Job Title: IT Security Specialist – Governance
Organisation: DFCU Bank
Duty Station: Kampala Uganda
Reports to: Manager- IT Security, Standards and Architecture
DFCU Bank is a fast growing commercial bank offering a variety of innovative products and services. DFCU Limited was started by the Commonwealth Development Corporation (CDC) of the United Kingdom and the Government of Uganda through the Uganda Development Corporation (UDC) under the name of Development Finance Company of Uganda Limited. Later restructuring brought in DEG (of Germany) and International Finance Corporation (IFC) as equal partners with CDC and UDC, each having a 25% stake in the company. Its objective was to support long-term development projects whose financing needs and risk did not appeal to the then existing financial commercial lending institutions.
Job Summary: Reporting to the Manager- IT Security, Standards and Architecture, the IT Security Specialist- Governance is responsible for conducting independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. Works with technical teams and service providers to assess, identify and provide appropriate security mechanisms and solutions to be integrated into the bank’s systems operations and make recommendations for implementation.
Key Duties and Responsibilities:
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Assess all the configuration management (change configuration/release management) processes including Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework and compliance process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Monitor targets and Key Risk Indicators across the IT function and report the violation of risk policy with proposal of appropriate measures.
- Facilitate and support the audit management process. Activities include coordinate IT based Audit assignments, audit issue consolidation, resolution, and closure.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network and ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated, as necessary.
- Monitor, document and ensure resolution of all cyber/ information security incidents, implement incident handling and escalation procedures, and report all incidents to IT Security Manager, standards and Architecture, Head BT, and Operation Risk.
Qualifications, Skills and Experience:
- The ideal candidate for the DFCU Bank IT Security Specialist- Governance job must hold a Bachelor’s Degree in Computer Science, Information Technology, or a related numerical sciences degree.
- Information Security and /or Information Technology industry certification (CISSP, CISM, CEH, CISSP-ISSMP, CISA, CRISC or GIAC equivalent) strongly preferred.
- At least five years of experience with a minimum of 3 years exposure to reviewing and advancing Information Security in a bank/ financial services environment.
- Experience in assessing and mitigating technology risk (Solid understanding of Risk Management processes)
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of authentication, authorization, and access control methods.
- Knowledge of the ISO 27002 Standard and PCI DSS.
- Knowledge of applicable business processes and operations of customer organizations.
- Knowledge of Cyber-Defense and vulnerability assessment tools and their capabilities.
- Knowledge of cryptography and cryptographic key management concepts.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Skill in applying security controls.
- Advanced Business Architectural & IT Security skills.
- Analytical Thinking & Inductive Reasoning.
- Planning and Organization.
- Problem Solving.
- Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
- Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
- Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
- Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
- Inspire Commitment –Actions and behaviors are consistent with words.
- Self-Development – Pursues positive change in self and organization. Drives own personal development plan.
How to Apply:
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates (University Transcript, O & A level) to the email address indicated below.
dfcu Bank is committed to give equal opportunities in employment and aims to ensure that it does not discriminate against gender or race. Only shortlisted candidates will be contacted through +256 312 300391.
Deadline: 29th July 2022