IT Security Specialist- Governance
Jobs at:dfcu Bank
Deadline of this Job:
29 July 2022
Within Uganda , Kampala , East Africa
Date Posted: Tuesday, July 19, 2022 , Base Salary: Not Disclosed
dfcu Bank is a fast-growing Bank in Uganda offering a wide range of financial solutions to its chosen market segments. We are seeking to recruit for the role of IT Security Specialist- Governance in our Chief Operations Officer (COO) domain to support our expansion strategy.
REPORTING TO : Manager- IT Security, Standards and Architecture
JOB PURPOSE :
Reporting to the Manager- IT Security, Standards and Architecture, the role holder is responsible for conducting independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. Works with technical teams and service providers to assess, identify and provide appropriate security mechanisms and solutions to be integrated into the bank’s systems operations and make recommendations for implementation.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Assess all the configuration management (change configuration/release management) processes including Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework and compliance process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Monitor targets and Key Risk Indicators across the IT function and report the violation of risk policy with proposal of appropriate measures.
• Facilitate and support the audit management process. Activities include coordinate IT based Audit assignments, audit issue consolidation, resolution, and closure.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network and ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated, as necessary.
• Monitor, document and ensure resolution of all cyber/ information security incidents, implement incident handling and escalation procedures, and report all incidents to IT Security Manager, standards and Architecture, Head BT, and Operation Risk.
QUALIFICATIONS, EXPERIENCE and COMPETENCIES REQUIRED:
• A minimum qualification of a Bachelor’s Degree in Computer Science, Information Technology, or a related numerical sciences degree.
• Information Security and /or Information Technology industry certification (CISSP, CISM, CEH, CISSP-ISSMP, CISA, CRISC or GIAC equivalent) strongly preferred.
• At least 5 years’ experience with a minimum of 3 years exposure to reviewing and advancing Information Security in a bank/ financial services environment.
• Experience in assessing and mitigating technology risk (Solid understanding of Risk Management processes)
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of the ISO 27002 Standard and PCI DSS.
• Knowledge of applicable business processes and operations of customer organizations.
• Knowledge of Cyber-Defense and vulnerability assessment tools and their capabilities.
• Knowledge of cryptography and cryptographic key management concepts.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in applying security controls.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Problem Solving.
• Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviors are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.
Work Hours: 8
Experience in Months: 60
Level of Education: Bachelor Degree
Job application procedure
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates (University Transcript, O & A level), by close of business on Friday 29th July 2022 to the email address indicated below.
dfcu Bank is committed to give equal opportunities in employment and aims to ensure that it does not discriminate against gender or race. Only short-listed candidates will be contacted through +256 312 300391.
Disclaimer: dfcu Bank does not solicit/accept payment in cash/kind from prospective candidates in exchange for shortlisting or job placement. Any candidate who engages in this kind of transaction is aiding and abetting fraud and will be automatically disqualified.