|
Examiner-IT and Cyber Security (CBs & NBFIs) job at Bank of Uganda
Posted by: great-volunteer
Posted date: 2025-Aug-29
Location: Uganda, Kampala
Examiner-IT and Cyber Security (CBs & NBFIs) 2025-08-28T13:37:18+00:00 Bank of Uganda https://cdn.ugashare.com/jsjobsdata/data/employer/comp_1240/logo/bou.jpg https://www.ugashare.com/jobs/ FULL_TIME Uganda Kampala 00256 Uganda Banking Computer & IT 2025-09-10T17:00:00+00:00 Uganda 8 To assess, monitor, and enforce compliance with IT governance, cybersecurity, and digital banking risk management standards in Commercial Banks and Non-Bank Financial Institutions. The role ensures that financial institutions maintain secure, resilient, and compliant technology environments to safeguard the stability of the financial system and protect customer data. This includes conducting regular inspections, identifying potential vulnerabilities, and recommending enhancements to mitigate IT and Cyber threats. - DUTIES AND RESPONSIBILITIES:
- Examination and Assessment
- Conduct onsite and offsite IT and Cyber examinations of financial institutions.
- Evaluate IT governance structures, cybersecurity frameworks and resilience against operational disruptions.
- Review core banking systems, payment platforms and emerging digital banking channels.
- Assess the adequacy IT General Controls (ITGCs), application controls, and disaster recovery/business continuity plans.
- Risk & Compliance Review
- Evaluate banks’ compliance with regulatory requirements, including BOU guidelines, Basel III operational risk standards and data protection regulations.
- Assess implementation of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls).
- Identify and report deficiencies, systemic risks, and non-compliance issues.
- Incident Response Oversight
- Regularly monitor banks’ responses to major IT or cybersecurity incidents.
- Assess incident root cause analysis, remediation actions, and communication to stakeholders.
- Recommend improvements banks’ incident detection and response capabilities.
- Reporting & Enforcement
- Prepare clear and concise examination reports with findings, risks, and regulatory recommendations.
- Present examination outcomes at both EXCO and Board exit meetings.
- Recommend enforcement actions for non-compliance, including sanctions where necessary.
- Policy Development & Advisory
- Contribute to the development and updating of IT and Cyber supervisory policies.
- Provide technical advisory to other examiners and bank supervision teams on IT risk trends.
- Continuous Improvement & Training
- Stay updated on emerging threats, technologies and international best practices in banking cybersecurity.
- Carry out regular training of team members and participate/conduct annual training session to provide guidance to SFIs Board members and Executive management to improve their cybersecurity practices and compliance with regulations.
- Mentor other examiners and deliver training to enhance examination capabilities.
- Stakeholder collaboration
- Work closely with SFIs, other regulatory bodies and cybersecurity experts to enhance the overall cybersecurity framework.
9. EXPECTED OUTPUTS/DELIVERABLES - IT and Cybersecurity institutional and sector wide risk profile
- IT and Cyber Security inspection Reports
- Proposed Cyber and Technology guidelines.
- Incident reports and remediation actions.
- Draft collaboration reports, which document collaboration with other regulatory authorities, stakeholder feedback reports and cybersecurity experts.
- Quarterly and Annual sector wide IT and cybersecurity report.
10. PERSON SPECIFICATION A. Minimum Qualifications - First Class or Second Class Upper Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Computer Engineering or a closely related field.
- Possession of at least one of the certifications as; a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified in Risk and Information Systems Control (CRISC) with ISO 27001 Lead Auditor or CompTIA Security+ is mandatory.
- A master’s degree in any of the aforementioned fields is an added advantage.
B. Experience - Minimum 5 years of relevant work experience in IT audit, cybersecurity, or risk management, preferably in a Financial Institution or Audit Firm.
- Familiarity with national and international cybersecurity standards such as NIST, ISO 27001 among others.
- Age
- Competencies
Technical skills - Excellent Report writing skills
- In-depth knowledge of cyber security principles, threat landscape and best practices.
- Strong understanding of the SFIs systems and the regulatory environment.
- Proficiency in cybersecurity risk assessment and management.
Behavioral skills - Integrity
- Transparency and accountability
- Excellence
- Teamwork
- Analytical thinking and problem solving
- Interpersonal and stakeholder engagement
- Planning and organizing skills
- Innovativeness
- PHYSICAL DEMANDS OF THE JOB:
- The job requires long hours of various system performance reviews and assessment to determine vulnerabilities.
- The job requires assessment of both CBs and NBFIs which is physically exhausting.
JOB-68b05b8e6018e Vacancy title:
Examiner-IT and Cyber Security (CBs & NBFIs) Jobs at:
Bank of Uganda Deadline of this Job:
Wednesday, September 10 2025 Duty Station:
Uganda | Kampala | Uganda Summary
Date Posted: Thursday, August 28 2025, Base Salary: Not Disclosed JOB DETAILS: To assess, monitor, and enforce compliance with IT governance, cybersecurity, and digital banking risk management standards in Commercial Banks and Non-Bank Financial Institutions. The role ensures that financial institutions maintain secure, resilient, and compliant technology environments to safeguard the stability of the financial system and protect customer data. This includes conducting regular inspections, identifying potential vulnerabilities, and recommending enhancements to mitigate IT and Cyber threats. - DUTIES AND RESPONSIBILITIES:
- Examination and Assessment
- Conduct onsite and offsite IT and Cyber examinations of financial institutions.
- Evaluate IT governance structures, cybersecurity frameworks and resilience against operational disruptions.
- Review core banking systems, payment platforms and emerging digital banking channels.
- Assess the adequacy IT General Controls (ITGCs), application controls, and disaster recovery/business continuity plans.
- Risk & Compliance Review
- Evaluate banks’ compliance with regulatory requirements, including BOU guidelines, Basel III operational risk standards and data protection regulations.
- Assess implementation of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls).
- Identify and report deficiencies, systemic risks, and non-compliance issues.
- Incident Response Oversight
- Regularly monitor banks’ responses to major IT or cybersecurity incidents.
- Assess incident root cause analysis, remediation actions, and communication to stakeholders.
- Recommend improvements banks’ incident detection and response capabilities.
- Reporting & Enforcement
- Prepare clear and concise examination reports with findings, risks, and regulatory recommendations.
- Present examination outcomes at both EXCO and Board exit meetings.
- Recommend enforcement actions for non-compliance, including sanctions where necessary.
- Policy Development & Advisory
- Contribute to the development and updating of IT and Cyber supervisory policies.
- Provide technical advisory to other examiners and bank supervision teams on IT risk trends.
- Continuous Improvement & Training
- Stay updated on emerging threats, technologies and international best practices in banking cybersecurity.
- Carry out regular training of team members and participate/conduct annual training session to provide guidance to SFIs Board members and Executive management to improve their cybersecurity practices and compliance with regulations.
- Mentor other examiners and deliver training to enhance examination capabilities.
- Stakeholder collaboration
- Work closely with SFIs, other regulatory bodies and cybersecurity experts to enhance the overall cybersecurity framework.
9. EXPECTED OUTPUTS/DELIVERABLES - IT and Cybersecurity institutional and sector wide risk profile
- IT and Cyber Security inspection Reports
- Proposed Cyber and Technology guidelines.
- Incident reports and remediation actions.
- Draft collaboration reports, which document collaboration with other regulatory authorities, stakeholder feedback reports and cybersecurity experts.
- Quarterly and Annual sector wide IT and cybersecurity report.
10. PERSON SPECIFICATION A. Minimum Qualifications - First Class or Second Class Upper Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Computer Engineering or a closely related field.
- Possession of at least one of the certifications as; a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified in Risk and Information Systems Control (CRISC) with ISO 27001 Lead Auditor or CompTIA Security+ is mandatory.
- A master’s degree in any of the aforementioned fields is an added advantage.
B. Experience - Minimum 5 years of relevant work experience in IT audit, cybersecurity, or risk management, preferably in a Financial Institution or Audit Firm.
- Familiarity with national and international cybersecurity standards such as NIST, ISO 27001 among others.
- Age
- Competencies
Technical skills - Excellent Report writing skills
- In-depth knowledge of cyber security principles, threat landscape and best practices.
- Strong understanding of the SFIs systems and the regulatory environment.
- Proficiency in cybersecurity risk assessment and management.
Behavioral skills - Integrity
- Transparency and accountability
- Excellence
- Teamwork
- Analytical thinking and problem solving
- Interpersonal and stakeholder engagement
- Planning and organizing skills
- Innovativeness
- PHYSICAL DEMANDS OF THE JOB:
- The job requires long hours of various system performance reviews and assessment to determine vulnerabilities.
- The job requires assessment of both CBs and NBFIs which is physically exhausting.
Work Hours: 8 Experience in Months: 60 Level of Education: bachelor degree Job application procedure ■Applications should be submitted by filling out the online application link https://forms.office.com/r/1QyrMX8qKL ■Please follow the stated instructions in the form as accurately as possible. Note that inaccurate applications will be automatically disqualified. ■Applications should be accompanied by; 1) National ID (Front and Back) – Mandatory. Ensure both the front and back sides are scanned and visible. 2) Academic Qualification Documents – Mandatory. These should match all the required qualifications mentioned in the job descriptions. 3) Letter of Equivalence for the Class of Degree from the National Council of Higher Education for applicants whose first degree (Bachelor’s) was obtained from a foreign University. 4) A duly registered Statutory Declaration for applicants with name and/or date of birth variations. ■Please ensure that all required documents are duly attached and MUST be scanned as one single document. ■Please note that failure to attach the required documents will lead to automatic disqualification. Management reserves the right to terminate applicants found with concealed or falsified information and academic credentials. Only shortlisted candidates will be contacted.
|