United Bank for Africa (UBA) is one of Africa’s leading financial institutions, with operations
in twenty (20) countries and four (4) global financial centers: London, Paris, Dubai and New
York. UBA has evolved into a Pan-African, provider of banking and related financial
services through diverse channels globally.
United Bank for Africa Uganda represents UBA’s pioneer country activities in the East and
Southern African sub-region. With a growing network of branches and ATMs across the
country, the bank continues to expand the retail and commercial playing field in Uganda
by delivering unique financial products and solutions. The bank is seeking to recruit the
following highly motivated, competent, result oriented and dynamic professionals for the
following positions;
ROLES & RESPONSIBILITIES
1. Establish Governance & Build Knowledge
Facilitate an information security governance structure within Country/Region through the
implementation of a hierarchical governance program
Provides regular reporting on the current status of the information security program to
enterprise risk teams and senior business leaders as part of a strategic enterprise risk
management program, thus supporting business outcomes
Develops, socializes and coordinates approval and implementation of security policies within Country/Region
Works with the vendor management office to ensure that information security requirements
are included in contracts by liaising with vendor management and procurement
organizations
Directs the creation of a targeted information security awareness training program for all
employees, contractors, and approved system users, and establishes metrics to measure
the effectiveness of this security training program for the different audiences
Understands and interacts with related disciplines, either directly or through committees, to
ensure the consistent application of policies and standards across all technology projects,
systems and services, including privacy, risk management, compliance and business
continuity management
Provides clear risk mitigating directives for projects with components in IT, including the
mandatory application of controls
Embeds Cyber Judgement across a decentralized or distributed decision making model
Leads the security champion program to mobilize employees in all locations
2. Leadership
Leads the information security function within the Country/Region to ensure consistent and
high-quality information security management in support of the business goals
Determines the information security approach and operating model in consultation with
stakeholders and aligned with the risk management approach and compliance
monitoring of non-digital risk areas
Manages the budget for the information security function within Country/Region,
monitoring and reporting discrepancies
Manages the cost-efficient information security organization within Country/Region,
consisting of direct reports and dotted line reports (such as individuals in business continuity
and IT operations). This includes hiring (and conducting background checks), training, staff
development, performance management and annual performance reviews
•normalize the wide variety and ever-changing requirements resulting from global laws,
standards and regulations
Develops and maintains a document framework of continuously up-to-date information
security policies, standards and guidelines. Oversees the approval and publication of these
information security policies and practices
Creates a framework for roles and responsibilities with regard to information ownership,
classification, accountability and protection of information assets
Facilitates a metrics and reporting framework to measure the efficiency and effectiveness
of the program, facilitates appropriate resource allocation, and increases the maturity of
the information security, and reviews it with stakeholders at the executive and board levels
5. Collaborative Functions
Provides input for the IT section of the company’s code of conduct
Creates the necessary internal networks among the information security team and
line-of-business executives, corporate compliance, audit, physical security, legal and HR
management teams to ensure alignment as required
Builds and nurtures external networks consisting of industry peers, ecosystem partners,
vendors and other relevant parties to address common trends, findings, incidents and
cybersecurity risks
Liaises with external agencies, such as law enforcement and other advisory bodies, as
necessary, to ensure that the organization maintains a strong security posture and is kept
well-abreast of the relevant threats identified by these agencies
Liaises with the enterprise architecture team to build alignment between the security and
enterprise (reference) architectures, thus ensuring that information security requirements
are implicit in these architectures and security is built in by design
6. Operational Functions
Creates a risk-based process for the assessment and mitigation of any information security
risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other
third parties
Works with the compliance staff to ensure that all information owned, collected or
controlled by or on behalf of the company is processed and stored in accordance with
applicable laws and other global regulatory requirements, such as data privacy
Collaborates and liaises with the data privacy officer to ensure that data privacy
requirements are included where applicable
Defines and facilitates the processes for information security risk and for legal and
regulatory assessments, including the reporting and oversight of treatment efforts to
address negative findings
