Chief Information Security Officer

Closing on: Jul 14, 2026

Job Purpose

To safeguard the organization’s information by developing, implementing, and maintaining a comprehensive Cyber security strategies to promote confidentiality and integrity of information, cyber security awareness and compliance, compliance with regulations, and industry standards, and to ensure that the Bank is protected from Cyber security incidents and breaches, and prevent future occurrences.

Key responsibilities:  Brief description of duties or the responsibilities.

❖Develop and Implement the Bank’s cybersecurity program and enforce the cyber and technology policy.

❖Maintains the Banks current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships.

❖Ensure that information systems meet the needs of the Bank, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the Bank.

❖Design cybersecurity controls with the consideration of users at all levels of the Bank, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).

❖Conduct regular security training sessions and workshops to enhance the security awareness and knowledge of employees across the organization.

❖Conduct regular and comprehensive cyber risk assessments.

❖Develop adequate processes for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.

❖Review and assess risks associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.

❖Periodically review the approved exceptions/deviations to ensure the residual risks remain at an acceptable level.

❖ Submit periodic reports to the CEO on, detailed exceptions to the approved cyber and technology policies and procedures, Assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the Bank during the period, and assessment of the confidentiality, integrity and availability of the information systems in the institutions.

❖ Timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.

❖ Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.

❖ Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.

❖ Identify and assess security risks, vulnerabilities, and threats, and develop appropriate risk mitigation strategies

❖ Engage with external partners, vendors, and industry peers to stay abreast of the latest security trends, technologies, and threats.

❖ Develop and implement a comprehensive security awareness program to educate bank employees on the principles of Zero Trust and their roles in maintaining a secure environment.

❖ Oversee the design, implementation, and operation of security controls and technologies to protect the bank’s infrastructure, applications, and data.

❖ Develop and maintain an incident response plan, ensuring the organization’s readiness to detect, respond, and recover from security incidents.

❖ Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.

❖ Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.

❖ Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.

❖ Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.

Safeguarding the confidentiality, integrity and availability of information.

Assets and financial matters responsibility: Quantitative factors for the job, such as equipment, finances (budget responsibility), consumable stocks, land and buildings and other major factors that indicate the scope and complexity of their job and specific level of responsibility.

None

Knowledge and Experience: Details here, the minimum knowledge and experience required for satisfactory job performance.

• Bachelor’s degree in computer science, Information Security, or a related field. A master’s degree is an added advantage.

•    Have a relevant industry recognized certification such as; CISSP, CIPP/E, CISM, CRISC or CISA.

  • A minimum of 5 years’ experience in Information Security or related roles ie IT Security Risk, IT Audit in a complex environment with 3years at managerial level preferably in a supervised financial institution.

Skills and Competencies: In addition to the experience and educational requirements listed above

  • Proven experience in leading and managing security operations, incident response, and risk management teams.
  • Experience in the financial industry or a similarly regulated environment is highly desirable.
  • Strong understanding of Zero Trust Architecture principles, concepts, and implementation strategies.
  • Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
  • Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
  • Experience with security tools such as SIEM, DLP, IDS/IPS, and vulnerability management systems
  • In-depth knowledge of cyber security principles, frameworks, and standards (e.g., NIST, ISO 27001, etc.)
  • Leadership and Team building
  • Interpersonal skills
  • Negotiation skills
  • Proactive and decisive

Communication: Communications skills required to perform in the job efficiently and effectively

Communication

Job holder is required to communicate with;

  • The Board
  • Senior Management
  • Branch management
  • All staff.
  • Service Providers
Job Category: Quality monitoring
Job Location: Kampala Uganda