QSSU - BK - ISSG- IT Security Specialist Governance

About this job:

Q-Sourcing Limited trading as Q-Sourcing Servtec is a manpower management solutions firm operating in the East African Region in the countries of Uganda Kenya Tanzania Rwanda and South Sudan.

On behalf of our client in Uganda in the Banking Sector we are looking for a competent and experienced IT Security Specialist Governance to work in Kampala Uganda.

Reports to : Manager Information Security Governance

Purpose of the Role:

IT Security Governance Specialist is responsible for maintaining and continually improving the organizations information security posture. The position is responsible for overseeing key aspects of IT security governance including identity and access management cybersecurity awareness third-party security and the enforcement of security standards. E.g. ISO 27001 and PCI DSS

KEY ACCOUNTABILITIES:

Identity and Access Management (IAM):

Develop implement and maintain IAM policies standards and procedures in alignment with industry best practices and regulatory requirements.

Oversee the lifecycle management of user identities and access privileges including provisioning de-provisioning access reviews and role-based access control (RBAC).

Cybersecurity Awareness:

Design develop and deliver comprehensive cybersecurity awareness training programs for all employees tailored to distinct roles and risk levels.

Develop engaging communication materials campaigns and phishing simulations to foster a strong security culture.

Track and report on the effectiveness of awareness programs and identify areas for improvement.

3rd Party security management

Conduct third party security assessments and ongoing monitoring of third-party access and activities.

Track third-party security exceptions and remediation efforts.

Collaborate with legal and procurement teams to ensure security requirements are integrated into contracts and service agreements.

Minimum Security Baseline Standards:

Define document and enforce minimum security baseline standards for all IT systems applications networks and infrastructure components.

Collaborate with technical teams to ensure these baselines are implemented and regularly reviewed for compliance.

Develop metrics and reporting mechanisms to track adherence to security baselines.

Maintenance of ISMS and PCI DSS Standards and Requirements:

Lead the ongoing maintenance and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards.

Ensure continuous compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements including leading annual assessments and remediation activities.

Develop review and update information security policies procedures and guidelines to reflect current threats technologies and regulatory changes.

Governance Risk and Compliance:

Coordinate and facilitate internal and external information security audits (e.g. ISO 27001 PCI DSS regulatory audits).

Work as a point of contact for audits engagements ensuring timely closing of findings.

Prepare and submit accurate and timely quarterly information security reports to the Bank of Uganda as per regulatory requirements.

Develop and present comprehensive security reports and dashboards to management highlighting key security metrics risks compliance status and improvement initiatives.

Contributes to planning of the enterprise information security budget.

Requirements

KNOWLEDGE SKILLS AND EXPERIENCE REQUIRED:

A minimum qualification of a bachelor s degree in computer science Information Technology or a related numerical sciences degree.

A master s degree is an added advantage

Information Security and /or Information Technology industry certification (CISSP CISM CEH CISA CRISC ISO27001 Lead implementor) is required

Minimum of 3 years of experience in information security.

Proven experience in identifying assessing and mitigating technology risks with a strong grasp of cybersecurity risk management frameworks.

Familiarity with relevant cybersecurity laws regulations organizational policies and ethical standards particularly related to data privacy and protection.

Working knowledge and practical application of ISO/IEC 27001 and PCI DSS standards.

Demonstrated ability to evaluate the design resilience and reliability of security systems and understand how environmental or operational changes impact their effectiveness.

Effective Communication

Analytical Thinking & Inductive Reasoning

Problem Solving.

Stakeholder Management

Self-Driven Development