FINCA UGANDA
Location: Head Office
Validity period: 05/05/2025 – 16/05/2025
SUMMARY
The Information Security & Business Continuity Officer is responsible for coordinating information security and IT related business continuity initiatives within the organization and ensuring that the organization is compliant to the laid down requirements as stipulated in governing policies. The Information Security & Business Continuity Officer will also be responsible for ensuring the implementation of measures towards compliance with applicable data protection and privacy laws and regulations.
Key duties and responsibilities
Coordinating Business and Information Technology Continuity Planning and DR testing across FINCA Uganda Business Units and infrastructure
Assessing and documenting cyber security posture of 3rd party vendors and their services against FINCA Uganda standards.
Facilitating implementation and maintenance of IT Security controls within FINCA Uganda and ensuring delivery of assigned IT security tasks/activities
Acting as cyber security subject matter expert throughout projects lifecycle, including functional requirements, design specifications, testing and quality assurance, implementation and support.
Working with IT staff to resolve identified cyber security issues/concerns and developing recommendations for cybersecurity improvements
Communicating and collaborating with internal clients to contribute to security direction, and providing influence and technical guidance on current and future technical directions
Periodically reviewing activity logs / audit trails of the various bank IT systems, privileged accounts, monitoring security logs and incidents including performing investigations and follow-up on implementation of remedial actions
Organizing and conducting system user access reviews and recertification on a quarterly basis.
Utilizing appropriate tools to evaluate business environment against security policy and risk posture in terms of;
Network vulnerability scanning
Device configuration management
Application testing
Network monitoring
Log review
Threat modelling
Source code review
Conducting system risk assessments as per the Risk Management workplan and driving actions and enhancement of controls based on lessons learned from Root Cause Analysis
Supporting the Head of Risk Management in checking and ensuring closure of internal & external audit issues, RCSA and updating of risk registers for Products and Innovations and Information technology.
Monitoring the Information Technology key risk indicators.
Supporting any ongoing projects especially the Core Banking System post implementation assessments and the digital transformation projects.
Supporting the Head of Risk Management in coordinating information security Risk awareness in FINCA Uganda through forums, training sessions etc
Providing input in the annual Information Technology Security Budget cycle
Developing and maintaining documentation of relevant Information Technology Systems and Security controls.
Assessing and documenting Information Technology technical compliance of FINCA Uganda and providing recommendations for FINCA Uganda security policies.
Perform any other duties as assigned by management from time to time.
Ensuring implementation and FINCA Uganda’s compliance with applicable Data Protection and Privacy laws and regulations, including;
Serve as the primary point of contact within FINCA Uganda’s for members of staff, regulators, and other relevant public bodies on issues related to data protection and privacy.
Ensure regular training and other awareness culture initiatives on data protection and privacy are conducted.
Conduct regular assessments and audits to ensure compliance with applicable data protection and privacy regulations.
Work with key internal stakeholders in the review of business initiatives such as projects to ensure compliance with applicable data protection and privacy requirements, and where necessary, complete and advise on privacy impact assessments.
Ensure that FINCA Uganda’s IT systems and procedures comply with the relevant data protection and privacy laws and regulations, including the retention and destruction of data.
Maintain records of all data processing activities carried out by FINCA Uganda.
Maintain a record of all data assets and exports and a data security incident management plan to ensure timely remediation of incidents.
Qualifications and Experience
To perform the job successfully, an individual should demonstrate the following competencies:
Must be a team player and possess excellent inter-personal skills; be an active listener; and possess good telephone and e-mail etiquette.
Extensive multi-tasking and prioritization skills
Ability to work beyond official hours if required to do so.
Capability to maintain a high level of confidentiality.
Strong verbal and written communication skills.
Proactive self-starter demonstrates initiative and works independently with minimum supervision.
How to Apply
All candidates who so wish to take up this role in the aforementioned capacity are encouraged to send their applications with detailed CVs including present position and copies of relevant professional/academic certificates to: ug_jobs@fincaug.org
Only shortlisted candidates will be contacted.
Deadline: 16th May 2025
