Background

Reporting to the Chief Information Security Officer, the role holder will be responsible for ensuring the design, implementation, oversight, testing, and continuous improvement of cybersecurity controls. This role not only provides assurance that security measures, policies, and programs meet regulatory standards—including ISMS, PCI DSS, and Bank of Uganda requirements—but also actively drives the deployment and operationalization of these controls across the Bank.

Responsibilities

• Develop, implement, and enforce baseline security standards across all systems.
• Integrate security into the software development lifecycle and product design.
• Establish secure coding practices and ensure continuous security testing within CI/CD pipelines.
• Oversee vulnerability assessments, penetration testing, and red team simulations.
• Ensure timely remediation of identified risks and communicate critical findings to stakeholders.
• Lead vulnerability identification, prioritization, and recommendation on resolution.
• Report on key metrics and ensure compliance with risk appetite thresholds.
• Ensure effective lifecycle management of user identities, including provisioning, access reviews, and deprovisioning.
• Drive organization-wide awareness programs to strengthen security culture and reduce human risk.
• Lead third party security assessments and ongoing monitoring of vendors and partners in line with the security baseline standard.
• Maintain compliance with the ISMS (ISO 27001), PCI DSS, and all relevant regulatory requirements.
• Manage Bank of Uganda (BOU) quarterly reporting.
• Exercise oversight of enterprise technology governance, including cybersecurity and IT project governance—through the establishment of policies and standards, ongoing monitoring of compliance across technology initiatives, and management of governance issues to prevent control failures and recurrence.
• Manage internal and external audits, track findings, and oversee timely remediation to ensure no overdue findings, no failed validations and no repeat findings.
• Lead and mentor a high-performing cybersecurity team.
• Foster a culture of accountability, continuous improvement, and innovation.

Qualifications and Experience

• Bachelor’s Degree in Information Technology, Computer Science, or related field (Master’s preferred).
• Professional Certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor/Implementer.
• 5+ years of experience in cybersecurity, with at least 3 years in a leadership role.
• Strong knowledge of ISO27001 ISMS, PCI DSS, and regulatory compliance requirements.
• Experience in DevSecOps, vulnerability management, and penetration testing.
• Strong leadership and people management skills.
• Excellent understanding of cybersecurity frameworks and risk management.
• Exceptional communication and executive reporting skills.
• Ability to balance strategic planning with hands-on technical oversight.

• Develop, implement, and enforce baseline security standards across all systems.
• Integrate security into the software development lifecycle and product design.
• Establish secure coding practices and ensure continuous security testing within CI/CD pipelines.
• Oversee vulnerability assessments, penetration testing, and red team simulations.
• Ensure timely remediation of identified risks and communicate critical findings to stakeholders.
• Lead vulnerability identification, prioritization, and recommendation on resolution.
• Report on key metrics and ensure compliance with risk appetite thresholds.
• Ensure effective lifecycle management of user identities, including provisioning, access reviews, and deprovisioning.
• Drive organization-wide awareness programs to strengthen security culture and reduce human risk.
• Lead third party security assessments and ongoing monitoring of vendors and partners in line with the security baseline standard.
• Maintain compliance with the ISMS (ISO 27001), PCI DSS, and all relevant regulatory requirements.
• Manage Bank of Uganda (BOU) quarterly reporting.
• Exercise oversight of enterprise technology governance, including cybersecurity and IT project governance—through the establishment of policies and standards, ongoing monitoring of compliance across technology initiatives, and management of governance issues to prevent control failures and recurrence.
• Manage internal and external audits, track findings, and oversee timely remediation to ensure no overdue findings, no failed validations and no repeat findings.
• Lead and mentor a high-performing cybersecurity team.
• Foster a culture of accountability, continuous improvement, and innovation.

• Strong leadership and people management skills.
• Excellent understanding of cybersecurity frameworks and risk management.
• Exceptional communication and executive reporting skills.
• Ability to balance strategic planning with hands-on technical oversight.

• Bachelor’s Degree in Information Technology, Computer Science, or related field (Master’s preferred).
• Professional Certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor/Implementer.
• Strong knowledge of ISO27001 ISMS, PCI DSS, and regulatory compliance requirements.
• Experience in DevSecOps, vulnerability management, and penetration testing.