Job Title: Field Associate (8 UN Job Vacancies) Organisation: United Nations…
Barclays Bank Career Jobs – Head of Technology Risk Assurance and Governance
Organisation: Barclays Bank
Duty Station: Kampala, Uganda
Reports to: Head of Retail Underwriting
About Barclays Africa:
Barclays
Africa encompasses Barclays Global Retail Banking, Corporate Banking, and
Barclaycard operations in 10 countries organised in four geographic areas: North
Africa (Egypt), East and West Africa (Ghana, Tanzania, Uganda and Kenya),
Southern Africa (Botswana, Zambia and Zimbabwe), and Indian Ocean (Mauritius
and Seychelles).
Africa encompasses Barclays Global Retail Banking, Corporate Banking, and
Barclaycard operations in 10 countries organised in four geographic areas: North
Africa (Egypt), East and West Africa (Ghana, Tanzania, Uganda and Kenya),
Southern Africa (Botswana, Zambia and Zimbabwe), and Indian Ocean (Mauritius
and Seychelles).
Barclays
Africa serves its 2.8m customers through a network of 573 branches and service
centres providing a variety of traditional financial products including retail
mortgages, current and deposit accounts, commercial lending, unsecured lending,
credit cards, treasury and investments.
Africa serves its 2.8m customers through a network of 573 branches and service
centres providing a variety of traditional financial products including retail
mortgages, current and deposit accounts, commercial lending, unsecured lending,
credit cards, treasury and investments.
Job Summary: The Head of Technology Risk Assurance
and Governance will be a
member of the GRB Information Security and Technical Quality Risk team
responsible for implementing the information security programme and providing
quality risk management and assurance within Uganda technology.
and Governance will be a
member of the GRB Information Security and Technical Quality Risk team
responsible for implementing the information security programme and providing
quality risk management and assurance within Uganda technology.
Key Duties &
Responsibilities:
Responsibilities:
1. Risk and Controls
Management:
Management:
- Mange the Technology Risk Landscape, by ensuring required Risk
Control assessments are completed and Effective controls are being tested
for effectiveness on a regular basis and ineffective controls are tracked
for closure. - Implement effective security controls into the environment
following a risk based approach. - In put into the development of the Global IT Risk
methodology which will then be implemented into BBU - Ensure all key stakeholders understand and buy in to the IT Risk
Controls Framework . - Ensure technical security solutions are designed and included into
key developments - Ensure that security risks in applications and systems are
understood and mitigating controls are in place. - Providing technical risk assessment data for local business owners
to translate into business risk terms, and on which to base business risk
decisions
2. Governance and
Audit Assurance:
Audit Assurance:
- Regulatory Attestation – Review issues provided by UK Governance,
consider and declare additional issues; Provide current state assessments;
Manage CIBULS/CIGLS local actions; Provide business unit attestations. - Management Assurance – Assist with defining the scope for controls
assurance reviews. - Policy Management – Ensure all appropriate technology staff are
aware of the new policy approval process and the policies which directly
affect them; Review and advise on any policy non-compliance. - Closure Assurance – Provide an initial review of audit closure
evidence and RCA final action closure evidence. Manage and track
locally owned Audit actions. - Provide consultancy, advice and guidance on Information Security
to both business and technology management. - Liaise with both Internal and external Audit groups on
technology risk and control issues - Liaise with external industry and government groups to keep
abreast of new security threats and initiatives. - Leverage ideas, solutions, remediation plans and security
activities with other country IT Risk management system. - Provide oversight of any local IT Security/ Risk implementations.
3. Global Information
Security Strategy and Plan:
Security Strategy and Plan:
- Develop a local security strategy to meet business objectives,
ensure that: - IT projects are designed and implemented with adequate levels of
IT security - Security resources are used effectively and efficiently
- Escalation processes are in place both locally and across the
cluster to facilitate risk decisions. - Support and input to the centralised GRB International Information
Security Programme to ensure that all local country requirements are
addressed. - Build and maintain effective relationships between the information
security function and local business areas. - Be an integral part of the Global Information Security Team,
building relationships and sharing information. - Implement a security awareness program which incorporates the
following:
– Mandatory information security training for all staff
– New joiner security induction
– Specific IT security awareness e.g. hacking, phishing incidents, spoofing,
virus’s etc
– Appropriate awareness tools and material are developed and communicated
4. Compliance with
Information Security Standards:
Information Security Standards:
- Help to build and implement a set of fit for purpose security
standards and procedures. - Ensure standards incorporate any local variants, applicable
legislation and regulations where appropriate. - Ensure a local governance process is in place to review and
approve deviations to policy or standards and participate in the
International Governance Forum. - Provide advice and guidance on policy and standards interpretation
to both the business and technology groups. - Implement a metrics program to measure compliance with the
Security programme including: - Dispensations to policy and standards
- Implementation of technical security standards per platform
- Contract reviews and third party assessments and due diligence
- Awareness and education participation and reach
- Project Security risk indicators
- Ensure IT Security functions are implemented in a manner that
meets and exceeds compliance with standards
5. Service
Continuity Management:
Continuity Management:
- Work with the BBU BCM managers to undertake remedial action to
make existing arrangements more affective. (Such as placing BCM with
Operation) - Implement a fit for purpose, cross functional, business continuity
capability within country utilizing the new Barclays BCM Tool. - Ensure fit for purpose disaster recovery IT infrastructures are
established - Co-ordinate and control IT processes with business BCM
coordinators - Manage and update the IT BCM tool to ensure upto date systems info
is fed into the system and that the tool is maintained upto date. - Ensure an up to date IT asset regime is in place
- Complete monthly reports accurately and timorously
- Responsible for integrity of business continuity systems, IT
methodologies and strategy within country - Managing and implementing the IT technical plan
- Responsible for development, implementing and ongoing management
of the IT aspects of continuity testing and proving regimes within country - Support to Business Continuity Plan owners with technical
direction and support in fulfilling their BCM activities - Provide monthly reporting to the Head of IT on BCM activities and
other stakeholders as the need may arise.
Qualifications, Skills &
Experience:
Experience:
- The candidate
should possess experience within a financial institutional – preferably
retail banking. - Experience in
any operational security roles - Information
Security Background - A working
knowledge of Microsoft Office tools, Windows, UNIX and other platforms and
applications - Experience of
COBIT, BS7799 or other relevant frameworks - Detailed
understanding of the principles, practices, and techniques related to
Information Security. - Technical
Security background and experience of working on application developments - A good
understanding of the issues faced with outsourcing to external vendors and
experience of conducting vendor assessments. - Knowledge and understanding
of the implications, to Barclays, of the laws and regulations associated
with Information Security. - Ability to
influence senior management in relation to important security decisions. - Proven
leadership, relationship management and communication skills. - Certified
Security or Audit Qualification (CISSP, CISM, CISA)
How to Apply:
If you
feel challenged by any of the above positions, and believe you can deliver on
key deliverables as outlined above, upload your application letter, current
curriculum vitae and photocopies of academic certificate to our recruitment
website detail below:
feel challenged by any of the above positions, and believe you can deliver on
key deliverables as outlined above, upload your application letter, current
curriculum vitae and photocopies of academic certificate to our recruitment
website detail below:
Barclays
is an equal opportunity employer that recruits, develops and promotes people on
merit, and rewards outstanding performance, regardless of background and gender.
is an equal opportunity employer that recruits, develops and promotes people on
merit, and rewards outstanding performance, regardless of background and gender.
For
queries contact us on 0417122453 or email: barclays.uganda@barclays.com
queries contact us on 0417122453 or email: barclays.uganda@barclays.com
Deadline: 26th
November, 2013
November, 2013
For
More Ugandan Jobs, Please Visit https://www.theugandanjobline.com or
find us on our facebook page https://www.facebook.com/UgandanJobline
More Ugandan Jobs, Please Visit https://www.theugandanjobline.com or
find us on our facebook page https://www.facebook.com/UgandanJobline