JOB PURPOSE
Provide an independent assurance to management, that established controls in respect to IT systems are operating as intended to ensure compliance with regulations and established Bank policies and procedures.
Drive Second Line of IT Assurance activities within the bank to ensure that businesses and support functions have deployed and are executing all necessary key controls in a manner which is consistent with Bank standards.
Ensure that the monthly Management Risk Committee process is e¬ective in the identification, assessment, mitigation, and monitoring of bank Information technology and Cyber risks.
KEY RESPONSIBILITIES /KEY DELIVERABLES
1. Conduct Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements, and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
2. Perform periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.
3. Identifying and evaluating business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
4. Providing guidance over the general activities and concerns of the organization’s information technology function including governance, policy, control design, general operational e¬ectiveness, and internal controls.
5. Liaise and coordinate with respective IT Risk champions, review IT risk and control self-assessments.
6. Maintain and follow up / track for closure all IT findings arising out of Risk, Internal Audit, External Audit and BOU reviews.
7. Monitoring and tracking IT risk events and following up associated actions plans to closure. Work with control owners to ensure control accuracy and remediate any issues related to control exceptions.
8. Maintain a forward-looking IT risk profile of the bank that captures the major risks, ensuring that risks that might impact multiple businesses and/or support functions are captured, and actions initiated to mitigate and control risks leading to a reduction in operational losses.
9. Ensure that sta¬ are adequately trained in IT Risk Management, policies, and procedures.
10. Ensure that controls and checks associated with IT Risk Management deployment are in place and are e¬ective.
11. Perform annual Quality Assurance Reviews of IT related Policies, Processes, and procedure manuals.
12. Oversight the Disaster Recovery Governance framework and Implementation.
13. Support in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk Indicators
14. Support in elements of IT Investigations.
15. Conduct IT Project Risk Assessments as and when required.
EDUCATION AND TRAINING
1. Bachelor’s degree in information systems technology, Computer Science, or Engineering, or equivalent experience required.
2. Must Possess at least one of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.
3. A professional qualification in CPA or ACCA or a master’s degree in a related field is an added advantage.
SKILLS AND EXPERIENCE
1. A minimum of 5 years Banking experience, 3 of which should be in a Supervisory / managerial position in IT Audit or IT Risk management.
2. Must have critical thinking, analytical, attention to detail and problem-solving skills to quickly stop threats of significance to the institution.
3. Good verbal and written communication skills
BUSINESS BEHAVIOURS
1. The ability to communicate clearly both verbally and in written form in a professional manner is deemed essential.
2. Ability to build functioning working relationships across organizational, corporate, and cultural boundaries.
3. Takes clear accountability and focuses on delivery of broader corporate goals.
4. Ability to take decisions and progress towards goals in conditions of uncertainty.
5. Ability to demonstrate positive image and role model PBU’s values and leadership behaviours.
6. Must be a person of impeccable integrity.
THE FOLLOWING DOCUMENTS SHOULD ACCOMPANY THE APPLICATION STRICTLY ONLINE:
1. Detailed CV
2. Certified copies of academic documents
3. Applicants address and day time telephone contacts
4. Postal/email address and daytime telephone contact of three referees of good standing in society one of which should be your current Supervisor.
Please send your application to hr@postbank.co.ug addressed to the Chief HR O¬fficer and put the job you are applying for as the Subject.
Applications must reach the address above by
Tuesday 28th February 2023 at 5.00pm
PostBank Uganda is an equal opportunity employer.
Only shortlisted candidates shall be contacted.