The Ugandan Jobline

 Job Title:    Information Technology
Security Officer

Organization:  Stanbic
Bank

Duty Station:  Kampala,
Uganda

 

About US:

Stanbic Bank Uganda
Limited is a subsidiary of Stanbic Africa Holdings Limited which is in turn
owned by Standard Bank Group Limited (“the Group”), Africa’s leading banking
and financial services group. The Standard Bank Group is the leading banking
group focused on emerging markets. It is the largest African banking group
ranked by assets and earnings. Stanbic Bank Uganda Limited is the largest bank
in Uganda by assets and market capitalization. It offers a full range of
banking services through two business units; Personal and Business Banking
(PBB), and Corporate and Investment Banking (CIB).

 

Job Summary:  The Information Technology Security Officer
will implement a comprehensive Information Technology security program with the
Information Technology lines of business to protect their applications and
supporting infrastructure from both internal and external threats, manage
threats and incidents when these materialise, ensure compliance with regulatory
requirements regarding Information Technology security, ensure the appropriate
use of bank assets and educate employees about their Information Technology
security responsibilities.

 

Key Duties and
Responsibilities:

Work with IT
partners to provide IT Security Advisory services and guidance

·        
Build
and maintain relationships with key stakeholders to further embed the
partnership that exists between IT Security, IT and the business.

·        
Research
and maintain knowledge of the IT threat landscape, security trends, regulatory
requirements, new technologies and best practices in order to provide sensible
and pragmatic security advice to stakeholders.

·        
Provide
ad-hoc consulting and engagement with various business units on secure, cost
effective and practical control implementations across various platforms and/or
systems.

·        
Facilitate
the adoption of IT Security solutions e.g. privilege user management or access
management processes and services e.g. IT Security engineering and penetration
tests across the application and infrastructure landscape.

·        
Provide
adequate IT Security input into all features and other technology solutions;
this includes the requirements for the evaluation, selection, installation,
configuration and maintenance of hardware, applications and software.

·        
Develop
an effective line of  business IT
Security strategy that supports and enables business strategy.

·        
Advise
IT business partners on regulatory and/or legal requirements as it relates to
securing of data as well as assist with the implementation of the controls to
support these requirements.

·        
Establish
relevant metrics and management information to facilitate reporting and
decision making.

·        
Facilitate
the reduction in the number and impact of IT Security incidents.

·        
Act as a
single point of contact for IT security risks, incidents and controls within
the business units.

·        
Lobby
with the BIO/CIO for the prioritization of the security control backlog.

Identify, Assess
and remediate Technology and IT Security 
risks

·        
Develop
a security assessment schedule across the respective lines of business /
business units.

·        
Conduct
reviews of applications, systems, underlying infrastructure and related
processes as per the schedule.

·        
Establish
and maintain risk profiles for business units by facilitating the
implementation and ongoing management of general control reviews.

·        
Develop
a cost-conscious risk treatment plan based on identified risks, threats,
vulnerabilities, audit findings, policies and regulatory requirements.

·        
Collaborate
threat intelligence, cybersecurity, security engineering and other risk
functions to develop and maintain a holistic security strategy and remediation
plans.

·        
Collaborate
with feature teams, product owners, architecture, IT, business, vendors and
other stakeholders to investigate risk remediation controls.

·        
Assist
in documenting and tracking security findings into a formal risk register.
Provide the necessary information to support any deviation to IT Security
policies and standards.

·        
Facilitate
the use of secure architectural patterns and work with the security engineers
to translate these patterns into line of business secure builds.

·        
Embed
the use of self-service and automated security testing into the DevOps/Software
Development Lifecycle.

·        
Facilitate
continuous technical system reviews by working with the Penetration Test Team
and assist business with interpretation and implementation of required
controls.

·        
Recommend
the implementation of effective controls to support defined security policies
and standards. Co-ordinate and track the implementation of remediation plans.

·        
Establish
relevant metrics and produce risk reports for stakeholders highlighting key
risks, threats, incidents progress and status to assist in decision making.

·        
Participate
in IT Security incident response planning and investigation of security
breaches, and assist with disciplinary and legal matters associated with such
breaches as necessary.

Drive appropriate
Logical Access Management practices in IT

·        
Establish,
maintain and improve logical access management practices for all users
(Generic, User, Service and Privileged) by the application of appropriate
manual and/or automated processes – in order to provide assurance that the
right people have the right level of access to the bank’s information.

·        
Implement
and validate all aspects of the access management lifecycle, as prescribed by
the appropriate policies and standards.

·        
Implement
additional processes, such as Segregation of Duties, Password Safes and Audit
trails, to address the risk posed by privileged IT users.

·        
The
success of these activities must translate into the reduction of logical access
audit findings and security breaches of a logical access nature, by embedded
logical access practices into Business processes, and by a positive trend of
various metrics being used to track maturity and control failures

Create culture and
awareness of IT Security good practices

·        
Develop
an awareness and training plan for the line of business that is fit for
purpose, aligned with strategy and considers a range of risk data points e.g.
audit findings, risk and control selfassessments, IT Security risk assessments,
emerging threats and risks, and incidents.

·        
Create
awareness to the IT Executives and broader IT community on the back of new
threat and risk intelligence. Proactively create awareness on recurring risk
themes.

·        
Implement
the awareness plan through various delivery mediums.

·        
Measure
the effectiveness of the awareness plan through sampling, surveys, tests,
attendance registers or equivalent.

Assist with
implementation of IT Security Policies, Standards and Guidelines

·        
Participate
in the development of new and the annual review of existing IT Security
Policies, Standards and Guidelines by providing input to enhance the quality
and completeness of these documents.

·        
Communicate
the requirements for compliance to the IT Security Policies, Standards and
Guidelines to the relevant parties within IT. • Identify areas of
non-compliance to IT Security Policies and Standards within IT.

·        
Alert
the responsible parties in IT where there is non-compliance to IT Security
Policies and Standards and work with them to identify and recommend practical
and feasible remediation plans and technical solutions.

·        
Report
on the level of compliance and progress towards achieving compliance to IT
Security Policies, Standards and Guidelines to the IT business partners.

 

Qualifications, Skills and Experience:

·        
The
ideal candidate for the Stanbic Bank Information Technology Security Officer
employment opportunity must hold a First degree preferably in Computer Science

·        
Information
Security related Certification (CISSP, CISM, CRISC, CISA)

·        
7-10
years experience in directly assessing and communicating Risk Exposures and
developing risk mitigation plans.

·        
Experience
in working with international and cross functional matrix environments.  Experience in engaging with a broad spectrum
of stakeholders including senior executives.

·        
3-4
experience in managing and coaching people.

·        
3-4
Years experience in coordinating large initiatives across multiple areas.

·        
Knowledge
of domestic and international banking industry

·        
knowledge
of the Bank’s business, products, key clients, business strategy and strategic
issues

·        
knowledge
of regulatory requirements of home markets

·        
Information
Security Management

·        
Risk
Identification

·        
Information
Security

 

How to Apply:

All candidates are
strongly encouraged to apply online at the link below.

 

Click
Here

 

For
more of the latest jobs, please visit https://www.theugandanjobline.com or find us on our facebook page https://www.facebook.com/UgandanJobline

Related Jobs