Manager ICT Security Job Vacancies – Petroleum Authority of Uganda (PAU)


Job Title:       Manager
ICT Security

Organization: Petroleum
Authority of Uganda (PAU)

Duty Station: Kampala,

Reports to: Director ICT and Data Management


About US:

The Petroleum
Authority of Uganda (PAU) is a statutory body established under Section 9 of
the Petroleum (Exploration, Development and Production Act 2013, and in line
with the National Oil and Gas Policy for Uganda which was approved in 2008. The
PAU’s mandate is to monitor and regulate the exploration, development and
production, together with the refining, gas conversion, transportation and
storage of petroleum in Uganda. This includes ensuring that petroleum
operations in Uganda are carried out in accordance with the relevant laws,
regulations, guidelines, statutes and in line with international best practice
for the petroleum industry.


Job Summary:  The Manager ICT Security will be responsible
to and report to the Director ICT and Data Management. He/she will be
responsible for implementation of Enterprise Risk Management and Compliance,
Business Continuity and Disaster Recovery Systems, ICT Security Controls and
ensure Confidentiality, Availability and Integrity (CIA) of systems and
creation of secure integration and external linkages to other E-Government Systems.
He/ She will be responsible for ensuring controls are inbuilt in ICT and Data
Management systems, software development, Internal Capacity building,
governance, management, implementation of security monitoring and control
framework to address the Authority’s information technology security risks,
prevent unauthorized access to the Organization’s ICT Infrastructure, Systems
Applications and data/information; and regular reporting on the threats


Key Duties and Responsibilities:  

Develop and implement the ICT Security and Compliance
strategy that is aligned to overall organization strategy.

Coordinate the secure integration and external linkages to
other E-Government Systems.

Develop, refine, maintain and implement enterprise-wide
Information Security and Risk policies, procedures and standards to meet
compliance responsibilities.

Coordinate the design and implementation of disaster
recovery system, Data Backups, business continuity planning, testing of the

Coordinate the development and maintenance of a
comprehensive ICT and Data Management risk register.

Implement, maintain and monitor the information technology
security architecture consistent with relevant laws and international security
standards and practices;

Conduct business impact analysis to ensure that key
resources both tangible and intangible are adequately protected with proper
security measures and controls.

Develop capacity in the use of quantitative and
qualitative approaches, CostBenefit and risk analysis in ICT risk mitigation
and control measures.

Evaluate security risks, identify and define compliance
strategies in accordance with policies, standards, guidelines and procedures.

Implement the Data Protection control frameworks for the

Coordinate and oversee the processes for software design,
development and commissioning to ensure Quality Assurance and security controls
are in-built with in

Periodically undertake assessment of the ICT security
landscape to identify security gaps/vulnerabilities, recommend control

Review, develop and guide the implementation of security
policies and procedures for access management, user activity monitoring,
logging, and general security controls;

Supervise the system tuning tasks and database
optimization in order to improve the reliability of information technology
security solutions;

Coordinate investigations into information technology
security violations to facilitate decision making;

Coordinate and supervise the implementation of information
security awareness and sensitization programs for staff;

Prepare and submit periodic ICT Security and compliance

Plan and manage the performance and development of staff
under supervision so as to improve their productivity; and

Perform any other duties as may be assigned from time to


Qualifications, Skills and Experience:

applicant for the Petroleum Authority of Uganda (PAU) Manager ICT
job placement must hold a Masters’
Degree in Computer Science, Information Technology, information and Network
security, Cyber security management, Statistics (Computing option), Software
Engineering; Computer Engineering, Management Information System (MIS),
Information Systems Security from an internationally recognized University/

An honors bachelor’s degree in Computer Science;
Information Technology; Statistics with computing option; Mathematics with
computing option; Business Computing; Commerce (Accounting and IT option);
Information Systems, Information Security; Computer Engineering; Software
Engineering, from an internationally recognized University or institution.

At least seven years (7) years’ working experience in the
design and implementation of enterprise resource planning systems, Risk
management and mitigation, systems security and database management, system
development, system administration, enterprise security architecture design
five (5) of which should have been gained at middle management level from a
busy and reputable organization.

Demonstrated understanding and familiarity with Business
Continuity and Disaster Recovery Planning, Information Systems Security and IT
Risk Assessment and Management, Cyber Security, email, access lists and
internet, web, application and network security techniques. 

Demonstrated understanding and experience in conducting
Enterprise Risk Assessments and mitigations, Cost Benefit Analyses, and
Governance, Risk and Compliance (GRC).

Good knowledge of the ICT policies, procedures, standards
and Legislations.

Good knowledge of software development processes and

Professional certification such as; Certified Information
Systems Security Professional (CISSP), Certified Information Security Manager
(CISM), Oracle Certified Professional (OCP), Certified Information Systems
Auditor (CISA), Certified in Governance and Enterprise IT (CGEIT) COBIT 5,
ISO27001 Information Security Management, Project Management Professional
(PMP), Data Analytics, and Microsoft Certified Technology Specialist (MCTS).

Possess excellent project management skills.

Good communication and interpersonal skills.

Ability to conduct research into enterprise systems,
networking issues and products as required.

Highly self-motivated and directed, with keen attention to

Proven analytical and problem-solving abilities.

Ability to effectively prioritize tasks in a high-pressure

Strong customer service orientation.


How to Apply:

All suitably
qualified and interested candidates are encouraged to apply online by clicking
on the link below.


Click Here (Register) -> Proceed to Application



  • ONLY online applications will be
  • Applicants are required to scan and
    attach CERTIFIED copies of the required academic documents only e.g.
    Degree, Transcript, Diploma, A-level and O-level certificates and PLE
    results slip.
  • Academic documents for the successful
    candidates will be vetted and background checks conducted before they are
    considered for appointment into the Authority.
  • Only short listed and successful
    candidates will be contacted.
  • All appointments shall be subject to a
    probationary period of not more than six months and subsequent
    confirmation in service will be based on satisfactory performance of the


Deadline: 28th August 2020 by 11:59 pm.


For more of the
latest jobs, please visit or find us on our facebook page

Leave a Reply

Your email address will not be published. Required fields are marked *