ICT Risk Officer

Apply by Email

BRAC Uganda Bank is hiring an ICT Risk Officer to assume a pivotal role in safeguarding Brac Uganda Banks’s digital assets, emphasizing the preservation of confidentiality, integrity, and availability of information. This role encompasses the evaluation, analysis, and mitigation of ICT-related risks, along with the formulation and execution of robust risk management strategies and policies.

Reports to:

Head of Risk

MAIN JOB RESPONSIBILITIES

Assess and analyse the bank’s ICT systems, applications, and processes to identify vulnerabilities and potential risks.

Regularly review bank’s systems and banking application user rights and develop/update user right matrices.

Maintain criteria for assessing applications and systems to measure compliance with company policies, procedures, standards, security training programs, technical infrastructure, and development efforts against internal compliance baselines.

Analyse existing ICT risk management processes and recommend improvements to ensure a clear separation of operational and compliance responsibilities.

Collaborate with IT teams to assess and evaluate new technologies, systems, ICT projects, IT vendors and applications for potential risks and vulnerabilities.

Analyse database activities and user actions to detect and investigate any unauthorized or suspicious activities.

Review the implemented security controls and hardening measures for database systems.

Conduct training sessions for staff, emphasizing ICT risks and mitigation measures related to operations, strategy, and compliance.

Develop and implement ICT risk management policies, procedures, and guidelines to ensure compliance with regulatory requirements and industry best practices.

Assist with assessments of vendors and business contracts for evaluation and tracking of risk changes.

Prepare and present detailed reports on ICT risk assessments, incidents, and mitigation strategies to senior management and stakeholders.

Monitor ICT activities to ensure adherence to set policies, procedures, and guidelines governing risk identification, assessment, control, and overall risk management processes.

REQUIRED QUALIFICATIONS AND SKILLS

Bachelor’s degree in computer science, Software Engineering, Information Technology, Cybersecurity and Digital Forensics or Information Systems.

At least 1 year experience in ICT in a banking environment with ICT security.

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).

KNOWLEDGE, SKILLS & COMPETENCES

Strong understanding of information technology systems, networks, and infrastructure.

Proficiency in cybersecurity principles, threats, and best practices.

Ability to identify and assess IT related risks and vulnerabilities.

Understanding of relevant compliance,