REPORTING TO: Manager IT Security Governance
LOCATION: Kampala
Reporting to the Manager IT Security Governance, the role holder will be responsible for ensuring the security and integrity of software applications by implementing, monitoring, and managing security measures to protect against vulnerabilities, threats, and unauthorized access.
KEY ACCOUNTABILITIES:
- Conduct vulnerability assessments and penetration testing on applications.
- Identify and remediate security weaknesses in application designs, code, and configurations. This is for both new implementations and also for those undergoing changes.
- Collaborate with developers to integrate security into the Software Development Life Cycle (SDLC).
- Investigate and respond to application security incidents, such as breaches or malware infections.
- Perform root cause analysis and recommend preventative measures.
- Ensure applications comply with security standards (e.g., OWASP Top 10, ISO 27001, or PCI-DSS).
- Develop and enforce application security policies and guidelines.
- Deploy and manage tools like Web Application Firewalls (WAFs), Static and Dynamic Application Security Testing (SAST/DAST) tools, and runtime protection tools.
- Continuously monitor application activity for anomalies or suspicious behaviour.
- Educate developers and stakeholders on application security risks and best practices.
- Work with cross-functional teams, including developers, DevOps, and BT teams, to address security issues.
- Communicate risks and solutions to both technical and non-technical stakeholders.
- Stay updated on emerging application security threats and technologies.
- Recommend and implement improvements to enhance application security posture
KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:
- Minimum: Bachelor’s degree in computer science, Information Technology, or a related numerical sciences field.
- Preferred: Master’s degree specializing in Digital Security.
- Certifications: At least one information security certification (e.g., CISSP, CISM, CEH, CCSP).
- At least 5 years in systems/network administration or cybersecurity.
- Banking/financial industry experience is a plus.
- Application security assessment. Collaborate with developers to integrate security into the Software Development Life Cycle (SDLC).
- Ensure applications comply with security standards (e.g., OWASP Top 10, ISO 27001, or PCI-DSS).
- Attack and Penetration testing.
- Analytical & Problem-Solving
- Communication & Reporting: Ability to write technical and management reports; strong oral and written communication skills.
- Self-Development: Pursues growth and drives personal development plans.
INVITATION
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates, to the email address indicated below:
Kindly copy your respective HCBP in the process of sending through your applications.
Deadline: 09th April 2025.
dfcu Bank is an equal opportunity employer. We do not discriminate on the basis of religion, age, citizenship, marital or family status, disability, or gender.
Only short-listed candidates will be contacted.
