About FINCA Uganda

FINCA Uganda is a subsidiary of FINCA Impact Finance and part of a network of 21 microfinance institutions and banks that provide socially responsible financial services that enable low – income individuals and communities to invest in the future. FINCA Uganda currently offers loans, savings and money transfer services in Uganda, one of the most competitive and dynamic microfinance markets in the world. FINCA is looking for a dynamic person to join their team of professionals as Information Security Manager. Details are highlighted as follows:

Summary

The Information Security Manager is responsible overseeing and implementing the institution’s cybersecurity program and enforcing the cyber and technology policy.

Key duties and responsibilities

• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, Software and hardware asset inventory including Network maps and Network utilization and performance data.
• Ensuring that the information systems align with the institutional needs, ICT strategy in particular information system development strategies and comply with the overall business strategies, risk appetite and ICT risk management policies of the institution while ensuring that application design development, and deployment meet FINCA Uganda’s security standards and providing cybersecurity expertise to all projects.
• Designing user-focused cybersecurity controls for all internal and external users, and developing recommendations for security improvements, including documenting the cybersecurity posture of third-party vendors and their services against FINCA Uganda services.
• Organizing professional cybersecurity trainings to enhance staff proficiency and ensure regular, comprehensive cyber risk assessments are conducted at least annually.
• Maintaining and managing security logs and incident response, collaborating with IT teams to design, test, and monitor effective cybersecurity controls.
• Ensuring that adequate processes are in place for monitoring IT systems for timely detection of cyber and technology events and incidents and supporting IT staff in resolving identified cyber incidents with proper response and reporting.
• Facilitating the implementation and maintenance of IT security controls, ensuring timely delivery of assigned security tasks and activities.
• Reviewing and assessing risks from exceptions/deviations to approved cyber and technology policies and procedures and obtaining senior management approval for risk assessments and ensure residual risks remain at acceptable level.
• Reporting to Management and Board Risk Committees on the effectiveness of information systems, approved cybersecurity program, exceptions to the cyber and technology policies and procedures, and significant cyber or technology incidents that affected the institution during the period.
• Ensuring timely update of the incident response mechanism and Business Continuity Plan using the latest cyber threat intelligence gathered and applying scenario analysis to assess potential cyber-attack, mitigating actions, and identifying potential control gaps.
• Ensuring frequent data backups of critical IT systems are carried out to a separate storage location.
• Ensuring the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Coordinating the continuous testing of disaster recovery and Business Continuity Plans arrangements to ensure that the institution can operate and meet its regulatory obligations during cyber incidents
• Safeguarding confidentiality, integrity and availability of information.
• Leading FINCA Uganda’s data protection and privacy efforts by serving as the primary contact for staff, regulators, and public bodies; collaborating with Compliance function to train and raise awareness among employees; conducting routine compliance audits; advising on projects and privacy impact assessments; ensuring IT systems comply with relevant data protection laws, including data retention and destruction; maintaining records of data assets, processing activities, and security incidents; and promoting a culture of data protection across the organization.

Competencies

To perform the job successfully, an individual should demonstrate the following competencies:

• Excellent at Analytics and reporting
• Security acumen
• Good communication and presentation skills
• High Integrity/Ethics
• Virtual team working and keeping good relationships is paramount

Qualifications and Experience

• Bachelor’s degree in computer science, Cybersecurity, Management Information systems, Business Administration or related field. Master’s degree will be an added advantage
• 5 years of demonstrated experience in Information Security, Risk Management in a Microfinance or Banking Organization, Financial Technology or Financial services company.
• Working knowledge of national and international security regulatory compliances and frameworks such as ISO 27001, NIST, COBIT and PCI DSS; Industry Certifications in CISSP, CISM, SANS GIAC, CBCI; and Security Vendor Certifications e.g Cisco, TrendMicro, Splunk, Qualys is a plus.

• Ensuring that the institution maintains a current enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships, Software and hardware asset inventory including Network maps and Network utilization and performance data.
• Ensuring that the information systems align with the institutional needs, ICT strategy in particular information system development strategies and comply with the overall business strategies, risk appetite and ICT risk management policies of the institution while ensuring that application design development, and deployment meet FINCA Uganda’s security standards and providing cybersecurity expertise to all projects.
• Designing user-focused cybersecurity controls for all internal and external users, and developing recommendations for security improvements, including documenting the cybersecurity posture of third-party vendors and their services against FINCA Uganda services.
• Organizing professional cybersecurity trainings to enhance staff proficiency and ensure regular, comprehensive cyber risk assessments are conducted at least annually.
• Maintaining and managing security logs and incident response, collaborating with IT teams to design, test, and monitor effective cybersecurity controls.
• Ensuring that adequate processes are in place for monitoring IT systems for timely detection of cyber and technology events and incidents and supporting IT staff in resolving identified cyber incidents with proper response and reporting.
• Facilitating the implementation and maintenance of IT security controls, ensuring timely delivery of assigned security tasks and activities.
• Reviewing and assessing risks from exceptions/deviations to approved cyber and technology policies and procedures and obtaining senior management approval for risk assessments and ensure residual risks remain at acceptable level.
• Reporting to Management and Board Risk Committees on the effectiveness of information systems, approved cybersecurity program, exceptions to the cyber and technology policies and procedures, and significant cyber or technology incidents that affected the institution during the period.
• Ensuring timely update of the incident response mechanism and Business Continuity Plan using the latest cyber threat intelligence gathered and applying scenario analysis to assess potential cyber-attack, mitigating actions, and identifying potential control gaps.
• Ensuring frequent data backups of critical IT systems are carried out to a separate storage location.
• Ensuring the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Coordinating the continuous testing of disaster recovery and Business Continuity Plans arrangements to ensure that the institution can operate and meet its regulatory obligations during cyber incidents
• Safeguarding confidentiality, integrity and availability of information.
• Leading FINCA Uganda’s data protection and privacy efforts by serving as the primary contact for staff, regulators, and public bodies; collaborating with Compliance function to train and raise awareness among employees; conducting routine compliance audits; advising on projects and privacy impact assessments; ensuring IT systems comply with relevant data protection laws, including data retention and destruction; maintaining records of data assets, processing activities, and security incidents; and promoting a culture of data protection across the organization.

• Excellent at Analytics and reporting
• Security acumen
• Good communication and presentation skills
• High Integrity/Ethics
• Virtual team working and keeping good relationships is paramount

• Bachelor’s degree in computer science, Cybersecurity, Management Information systems, Business Administration or related field. Master’s degree will be an added advantage
• 5 years of demonstrated experience in Information Security, Risk Management in a Microfinance or Banking Organization, Financial Technology or Financial services company.
• Working knowledge of national and international security regulatory compliances and frameworks such as ISO 27001, NIST, COBIT and PCI DSS; Industry Certifications in CISSP, CISM, SANS GIAC, CBCI; and Security Vendor Certifications e.g Cisco, TrendMicro, Splunk, Qualys is a plus.