 |
| Cairo bank Uganda |
IT Risk Officer Job Post
Location: Jobs in Uganda 2025 - 2026
Work Hours: Full-time, 08 hours per day
Salary:
UGX
No. of vacancies: 01
Deadline: September 5 2025
Hiring Organization: Cairo bank Uganda
Job Details:
The IT Risk Officer will be tasked with identifying, evaluating, monitoring, and managing IT-related risks to safeguard the security, integrity, and accessibility of the Bank’s IT infrastructure and systems. This position ensures that IT risk management aligns with the Bank’s overall risk appetite and adheres to industry’s best practices in cybersecurity and IT governance. Additionally, the role will oversee the development and execution of IT Risk Management Policies, Procedures, and Standards, actively participating in independent IT risk assessments and reviews, and ensuring timely resolution of issues in accordance with the Bank’s policies and procedures.
Reports to: Chief Risk Officer
Department: Risk
Key Responsibilities:
- IT Risk Identification & Assessment: Identify IT-related risks, including cybersecurity threats, data privacy, system failures, and operational risks. Conduct risk assessments and analysis to evaluate the potential impact on the Bank’s operations. Perform Systems and networks user recertifications.
- IT Risk Monitoring & Reporting: Monitor key IT & Cybersecurity risk indicators (KRIs), threat intelligence, and control effectiveness. Prepare regular reports for senior management (IT steering Committee, Risk Management Committee and Executive Committee) and Board on IT & Cybersecurity risk posture, incidents, and breaches. Review and revalidate IT & Cybersecurity units Risk Control self-Assessments (RCSAs)
- Risk & Control Evaluation: Assess the adequacy of IT controls, policies, and procedures and report to management with suitable recommendations / actions taken to correct the gaps. Review IT audits, penetration testing results, and internal/external audit findings and endure issues closure. Review, and assess to ensure security protocols such as firewalls, encryption, multi-factor authentication, and security patches are implemented and are up to date and report to management
- Incident & Threat Management: Oversee the response to cybersecurity incidents, data breaches, or IT system failures.
Conduct incident / threat root cause analysis and recommend remediation actions. - Policy & Framework Development: Support to develop, update, and implement IT risk management policies, standards, and procedures. Follow up with IT & Cybersecurity related policies procedure owners to ensure that these policies / procedures /guidelines are communicated clearly and updated regularly to reflect changes in technology and threat landscape.
Review relevant policies to ensure that they align with regulatory requirements and industry best practices. Review Bank’s compliance with cybersecurity regulations and industry standards (e.g., BOU cybersecurity guidelines). - Awareness & Training: Promote a risk-aware culture by conducting training and awareness programs on IT security best practices. Keep staff informed on emerging IT risks and threat landscape. g) Vendor & Third-Party Risk Management: Assess third-party IT service providers’ security controls and risks. Review the third-party IT vendors compliance with the Bank’s security policies and contractual obligations.
- Regulatory & Compliance: Review Bank’s compliance with relevant IT and cybersecurity regulations and reporting requirements. Support regulatory examinations and audits related to IT governance and risk management.
- Continuous Improvement: Stay updated on evolving IT risks, cybersecurity threats, and industry best practices and report to management and Board Recommend and implement enhancements to the Bank’s IT risk management framework. Participate in industry forums such as UBA IT steering committee and report back to management of lesson learnt.
- Change Management: Perform regular management reviews and report to Management
- Business continuity Management: Draft Business continuity plans cover data backups, disaster recovery procedures, communication protocols, and resource allocation. Liaise with process owners to perform and update Business Impact Analyses (BIAs) to understand the consequences of processes disruptions.
Drive and coordinate regularly test BCM and disaster recovery plans through drills and simulations. Sensitize staff on their roles in Business continuity Management, Promote awareness of emergency procedures and communication pathways. Ensure BCM plans meet regulatory standards and industry best practices. Maintain BCM documentation for audits and compliance verification.
Education.
- Bachelor’s degree in information technology, Cybersecurity, Computer Science, or related field
- Professional certifications such as CISSP, CISM, ISO 27001 Lead Auditor, or equivalent gives added advantage.
- Knowledge of regulatory standards related to IT and cybersecurity.
Experience.
- At least 2 years’ experience in IT risk management, cybersecurity, or IT audit within the banking or financial services sector.
Skills and competencies.
- Strong analytical, communication, and problem-solving skills.
- Good working Knowledge of Core Banking Systems (any), and networks
- Experience with Key Risk Indicators and Technology Risk reporting preferred
- Demonstrated ability to participate in complex, comprehensive or large IT related projects and initiatives.
- Team player
- Observant
- Analytical and critical skills
Application procedure
Date Posted: 2025-09-02
MORE JOBS IN UGANDA HERE
NEVER MISS OUT ON A JOB ALERT, CLICK HERE TO JOIN JOB SPACE UGANDA WHATSAPP GROUP TODAY
0 Comments