Job Title: Risk Analyst
Organisation: National Information Technology Authority-Uganda (NITA-U)
Duty Station: Kampala, Uganda
Reports to: Information Security Compliance Manager
The National Information Technology Authority-Uganda (NITA-U) was established as a statutory body under the National Information Technology Authority, Uganda Act, 2009 as one of the key players in the Information and Communications Technology Sector. Its mandated is to coordinate, promote and monitor IT development within the context of national social and economic development, with a vision as “a facilitator of a knowledge-based, globally competitive Uganda where social transformation and economic development is supported through IT enabled services.”
Job Summary: The Risk Analyst will guide organizations in performing security analysis and evaluating their risk exposure enabling them improve their information security practices and posture as well as to provide information assurance to their stakeholders.
Key Duties and Responsibilities:
· Carry out information security risk assessments to ensure appropriate information security and business continuity controls exist in organizations including describing and estimating the risks
· Identify and evaluate technology risks, mitigating controls, and opportunities for control improvement
· Evaluate organizations criteria for previous handling of risks
· Offer technical support for organizational risk reporting in an appropriate manner across strategic, tactical and operational levels
· Providing support, education and training to staff to build capacity in risk awareness, analysis and management within organizations
· Regularly monitor systems and identify and report violations of risk limits.
· Evaluate the effectiveness of organizational controls, perform risk analysis and management activities and develop appropriate mitigation plans.
· Suggest enhancements to organisational processes and policies to avoid operational risks.
· Undertake audits of organizational policies and compliance to National standards, legislations and frameworks.
· Analyse audit findings and assist in implementing audit recommendations.
· Support organizations develop effective risk registers.
· Review and recommend improvements to existing risk modelling techniques.
· Perform procedures and assessments necessary to ensure the safety of information assets.
· Support in the development of policies/Standards/Guidelines/ Best Practices.
· Keenly review business contracts, terms and scope to identify any risks.
· Propose new techniques and technologies for risk analysis and management.
· Perform any other duties as may be assigned.
Qualifications, Skills and Experience:
· The ideal candidate for the Risk Analyst job vacancy should hold a Bachelor’s degree in Computer Science, Information Technology, Information Science, Information Systems, Information Security or a related field from a recognized university
· Industry Certifications such as CRISC, CISA, ISO 27001 and ISO 31000, COBIT will be of an advantage
· A minimum of three years’ experience in Risk Management or Information Security Management or ICT Audit consulting or in a related field.
· Previous experience with Governance Risk and Compliance tools as well as mechanisms
· Working knowledge of National information risk management frameworks and standards
· Broad knowledge and understanding of Information Security
· IT background (infrastructure & application)
· Knowledge of Risk Management
· Basic Knowledge of Project Methodology
· Computer literacy i.e. proficiency in the use of Microsoft Word, Excel and Power Point (Visio is a plus)
· Excellent analytical and problem –solving skills
· Good Communication & interpersonal skill across strategic, tactical and operational levels
· Stakeholder Management skills
· Flexibility, persistence and willingness to work on a variety of activities/tasks
· Excellent organizational skills
Clearance: The successful applicant will be subject to National Security Vetting in line with the National Information Security Framework (NISF).
How to Apply:
All candidates who meet the job requirements/specifications and with the right personal attributes are invited to complete and submit their application form, download here, with a cover letter, supported by curriculum vitae, copies of certificates and testimonials, and must specify day time telephone contact, postal and email addresses of both the applicant and three referees, to the address below.
The Executive Director,
National Information Technology
Authority – UGANDA (NITA-U),
Palm Courts, Plot 7A, Rotary Avenue (former Lugogo bypass)
P.O. Box 33151, Kampala-Uganda
Tel: 0417 801 038
Or via email: firstname.lastname@example.org (application must not exceed 10MBs)
Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts.
Deadline: 21st October, 2016 by 17.00 hrs.
For more of the latest jobs, please visit http://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline