The role holder will support effective management of IT and cyber risks by providing independent assurance on the adequacy of controls, assisting in second-line risk assurance activities, and ensuring robust risk oversight through established governance processes.

KEY RESPONSIBILITIES /KEY DELIVERABLES

Conducting Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.

Performance of periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.  Identification and evaluation of business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.  Providing guidance over the general activities and concerns of the organization’s information technology function including governance, policy, control design, general operational effectiveness, and internal controls.

Liaising and coordinating with respective Risk champions, review IT risk and control self-assessments.  Maintaining and following up / tracking for closure all IT findings arising out of Risk, Internal Audit, External Audit and BOU reviews.

Monitoring and tracking IT risk events and following up associated actions plans to closure. § Working with control owners to ensure control accuracy and remediation of any issues related to control exceptions.

Maintaining a forward-looking Technology risk profile of the bank that captures the major risks, ensuring that risks that might impact multiple businesses and/or support functions are captured, and actions initiated to mitigate and control risks leading to a reduction in operational losses.

Ensuring that staff are adequately trained in IT Risk Management, policies, and procedures.

Ensuring that controls and checks associated with IT Risk Management deployment are in place and are effective § Performing annual Quality Assurance Reviews of IT related Policies, Processes, and procedure manuals.

Overseeing the Disaster Recovery Governance framework and Implementation. § Supporting in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk Indicators § Supporting elements of IT related Investigations.

Conducting IT Project Risk Assessments as and when required.

Providing risk oversight and assurance over the activities of the Business Technology; Digitisation and Innovation Units.

Providing support in the preparation of monthly ICT risk reports as part of input into the monthly Management Risk Committee meetings and quarterly Board Risk Committee meetings.

Conducting IT Risk awareness training and sharing of IT risk control communication across the bank to improve risk awareness.

BUSINESS BEHAVIOURS § Passion: Committed to excellence, delivering outstanding results and making a positive impact on our customers and stakeholders.

Teamwork: Collaborates, mutual respect, and diverse perspectives, to achieve shared success and deliver greater value to the Bank. § Integrity: Uphold honesty, transparency, and accountability, ensuring ethical practices in every action.

Innovation: Embrace creativity and forward-thinking, continually seek new solutions to enhance customer experience and drive business growth.

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES REQUIRED § Bachelor of in Information Systems Technology, Computer Science, or Engineering, or equivalent experience required

Possesses or part qualified in one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.

Must have critical thinking, analytical, attention to detail and problemsolving skills to quickly stop threats of significance to the institution.

Good verbal and written communication skills

At least two years’ experience in IT Audits , IT Risk management or Banking Operations. THE FOLLOWING DOCUMENTS SHOULD ACCOMPANY THE APPLICATION

Cover letter, Detailed CV, and Copies of academic documents all as one file. MODE OF APPLICATION § Online applications addressed to Chief People & Strategy Officer, Pearl Bank Uganda. § Send application to hr@postbank.co.ug with job title as subject. § Closing Date: Monday 3rd November 2025 at 5:00pm. § Only shortlisted candidates will be contacted.