Risk Department,Uganda.IT Risk Analyst

Key Responsibilities

a) Execute, Review and Deepen the use of Risk Management Tools:

1. Conduct proactive systems reviews/assessments/data analysis to identify possible vulnerabilities for timely corrective action.
2. Conduct risk assessments prior, during and after the implementation of bank strategic/business initiatives which includes tracking/monitoring the implementation of bank projects/business initiatives, active participation in implementation of bank IT projects and data analytics on performance of the same to inform business decisions.
3. Scan the Market/Industry and obtain information related to cyber/system risk and preparing a monthly report for sharing with management. 
4. Track/monitor usage of risk tools (e.g. RCSAs, Risk Registers, KRIs Etc) within the Information Technology Department plus submission of the same to Risk Management Department within stipulated timeframes and conducting assurance reviews where appropriate and communicating test results to appropriate stakeholders.
5. Driving/developing, managing and maintaining the bank’s incident management process and system plus associated procedures by ensuring that all units follow the incident management process for cyber/technology related incident.
6. Participate in the implementation of the bank’s Business Continuity Management Programme in line with the bank’s Business Continuity Management Policy.
7. Participate in the development, review and monitoring of compliance to Bank Policies and Procedures.
8. Review of Information Systems audit reports and tracking implementation of the recommendations thereof.

B) Stakeholder Management:

1. Maintain/ build relationships with all key stakeholders within the bank and assurance providers (internal and external audit, compliance and Bank of Uganda Examiners, etc.)
2. Provide appropriate risk training, awareness and education to staff and teams in the bank related to Cyber and system-based risks.

Minimum Position Qualification Requirements

1. Academic & Professional

   Bachelor’s degree in information technology, Computer Science, Information Science, Information Systems, Information Security or related disciplines is required.Professional Certifications like CRISC, CISM, CISSP, CISA & related professional qualifications are an added advantage.Master’s degree in IT, MBA, Computer Science & related disciplines is an added advantage.
2. Experience

A Minimum of 3 Years’ Experience in Information Risk /or IT Security and/or IT Audits, Information Risk Reviews and Vulnerability Assessments Experience, Red Team Exercises and/or Penetration Testing Experience, Stakeholder management and Report writing.