The IT Risk Officer will support the delivery of the Information Technology Risk Management framework by participating in independent IT risk assessments and resolution of issues to completion in accordance with the Bank’s policies and procedures.

Key Responsibilities:

• Conduct Information System risk assessments for new and existing systems, applications and programs to ensure compliance with the bank’s security policies and regulatory requirements.
• Identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Perform periodic and surprise systems security assessments.
• Identify and evaluate business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Guide the general activities and concerns of the Bank’s IT function.
• Liaise and coordinate with respective Operational Risk Champions to review IT risk and control self-assessments.
• Develop and monitor IT key risk indicators.
• Monitor and track IT risk events and follow up on associated action plans to closure.
• Analyze audit findings and assist in implementing audit recommendations
• Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in line with overall information security objectives and risk tolerance
• Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards
  Assist with assessment of vendors and business contracts for evaluation and tracking of risk changes Support in the development of policies/standards/guidelines/best practices.

Education.

• A Bachelor’s degree in Information Systems, Computer Science or any other related discipline from a recognized university.
• Professional IT Security Certification e.g. CRISC, CISA or other related certification is an added advantage.
• Advanced knowledge of organization, technology controls, security and risk issues.

Experience.

• At least 3 years of professional experience holding a related position in a financial institution regulated by the Bank of Uganda.

Skills and competencies.

• Good working knowledge of T24 Core Banking System is preferred.
• Demonstrated ability to participate in complex, comprehensive or large IT related projects and initiatives.