Position: Officer, IT Security and Governance
Department: ICT Department
Reports To: Senior, IT Security and Governance
Responsible For: NA
Job Summary:
The Officer IT Security & Governance is responsible for ensuring the security and integrity of the bank’s information systems. This role involves implementing and maintaining security policies, conducting risk assessments, monitoring security incidents, and ensuring compliance with regulatory requirements. The officer will work closely with various departments to ensure the bank’s IT
infrastructure is secure and governance processes are in place.
Key Responsibilities:
1. Security Policy Implementation:
– Develop and enforce IT security policies and procedures.
– Monitor compliance with security policies and regulations.
– Conduct regular security audits and risk assessments.
– Manage and respond to security incidents and breaches.
– Stay updated with the latest security trends and threats.
2. Risk Management:
– Identify and assess IT security risks.
– Develop risk mitigation strategies.
– Implement security controls to protect sensitive information.
– Monitor and report on security risks and vulnerabilities.
– Conduct regular vulnerability assessments and penetration tests.
3. Compliance and Governance:
– Ensure compliance with regulatory requirements and standards.
– Maintain documentation of security policies and procedures.
– Conduct regular reviews and updates of security policies.
– Provide training and awareness programs on IT security.
– Liaise with auditors and regulatory bodies on security matters.
4. Incident Management:
– Develop and maintain incident response plans.
– Coordinate and manage security incident investigations.
– Analyze and report on security incidents and breaches.
– Implement corrective actions to prevent future incidents.
– Maintain a security incident log and reporting system.
5. Collaboration and Communication:
– Work with IT and other departments to ensure security policies are understood and followed.
– Provide guidance and support on security-related issues.
– Communicate security risks and incidents to management.
– Foster a culture of security awareness within the organization.
– Participate in security forums and industry groups.
Key Performance Indicators (KPIs):
Financials:
1. Reduction in costs associated with security breaches and incidents.
2. Cost-effectiveness of implemented security measures.
3. Budget adherence for security projects and initiatives.
4. Return on investment (ROI) for security investments.
5. Financial impact analysis of potential security risks.
Customer:
1. Customer satisfaction with security measures in place.
2. Number of customer complaints related to IT security.
3. Response time to customer security inquiries and issues.
4. Customer data breach incidents and their resolution time.
5. Customer trust and confidence in the bank’s security posture.
Processes:
1. Compliance rate with internal security policies and procedures.
2. Number of completed security audits and assessments.
3. Incident response time and resolution rate.
4. Frequency and effectiveness of security training programs.
5. Implementation and maintenance of security controls and measures.
People:
1. Staff awareness and adherence to security policies.
2. Employee participation in security training and awareness programs.
3. Reduction in human-related security incidents and breaches.
4. Employee feedback on security governance and policies.
5. Development and performance of the IT security team members
HOW TO APPLY:
If you believe you meet the requirements for any position above, please submit your application letter and CV to [email protected].
Applications should be addressed to;
Head Human Resource
Tropical Bank Ltd
Plot 27 Kampala Road
P.O. Box 9485 Kampala.
Closing date for receiving applications is: : Friday, 05 July, 2024
Please Note the following:
- 1. Candidates must put the Job tittle/position in the subject of email during submission of their application.
- 2. Tropical bank does not ask for money or rewards in exchange for Job opportunities.
- 3. Only shortlisted candidates will be contacted.