IT Risk Officer job at Cairo Bank Uganda | Apply Now

IT Risk Identification & Assessment

• Identify and evaluate IT-related risks including cybersecurity threats, data privacy breaches, system vulnerabilities, and operational disruptions.

• Conduct IT risk assessments and analysis to determine potential impact on the Bank’s operations.

• Perform regular user access reviews and systems/network recertifications.

IT Risk Monitoring & Reporting

• Monitor Key Risk Indicators (KRIs), threat intelligence, and control effectiveness.

• Prepare and present regular risk reports to senior management and governance committees, including the IT Steering Committee, Risk Management Committee, and Executive Committee.

• Revalidate and review Risk Control Self-Assessments (RCSAs) for IT & Cybersecurity units.

Risk & Control Evaluation

• Assess effectiveness of IT policies, controls, and procedures; recommend improvements and ensure timely implementation.

• Review audit reports, penetration testing results, and ensure closure of findings.

• Evaluate implementation and updates of security controls including firewalls, encryption, MFA, and patches.

Incident & Threat Management

• Manage and oversee response to cybersecurity incidents and data breaches.

• Conduct root cause analysis and recommend corrective actions to prevent recurrence.

Policy & Framework Development

• Support the development and maintenance of IT risk management policies, procedures, and standards.

• Ensure alignment with regulatory frameworks (e.g., BOU Cybersecurity Guidelines) and global best practices.

• Collaborate with IT and Cybersecurity units to update and disseminate policies regularly.

Awareness & Training

• Lead training programs to build IT risk awareness across staff.

• Keep teams informed on emerging threats and IT security trends.

Vendor & Third-Party Risk Management

• Assess and monitor third-party IT vendors’ compliance with Bank security standards.

• Ensure contract obligations and service-level security requirements are met.

Regulatory Compliance

• Ensure adherence to all applicable IT and cybersecurity regulatory requirements.

• Support internal and external audits and regulatory reviews.

Continuous Improvement & Industry Engagement

• Stay current with evolving threats, regulatory changes, and best practices.

• Recommend updates to the IT risk framework accordingly.

• Represent the Bank in relevant industry forums such as UBA IT Steering Committee and report insights to management.

Change Management

• Perform regular IT risk reviews during change processes and report findings.

Business Continuity Management (BCM)

• Develop and maintain Business Continuity Plans (BCPs) covering data backups, disaster recovery, and emergency response protocols.

• Conduct and coordinate regular BCM drills, BIAs, and staff sensitization sessions.

• Ensure documentation aligns with regulatory and audit requirements.