IT Risk Manager Job at KCB Bank

Jobspace Uganda January 27, 2026

KCB Bank

IT Risk Manager Job Post

Location:  Jobs in Uganda 2025 - 2026


Work Hours: Full-time, 08 hours per day

Salary: UGX

No. of vacancies: 01

Deadline: February 6 2026

Hiring Organization: KCB Bank

Job Details:

About Us

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation: Group Name Change, Name Change Certificate, KCB Advise on Non-Operating Holding Company, KCB Group Structure, Kenya Gazette Notice.

KEY RESPONSIBILITIES:

A. IT Risk Governance & Framework Implementation

  • Implement and maintain the IT Risk Management Framework in line with the Bank’s Enterprise Risk Management (ERM) framework and Group standards.
  • Maintain an updated IT Risk Register, identifying emerging threats, control weaknesses, and residual risks.
  • Ensure alignment of IT Risk activities to the Risk Appetite Statement, Basel II/III, ISO 27001, NIST, and COBIT frameworks.
  • Facilitate periodic IT risk assessments, scenario analysis, and control self-assessments across all IT domains.
  • Drive IT Risk awareness and capacity building across the Bank.

B. IT Risk Monitoring, KRIs & Reporting

  • Define and track Key Risk Indicators (KRIs) for critical IT processes, including cybersecurity, system availability, change management, and data protection.
  • Prepare monthly and quarterly IT Risk Reports for Management Risk Committee (MRC), Board Risk Committee (BRC), and Group Risk.
  • Escalate breaches of IT risk appetite and ensure timely mitigation.

C. Incident, Cyber, and Operational Resilience Management

  • Coordinate the incident management process, ensuring prompt logging, investigation, root cause analysis (RCA), and closure of IT incidents.
  • Support the activation and escalation under the Cybersecurity Incident Response and Recovery Plan (CIRRP).
  • Work closely with IT, Information Security, and BCM teams to ensure effective response and post-incident reviews.
  • Maintain oversight of Business Continuity (BCP) and Disaster Recovery (DR) testing outcomes and ensure alignment to the bank’s Resilience Framework.

D. Third-Party & Project Risk Oversight

  • Conduct IT risk assessments for new systems, digital channels, APIs, and major IT projects.
  • Evaluate and monitor third-party/vendor IT risks, including due diligence, data privacy, service continuity, and exit strategies.
  • Participate in Change Advisory Board (CAB) sessions to ensure risk considerations are embedded before deployment.

E. Regulatory, Audit & Group Alignment

  • Ensure compliance with Bank of Uganda, Data Protection, and Group Information Security standards.
  • Coordinate responses to internal audits, external audits, and regulatory inspections, ensuring timely closure of findings.
  • Maintain strong engagement with Group IT Risk and Group Information Security to align local initiatives with Group frameworks.

F. Emerging Risk, Reporting & Awareness

  • Identify and assess emerging technology risks, including AI, cloud, fintech partnerships, and open APIs.
  • Conduct periodic risk reviews, thematic analysis, and technology risk stress testing.
  • Champion awareness sessions on cyber hygiene, information security, and IT risk governance across business units.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

a) Academic & Professional

Education Bachelor’s degree Information Technology, Computer Science, Information Science, Information Systems, Information Security or related disciplines

Professional Qualifications CRISC, CISM, CISSP, CISA, ISO 27001 Lead Implementer & related professional qualifications Added Advantage

Master’s degreeIT, MBA, Computer Science, Risk & related disciplines Added Advantage

Application procedure

Click Here to Apply Now

Date Posted: 2026-01-27

MORE JOBS IN UGANDA HERE

NEVER MISS OUT ON A JOB ALERT, CLICK HERE TO JOIN JOB SPACE UGANDA WHATSAPP GROUP TODAY


CLICK HERE TO JOIN OUR WHATSAPP CHANNEL

Jobspace Uganda

Posted by Jobspace Uganda

Post a Comment

0 Comments