IT Risk Officer I&M Bank Uganda

I&M Bank Uganda is a commercial bank headquartered at Kampala Road plot 6/6A with a growing regional presence. The Bank offers a wide range of commercial banking and financial products and services, and prides itself on introducing innovative products and services based on the needs of its customers. We are seeking to recruit a competent and highly motivated individual with extensive experience and abilities to support business growth in the following position:

JOB TITLE: IT Risk Officer

LOCATION: Head Office

REPORTS TO: IT Risk Manager

JOB PURPOSE
This position will lead the collaboration and implementation of IT Security Policies, Procedures, and Standards.

KEY RESPONSIBILITIES
• Conduct Information System risk assessments for new and existing systems, applications and programs to ensure compliance with the bank’s security policies, regulatory requirements and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Perform periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.
Identify and evaluate business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Provide guidance over the general activities and concerns of the organization’s information technology function including governance, policy, control design, general operational effectiveness and internal controls.
• Liaise and co-ordinate with respective Risk Champions, review IT risk and control self-assessments.
• Create and monitor IT key risk indicators.
• Monitor and track IT risk events and follow up on associated actions plans to closure. Work with control owners to ensure control accuracy and remediate any issues related to control exceptions.
• Identify and analyze emerging IT risks.
• Prepare management /executive reporting on IT Risks.
• Provide oversight over the bank’s Cyber security program

REQUIREMENT
Minimum Education Qualification:
• Bachelor of Arts in Information Systems, Information Technology, Computer Science, or Engineering (IT related course).
• Professional qualifications (Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification)
Part of full professional qualification in CPA or ACCA

Work Experience:
• Minimum of 2 years’ experience in Banking Operations, IT, IT Risk Management or IT Audit.
• Required Competencies (Knowledge, Skills & Abilities):
• Demonstrates proven success in a role that emphasizes the following: IT Risk Management, Governance and / or Technical Privacy.
• Demonstrates domain knowledge of IT infrastructure, application development / Software Development Lifecycle (SDLC) and / or information security.
Ability to effectively manage multiple competing priorities
• This position requires strong organizational skills, resourcefulness, good judgment, persistence and follow through, and the ability to influence and “effectively challenge” others.
• Demonstrates an ability to work in a collaborative environment and influence others
• Strong project management skillset.
• Detail oriented and strong communication skills