Internal Controls Officer – Technology Dfcu Bank

dfcu Bank is a fast-growing Bank in Uganda offering a wide range of financial solutions to its chosen market segments. We are seeking to recruit for the position of Internal Controls Officer- Technology in the Operations (COO) Domain to support our expansion strategy.

REPORTING TO: Manager- Internal Controls (Ops, IT & Business)

JOB PURPOSE: Reporting to the Manager- Internal Controls (Ops, IT & Business), the role holder will be responsible for conducting independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. Works with technical teams and service providers to assess, identify and provide appropriate security mechanisms and solutions to be integrated into the bank’s systems operations and make recommendations for implementation.

LOCATION: Kampala

Key Accountabilities:
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Assess all the configuration management (change configuration/release management) processes including Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework and compliance process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Monitor targets and Key Risk Indicators across the IT related functions and report the violation of risk policy with proposal of appropriate measures.
• Facilitate and support the audit management process. Activities include coordinating IT based Audit assignments, audit issue consolidation, resolution, and closure.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network and ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated, as necessary.
• Monitor, document and ensure resolution of all cyber/ information security incidents, implement incident handling and escalation procedures, and report all incidents to IT Security Manager, standards and Architecture, Head BT, and Operational Risk.

QUALIFICATIONS, EXPERIENCE And COMPETENCIES REQUIRED:
• At least 5 years’ experience with a minimum of 3 years exposure to reviewing and advancing Information Security in a bank/ financial services environment.
• Experience in assessing and mitigating technology risk (Solid understanding of Risk Management processes).
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of the ISO 27002 Standard and PCI DSS.
• Knowledge of applicable business processes and operations of customer organizations.
• Knowledge of Cyber-Defense and vulnerability assessment tools and their capabilities.
• Knowledge of cryptography and cryptographic key management concepts.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in applying security controls.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Problem Solving.
• Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviors are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Problem Solving.
• Strategic Perspective – Establish priorities, challenging goals, and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviours are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.