA, CRISC, CEH.
Additional Knowledge Areas: - Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.
Leadership Skills - Strong leadership and team management capabilities.
- Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
- Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.
Strategic and Analytical Thinking - Strong problem-solving and decision-making skills under uncertainty.
- Ability to anticipate emerging risks and proactively design mitigation strategies.
- Exceptional analytical skills to evaluate and prioritize risks based on potential impact.
Behavioral Competencies - High ethical standards and integrity.
- Resilience under pressure and ability to navigate crises effectively.
- Adaptability to changing regulatory landscapes and evolving risk environments.
JOB-6859018140348 Vacancy title:
Chief Information Security Officer (CISO) Jobs at:
I&M Bank Deadline of this Job:
Friday, July 4 2025 Duty Station:
Uganda | Kampala | Uganda Summary
Date Posted: Monday, June 23 2025, Base Salary: Not Disclosed JOB DETAILS: A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management. Key Responsibilities. Risk Governance and Strategy - Overseeing and implementing the institution's cybersecurity program and enforcing cyber and technology policy.
- Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
- Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
- Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.
Risk Identification, Assessment, and Mitigation
- Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
- Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
- Safeguarding the confidentiality, integrity, and availability of information.
Fraud Risk Management - Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
- Responsiveness and effectiveness in addressing fraud... risk events.
Business Continuity Planning (BCP) and Crisis Management) - Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
- Ensure frequent data backups of critical IT systems to separate storage locations.
- Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
- Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.
Leadership and Culture - Design cybersecurity controls considering all levels of users (internal and external).
- Organize professional cyber-related trainings to improve staff technical proficiency.
Reporting and Communication - Report to the CEO at least quarterly on:
- Confidentiality, integrity, and availability of systems,
- Exceptions to cyber policies,
- Effectiveness of the cybersecurity program,
- Material cyber and tech events affecting the institution.
Technology and Innovation - Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Educational Requirements.
Bachelor’s Degree (Required):
- Computer Science, Cybersecurity, Information Technology, or related field.
Master’s Degree (Preferred): - MBA, M.S. in Cybersecurity, or Information Security.
Preferred Certifications. - CISSP, CISM, CISA, CRISC, CEH.
Additional Knowledge Areas: - Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.
Leadership Skills - Strong leadership and team management capabilities.
- Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
- Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.
Strategic and Analytical Thinking - Strong problem-solving and decision-making skills under uncertainty.
- Ability to anticipate emerging risks and proactively design mitigation strategies.
- Exceptional analytical skills to evaluate and prioritize risks based on potential impact.
Behavioral Competencies - High ethical standards and integrity.
- Resilience under pressure and ability to navigate crises effectively.
- Adaptability to changing regulatory landscapes and evolving risk environments.
Work Hours: 8 Experience in Months: 12 Level of Education: bachelor degree Job application procedure Interested in applying for this job? Click here to submit your application now
|