Job Title:Â Manager IT Security Governance
Organisation:Â DFCU Bank
Duty Station: Kampala, Uganda
Â
About the Company:
DFCU Bank is a fast growing commercial bank offering a variety of innovative products and services. DFCU Limited was started by the Commonwealth Development Corporation (CDC) of the United Kingdom and the Government of Uganda through the Uganda Development Corporation (UDC) under the name of Development Finance Company of Uganda Limited. Later restructuring brought in DEG (of Germany) and International Finance Corporation (IFC) as equal partners with CDC and UDC, each having a 25% stake in the company. Its objective was to support long-term development projects whose financing needs and risk did not appeal to the then existing financial commercial lending institutions.
Job Summary: Â Â Reporting to the Head Information and Cybersecurity, the role holder will be responsible for developing, implementing, and overseeing security policies, frameworks, and strategies to ensure compliance with regulations, alignment with business objectives, and effective risk management across the organization.
Key Duties and Responsibilities:
Security policy development and management:
- Develop, implement, and maintain security policies, standards, and guidelines.
- Ensure policies align with `bank goals, industry standards, and regulatory requirements (e.g., ISO 27001, NIST.).
- Periodically review and update policies to address evolving risks and technologies.
Risk Management:
- Lead department risk assessment process in line with ISO 27001.
- Test the controls identified within the department RCSA and implement identified gaps.
- Develop and oversee risk treatment plans to mitigate identified vulnerabilities.
- Facilitate regular risk assessments and track the resolution of high-priority risks.
Regulatory Compliance:
- Ensure the bank complies with legal, regulatory, and contractual obligations related to information security. This includes ensuring quarterly reporting to Bank of Uganda as per the Bank of Uganda Guidelines on Cyber and Technology Risk 2024.
- Act as a liaison during audits or assessments and ensure audit findings are addressed timely. This involves working with other team members resolve audit issues timely and effectively to avoid repeat issues.
- Monitor changes in relevant regulations and update governance practices accordingly.
Security framework Implementation:
- Implement and manage security frameworks such as ISO 27001, COBIT, NIST CSF, or others as appropriate.
- Establish and maintain an Information Security Management System (ISMS) for structured governance.
Metrics and Reporting:
- Automation of the information security reporting dashboard and management of update of the same.
- Provide regular reports to Executive management and the board on the organization’s security posture, risks, and compliance status.
Governance Committees and Stakeholder Engagement:
- Participate in security governance committees, ensuring cross-functional alignment on security goals.
- Develop and enforce third-party security agreements and ensure they align with organizational risk tolerance.
Incident and Crisis Management Oversight:
- Provide governance support during security incidents by ensuring the incident response process aligns with policies and compliance requirements.
- Ensure lessons learned from incidents are integrated into governance improvements.
Training and Awareness Programs:
- Establish and oversee security awareness programs to educate employees and customers on security policies, risks, and best practices.
- Continuous Improvement:
- Develop and refine the organization’s long-term information security strategy.
- Stay informed about emerging threats, technologies, and governance trends to adapt practices proactively.
- Benchmark the bank’s information security program against industry best practices.
Qualifications, Skills and Experience:
- Minimum: Bachelor’s degree in computer science, Information Technology, or a related field.
- Preferred: Master’s degree specializing in Digital Security.
- Certifications: CISSP, CISM, CEH, CISA, CRISC, or ISO27001 Lead implementor or Lead Auditor equivalent.
- Experience: At least 6 years, with a minimum of 3 years in information security within a bank/financial services environment.
- Information security framework implementation and audit knowledge. For example, ISO 27001 framework.
- PCI -DSS standard implementation knowledge.
- System Security Assessments
- Team leadership skills and stakeholder management
- Strategic & Analytical thinking
- Communication skills.
How to Apply:
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates, to the email address indicated below:
[email protected]
Kindly copy your respective HCBP in the process of sending through your applications.
Deadline: 09th April 2025.
Â
For more of the latest jobs, please visit https://www.ugashare.com or find us on our facebook page https://www.facebook.com/Ugashare
Job Title: Â VR Developer (2 Fresher Jobs) Â Organisation: Infectious…
Job Title:  3D UI/UX Designer  Organisation: Infectious Diseases Institute…
Job Title:Â Manager, Business Development -SBGS Organisation:Â Stanbic Bank Uganda Limited…
Job Title:Â Â Retail Development Manager Organisation:Â EBC Duty Station:Â Kampala, Uganda Salary:…
Job Title:Â Â Lubricants Territory Manager Organisation:Â EBC Duty Station:Â Kampala, Uganda Salary:…
Job Title:Â Â Commercial C Industry Sales Territory Manager Organisation:Â EBC Duty…