Background

The Uganda Electricity Distribution Company Limited (UEDCL) is a limited liability company incorporated in Uganda under the Companies Act. UEDCL owns the 33KV and below voltage electricity distribution networks. The company sales and distributes electricity in Uganda as per ERA License issued on 31 December 2024 covering over 135 political districts, operates a modern pole plant at Lugogo, and executes key rural electrification schemes on behalf of the Government of Uganda.

Job Purpose

To protect enterprise systems and data from cyber threats and ensure compliance with security standards.

Key Responsibilities

• Develop cybersecurity policies and frameworks.
• Monitor and respond to security incidents.
• Conduct vulnerability assessments.

Qualifications & Experience

• Bachelor's degree in Cyber Security, Information Security, Computer Science, Information Technology, Computer Engineering, or a related field.
• Relevant professional certification such as CISSP, CISM, CompTIA Security+, CEH, ISO/IEC 27001 Lead Implementer/Lead Auditor, Microsoft Security, Compliance and Identity, or equivalent is an added advantage.
• Minimum of 3-5 years' relevant experience in cyber security, information security, IT risk, security operations, or infrastructure security.
• Demonstrated experience in security monitoring, incident detection and response, vulnerability management, access control, endpoint security, network security, and log analysis.
• Good working knowledge of identity and access management, including MFA, privileged access control, role-based access, and account separation.
• Experience supporting or enforcing backup assurance, restore testing, disaster recovery, and business continuity controls.
• Familiarity with security awareness Programmes, phishing prevention, cyber reporting culture, and staff security behavior improvement.
• Understanding of security architecture and hardening principles, including segmentation, logging, alerting, evidence retention, secure remote access, recovery controls, and third-party security governance.
• Proficiency in use of security tools such as SIEM, EDR/antivirus, firewalls, vulnerability scanners, email security tools, and access management systems.
• Knowledge of cybersecurity frameworks, standards, and good practice, including ISO/IEC 27001, NIST Cybersecurity Framework, CIS Controls, and basic regulatory/compliance requirements.
• Ability to investigate incidents, prepare security reports, risk assessments, and remediation recommendations for both technical and non-technical stakeholders.
• Good understanding of Windows and Linux environments, cloud security basics, network concepts, and endpoint protection.
• Strong analytical, problem-solving, and documentation skills.
• High level of integrity, confidentiality, and ability to handle sensitive information.

Added Advantage

• Experience in a utility, telecom, banking, or other critical-service environment where resilience, continuity, and operational security are important.
• Exposure to SOC operations, incident response coordination, digital forensics support, phishing simulations, and cyber awareness campaigns.
• Experience supporting OT/IT environments, especially where segmentation, privileged access, logging, recovery assurance, and secure vendor access are required.

• Develop cybersecurity policies and frameworks.
• Monitor and respond to security incidents.
• Conduct vulnerability assessments.

• Security monitoring
• Incident detection and response
• Vulnerability management
• Access control
• Endpoint security
• Network security
• Log analysis
• Identity and access management (MFA, privileged access control, role-based access, account separation)
• Backup assurance, restore testing, disaster recovery, and business continuity controls
• Security awareness Programmes, phishing prevention, cyber reporting culture, and staff security behavior improvement
• Security architecture and hardening principles (segmentation, logging, alerting, evidence retention, secure remote access, recovery controls, third-party security governance)
• Proficiency in use of security tools (SIEM, EDR/antivirus, firewalls, vulnerability scanners, email security tools, access management systems)
• Knowledge of cybersecurity frameworks, standards, and good practice (ISO/IEC 27001, NIST Cybersecurity Framework, CIS Controls, basic regulatory/compliance requirements)
• Investigating incidents
• Preparing security reports, risk assessments, and remediation recommendations
• Understanding of Windows and Linux environments
• Cloud security basics
• Network concepts
• Endpoint protection
• Analytical skills
• Problem-solving skills
• Documentation skills
• Integrity
• Confidentiality
• Ability to handle sensitive information

• Bachelor's degree in Cyber Security, Information Security, Computer Science, Information Technology, Computer Engineering, or a related field.
• Relevant professional certification such as CISSP, CISM, CompTIA Security+, CEH, ISO/IEC 27001 Lead Implementer/Lead Auditor, Microsoft Security, Compliance and Identity, or equivalent is an added advantage.