Menu Close

KCB Bank Uganda Jobs 2021 – Information Security & Risk Manager

Job Title: Information Security & Risk Manager – KCB Bank Uganda Jobs 2021 

Organization: KCB Bank Uganda

Job Location: Kampala, Uganda



KCB Bank Uganda Profile:

KCB Bank Uganda which is part of KCB Group, East Africa’s largest commercial bank that was established in 1896. Over the years, the Bank has grown and spread its wings into Tanzania, South Sudan, Uganda, Rwanda and Burundi completing the East African circuit in the year 2012. Today, the Group has the largest branch network in the region with over 238 branches, 950 ATMs and 8,000 agents offering banking services on a 24/7 basis in East Africa. KCB Bank Uganda was established in the year 2007 and has grown to become one of Uganda’s top ten commercial banks. Currently KCB Bank Uganda has 14 branches complemented with 16 ATMs spread on Kampala Road, Commercial Plaza, Ben Kiwanuka, Luwum Street, Oasis Mall Sixth Street, Arua, Elgon Masaba, Fort Portal, Gulu, Hoima, Lira, Mbarara and Jinja that offer trade financing, corporate and retail banking services to customers



Job Summary

Reporting to the Head of Information Technology, the role will be responsible for maintaining and enhancing the security policies and standards to ensure all issues of security, risk and performance are fully addressed and to provide Information Security services to the Bank (e.g., Unauthorized access, cyber-attacks, etc.). The incumbent will also be tasked with upholding confidentiality, integrity, and availability of the information technology environment by ensuring responsibility for ongoing risk assessment, evaluation of appropriate security controls, development and monitoring of policies and standards, security awareness and proactive compliance with industry regulations related to information security.



Roles and responsibilities:

IT Security Management:

  • Protects systems by defining access privileges, control structures, and resources.
  • Define, Implement, and maintain policies, procedures, processes, standards, and guidelines for systems security administration and appropriate use.
  • Manage and ensure optimal security configurations of all servers/end point OS, Virtual environments, Databases, Middleware, Applications, Networks and end points.
  • Conduct research and make recommendations on systems security products, services, protocols, and standards in support of systems security continuous improvements.
  • Provide “ownership” of security incidents and problems through final resolution for the Bank’s servers/endpoint OS, Virtual environments, Databases, Middleware and Applications.
  • Provide systems security statistics and reports to aid in management decisions.
  • Maintain an inventory of security systems hardware and software equipment
  • Monitoring of systems security, resolving and escalating incidents appropriately.
  • Prepare and maintain systems security documentation and layouts.
  • Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
  • Determines security violations and inefficiencies by conducting periodic audits.
  • Record security incidences registered within the bank
  • Carry out security checks to ensure adherence to the security standards
  • Inspect the physical environment to identify any breaches in security
  • Ensure the bank’s employees are aware of cybersecurity issues, are trained in good cybersecurity practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others.
  • Adhere to SLA on TAT user requests
  • Respond to calls for assistance to provide IT Security technical support to return programs and systems to operational mode.

IT Risk Management:

  • Work closely with Information Technology professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.
  • Oversight of the vulnerability management program.
  • Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
  • Support the first line to design, implement, and maintain the organization’s cybersecurity plan and perform assurance checks on this plan.
  • Perform assessment of security controls and evaluate results relative to risk assessment.
  • Work with Information Technology and other business unit stakeholders during project and product development efforts to ensure that appropriate security controls are considered during vendor selection, development efforts and sign-off of security and risk assessments before deployment to production.
  • Monitor regulations and technology trends that affect financial institutions. Evaluate compliance and develop plans for compliance with regards to information security. Educate bank employees and act as a champion for compliance throughout the bank.
  • Work closely with the Bank Risk Management Department to ensure the integrity of Information Security controls in the business through enforcement of self-assessments (RCSA/KRIs) and giving prompt feedback to the first line of defence. Actively participate in a robust review and challenge process with technology inclined units on their Risk & Control Self Assessments and overall performance.
  • Follow up and ensure that all Technology related Internal/External Audit and BOU inspection findings have been fully resolved and that no repeat findings arise in subsequent audits.
  • Conduct periodic risk-based Unit assurance reviews to monitor how effective their risk management practices are and recommend for remedial actions where there are control weaknesses.
  • Support the bank’s digital strategy by performing the quality assurance role on bank projects while ensuring any risks/threats to the bank’s technology platforms are proactively identified and advised to the Head of IT or Head of Risk.
  • Coordination of the bank’s Business Continuity Management activities including review of the Disaster Recovery Plan, testing of this plan and quality assurance of the same. Ensure up to date IT Disaster Recovery runbooks.
  • Any other duty as may be assigned by the line manager.



Minimum Qualifications:

  • For the above position, the successful applicant should meet the following criteria;
  • Bachelor’s Degree – Information Technology, Computer Science, Computer Engineering, IT security or related field
  • Professional Qualifications – (ITIL, CISM, CISA, Security+, CASP, CCNA security or CISSP)
  • Certification in Cyber Security
  • Microsoft Server Operating Systems, AS400, Linux and UNIX
  • Risk Analysis/ Assessment experience


  • Banking Experience
  • Knowledge of Information security policies as well as applicable government regulations
  • Ability to influence at senior levels on matters relating to security and information risk
  • Systems and network security hands on experience
  • Positive attitude towards learning and development demonstrated by a record of continuing professional development
  • Application development skills
  • Risk Analysis/ Assessment experience
  • Security and Cybersecurity



How To Apply for KCB Bank Uganda Jobs 2021

If your career ambitions match the requirements of this exciting career opportunity, please visit our website and use the link below to log in to our Recruitment portal to submit your application with a detailed CV. Your cover letter should explain what you believe you can offer KCB Bank Uganda. Only shortlisted candidates will be contacted.

Deadline: 4th October 2021



For similar Jobs in Uganda today and great Uganda jobs, please remember to subscribe using the form below:


No employer should ask you for money in return for advancement in the recruitment process or for being offered a position. Please contact Fresher Jobs Uganda if it ever happens with any of the jobs that we advertise.

Posted in Banking Jobs In Uganda