Job Title:   Internal Controls Officer – Technology
Organisation: DFCU Bank
Duty Station: Kampala, Uganda
Reports to: Manager- Internal Controls (Ops, IT & Business)
About US:
DFCU Bank is a fast growing commercial bank offering a variety of innovative products and services. DFCU Limited was started by the Commonwealth Development Corporation (CDC) of the United Kingdom and the Government of Uganda through the Uganda Development Corporation (UDC) under the name of Development Finance Company of Uganda Limited. Later restructuring brought in DEG (of Germany) and International Finance Corporation (IFC) as equal partners with CDC and UDC, each having a 25% stake in the company. Its objective was to support long-term development projects whose financing needs and risk did not appeal to the then existing financial commercial lending institutions.
Job Summary: Reporting to the Manager- Internal Controls (Ops, IT & Business), the Internal Controls Officer – Technology will be responsible for conducting independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. Works with technical teams and service providers to assess, identify and provide appropriate security mechanisms and solutions to be integrated into the bank’s systems operations and make recommendations for implementation.
Key Duties and Responsibilities:
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Assess all the configuration management (change configuration/release management) processes including Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework and compliance process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Monitor targets and Key Risk Indicators across the IT related functions and report the violation of risk policy with proposal of appropriate measures.
- Facilitate and support the audit management process. Activities include coordinating IT based Audit assignments, audit issue consolidation, resolution, and closure.
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network and ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated, as necessary.
- Monitor, document and ensure resolution of all cyber/ information security incidents, implement incident handling and escalation procedures, and report all incidents to IT Security Manager, standards and Architecture, Head BT, and Operational Risk.
Qualifications, Skills and Experience:
- The applicant for the DFCU Bank Internal Controls Officer – Technology job must have five years of experience with a minimum of 3 years exposure to reviewing and advancing Information Security in a bank/ financial services environment.
- Experience in assessing and mitigating technology risk (Solid understanding of Risk Management processes).
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of authentication, authorization, and access control methods.
- Knowledge of the ISO 27002 Standard and PCI DSS.
- Knowledge of applicable business processes and operations of customer organizations.
- Knowledge of Cyber-Defense and vulnerability assessment tools and their capabilities.
- Knowledge of cryptography and cryptographic key management concepts.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Skill in applying security controls.
- Advanced Business Architectural & IT Security skills.
- Analytical Thinking & Inductive Reasoning.
- Planning and Organization.
- Problem Solving.
- Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
- Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
- Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
- Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
- Inspire Commitment –Actions and behaviors are consistent with words.
- Self-Development – Pursues positive change in self and organization. Drives own personal development plan.
- Advanced Business Architectural & IT Security skills.
- Analytical Thinking & Inductive Reasoning.
- Planning and Organization.
- Problem Solving.
- Strategic Perspective – Establish priorities, challenging goals, and measurements consistent with these goals and organizational vision.
- Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
- Good Communicator – Presents ideas effectively, clearly, and concisely both orally and in writing.
- Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
- Inspire Commitment –Actions and behaviours are consistent with words.
- Self-Development – Pursues positive change in self and organization. Drives own personal development plan.
How to Apply:
If you believe you meet the requirements as noted above, please forward your application with a detailed CV including present position and copies of relevant professional/academic certificates (University Transcript, O & A level), to the email address indicated below;
Vacanciesbank@dfcugroup.com
Deadline: 15th May 2023