Job Title: Chief Information Security Officer
Organisation: I&M Bank Uganda
Duty Station: Kampala, Uganda
Reports to: Chief Executive Officer
About Organisation:
I&M Bank is a leading banking and insurance group in Eastern Africa with a presence in Kenya, Mauritius, Rwanda, Tanzania and Uganda. I&M Bank Uganda is a commercial bank headquartered at Kampala Road plot 6/6A with a growing regional presence. The Bank offers a wide range of commercial banking and financial products and services, and prides itself on introducing innovative products and services based on the needs of its customers.
Job Summary: A Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and cyber security strategy, governance, and risk management.
Key Duties and Responsibilities:
Risk Governance and Strategy
- Overseeing and implementing the institution’s cybersecurity program and enforcing cyber and technology policy.
- Ensuring that information systems meet institutional needs and ICT strategies align with business strategies and risk appetite.
- Review and assess risks associated with exceptions/deviations to cyber and technology policies and gain senior management approval.
- Review periodically the approved exceptions/deviations to ensure residual risks remain acceptable.
Risk Identification, Assessment, and Mitigation
- Ensure regular and comprehensive cyber risk assessments are conducted at least once a year.
- Ensure monitoring processes detect cyber and technology events and incidents in a timely manner.
- Incorporate scenario analysis for material cyber-attacks, mitigation, and identifying control gaps.
- Safeguarding the confidentiality, integrity, and availability of information.
Fraud Risk Management
- Effectiveness of fraud detection and prevention programs (e.g., reduced fraud incidents and losses).
- Responsiveness and effectiveness in addressing fraud… risk events.
Business Continuity Planning (BCP) and Crisis Management)
- Ensure timely update of the incident response mechanism and BCP based on latest cyber threat intelligence.
- Ensure frequent data backups of critical IT systems to separate storage locations.
- Ensure cyber risk roles and responsibilities in emergency/crisis decision-making are defined and communicated.
- Continuously test disaster recovery and BCP arrangements to ensure regulatory compliance and operational continuity.
Leadership and Culture
- Design cybersecurity controls considering all levels of users (internal and external).
- Organize professional cyber-related trainings to improve staff technical proficiency.
Reporting and Communication
- Report to the CEO at least quarterly on:
- Confidentiality, integrity, and availability of systems,
- Exceptions to cyber policies,
- Effectiveness of the cybersecurity program,
- Material cyber and tech events affecting the institution.
Technology and Innovation
- Maintain a current enterprise-wide knowledge base of users, devices, applications, software, and network details.
Qualifications, Skills and Experience:
- Bachelor’s Degree (Required):
- Computer Science, Cybersecurity, Information Technology, or related field.
- Master’s Degree (Preferred):
- MBA, M.S. in Cybersecurity, or Information Security.
Preferred Certifications.
- CISSP, CISM, CISA, CRISC, CEH.
Additional Knowledge Areas:
- Risk management, regulatory compliance (e.g., GDPR, HIPAA), security frameworks (NIST, ISO 27001), and business continuity.
- Leadership Skills
- Strong leadership and team management capabilities.
- Ability to influence and collaborate with Board members, Senior Management, and Cross-functional teams.
- Excellent communication and presentation skills to convey complex risk concepts to diverse audiences.
- Strategic and Analytical Thinking
- Strong problem-solving and decision-making skills under uncertainty.
- Ability to anticipate emerging risks and proactively design mitigation strategies.
- Exceptional analytical skills to evaluate and prioritize risks based on potential impact.
Behavioral Competencies
- High ethical standards and integrity.
- Resilience under pressure and ability to navigate crises effectively.
- Adaptability to changing regulatory landscapes and evolving risk environments.
How to Apply:
All suitably qualified and interested applicants should apply online at the link below.
Deadline: 4th July 2025
Note: Only shortlisted candidates will be contacted
For more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline
Level of Education: Bachelor Degree
Work Hours: 8
Experience in Months: no experience required