Posts
Position Title: IT Risk Officer
Organisation: BANK OF AFRICA – UGANDA Ltd
Deadline: Monday, 20th January
2014
Reporting: to
the Head of Risk
Background Information:
BANK OF AFRICA – UGANDA Ltd. is part of GROUPE BANK OF AFRICA (BOA) comprising
16 Commercial Banks, 3 Leasing Companies, 2 Investment Companies, a Stock
Brokerage Company, an Asset Management Company and a Mortgage Bank. It spans 15
African countries and France, employing over 5,000 people. BOA believes in
Transparency, Expertise, Proximity and Responsibility.
BOA UGANDA is seeking applications from qualified persons who are
accomplished to take up the position of IT Risk Officer. The position will be reporting to the Head of
Risk and will be responsible for the following:
Position Function:
Provide technical expertise with regards to Information Security and other
ICT-related business processes, and oversee the on-going management of
information security policies, procedures, and technical systems in order to
maintain the confidentiality, integrity, and availability of all of the Bank’s
information systems at all times.
Apply to: Human Resources Manager
Email: boajobs@boauganda.com
Address: Plot 45, Jinja Road
Deadline: Monday, 20th January 2014
Qualifications:
·
Bachelor’s degree in ICT,
Computer Science or a related field
·
CISM or CISA and other related
Professional Certification in ICT Risk Management
·
Professional project management
certification is an added advantage
·
Minimum of 3 years’ experience
with exposure to reviewing and advancing IT Security
·
Experience in risk management
processes related to Business Impact Analysis,
Business Continuity Planning, Disaster Recovery Planning, Change Management
etc
·
Experience or qualifications in
Oracle databases, networks and systems management and ICT projects and
operations
·
Business acumen, planning and project management skills
·
Analytical skills
·
Strong communication and presentation
skills
·
Interpersonal skills with ability
to influence people across the Bank and teamwork skills
·
Initiative / self -drive,
monitoring and follow up skills
·
Able to work in a fast-paced and
results oriented environment
Key duties & Responsibilities:
·
Prepare, implement and review the
Bank’s ICT security policy, procedures, controls and standards for both
existing and new applications
·
Ensure reviews are conducted to
ensure that all systems have effective, quality ICT security documentation in
place, including: qualitative risk assessments; current and effective ICT
security plans; annual system self-assessments; current and tested contingency
plans; and current certification and accreditation
·
Conduct regular Business Impact
Assessment, and derive Business Continuity Plans and a standing Disaster
Recovery Plan for the Bank
·
Conduct self-assessments of the
Bank’s ICT Security Program to ensure the Bank’s effective implementation of
and compliance with established policies and procedures and best practices
·
Address/correct any weakness
identified during assessments and audit exercises
·
Monitor business systems through
adequate audit logging, scanning, and monitoring processes
·
Establish and implement a process to ensure
that all users receive periodic ICT security awareness briefings and
communicate rules of behavior, train staff to fulfill their ICT security
responsibilities
·
Monitor, document and ensure
resolution of all incidents, implement incident handling and escalation
procedures, and report all incidents to the Head of Risk
·
Ensure that ICT security is
addressed in the development and acquisition process of all Information Systems
and Security Related products and services
·
Monitor and enforce internal risk
policies related to ICT
·
Monitor and report any violations
of ICT risk policy and proposal of appropriate response measures
·
Assist the business/support units
to manage and implement ICT risk management mechanisms
·
Monitor developments in ICT risk
management approaches in the industry, assess viability and recommend actions
for implementation and improvement
·
Perform any other duties that may
be assigned from time to time by the Head of Risk
Read more from the website on the link below:
