Manager – Technology & Cyber Risk

Empowering Africa’s tomorrow, together…one story at a time.

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

This role holder will be responsible for defining, implementing, and managing the information security strategy and programs to ensure that our financial operations, customer data, and brand reputation are protected. Main responsibilities includes regular technical vulnerability assessments across the enterprise IT internally and at critical supplier locations. In addition, the engagements and delivery of all security solutions to projects and giving recommendations to projects to minimize technical risks to the business.

Job Description

The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information and cyber security controls and management strategies to maintain the confidentiality, integrity, availability, accountability, and relevant compliance of information systems.

• Conduct Technical security risk assessments for defined business applications or IT installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls.
• Continuously assesses threats and vulnerabilities regarding information assets and recommends the appropriate technical security controls and measures.
• Define, recommend and manage cyber security controls for business initiatives and projects.
• Threat Vulnerability Assessments and Remediation Management
• Evaluate business requirements and assist with the secure design and solutioning of these requirements into system design and operation
• Provides reports to key stakeholders regarding the effectiveness of cyber security posture and makes recommendations for the adoption of new policies and procedures.
• Act as a subject matter expert (SME) in conducting vendor cyber risk assessments to improve overall vendor risk program.
• Oversee cyber security intelligence, incident response and cyber resilience management.
• Validate baseline security configurations for operating systems, applications, databases, networking and communications equipment in line with Group standards
• Engage with third-party vendors to evaluate new security products or as part of a security due diligence process.
• Develop and maintain Cyber Security Education & Awareness programmes.
• Provide regular updates on security trends, risks, and the overall posture of the organization.
• Monitor changes in local security legislation and ensure compliance.
• Prioritize investments based on risk assessment and business needs.
• Produce outline secure system designs and specifications and overall architectures, topologies, configuration databases and design documentation of networks and networking technology within the organisation.
• Specify user/system interfaces, including validation and error correction procedures, processing rules, access, security and audit controls, recovery routines and contingency procedures.
• Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Understand and manage risks and risk events (incidents) relevant to the role.
• Identify threats to information assets; identify vulnerabilities that could be exploited by the threats; identify existing controls; and identify potential consequences in various scenarios should threats exploit vulnerabilities. Take into consideration financial, operational, legal, reputational, and regulatory factors when identifying potential consequences.
•  Institute a process for assessing and monitoring changes in risk. Assessing the cyber and technology risks and determining whether they are aligned with the institution’s risk appetite and comprise a material risk for which a capital allocation should be made as part of the internal capital adequacy assessment process.
• Monitoring current and emerging risks and changes to laws and regulations.
• Collaborating with system administrators and others charged with safeguarding the information assets of the institution to ensure appropriate control design.
• Maintain comprehensive cyber risk registers: Identify and assess Key cyber and technology risks regularly. Risk identification should be forward looking and include the security incident handling.
• Ensure implementation of the cyber and technology risk management strategy.
• Ensure that a comprehensive inventory of Information assets, including their ownership and the roles and responsibilities of the staff managing these assets, classified by business criticality, is established and maintained. A Business Impact Analysis process is in place to regularly assess the business criticality of Information assets. Quantify the potential impact by assessing the residual cyber risk and considering risks that need to be addressed through insurance as a way of transferring cyber risk.
• Reporting all enterprise risks consistently and comprehensively to the board to enable the comparison of all risks equally in ensuring that they are prioritized correctly.
• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and internal Absa Policies and Policy Standards.

Person Specification

(Personal attributes essential to performing role: e.g. skills, competencies, expertise, knowledge, experience.  Note: experience not to be time-bound)

Education and experience required

• A Bachelor’s degree in Computer Science, Information Systems, Technology or a related field. A Master's degree or MBA will be an added advantage.
• Minimum of 8 years (Technical / Managerial) experience of combined hands-on Technology and Security hands-on work experience with a broad range of exposure to systems analysis, application development across technologies
• Recognized security certifications such as CISSP, CISM, CISA or equivalent.
• Possession of a professional penetration testing certifications e.g. OSCE / OSCP / GPEN is desirable.
• In-depth knowledge of security issues, techniques and implications across all existing computer, web, cloud and mobile platforms
• In-depth practical experience in designing and securing enterprise network infrastructure and solutions
• Solid understanding of technical architecture standards and secure design considerations
• Strong understanding of IT & cybersecurity risks and trends specific to the financial sector.
• Familiarity with regulatory standards and frameworks relevant to Uganda.
• Excellent communication, leadership, and stakeholder management skills.

Knowledge and skills: (Maximum of 6)

• Proven demonstrable experience in conducting Technical Security Assessments/Penetration testing across technology platforms
• In depth technical knowledge in the Networks/Databases/Mobile & Web Applications controls and  experience regarding their application and execution
• Practical experience in scripting programming languages.
• Working experience with Cyber tools and networking technologies e.g. IDS, IPS, Firewalls.
• In-depth knowledge of audit and control tools, techniques and practices.
• Aware of key banking platforms and processes.

Competencies: (Maximum of 8 competencies)

• Deciding and initiating action
• Learning and researching
• Entrepreneurial and commercial thinking
• Relating and networking
• Adapting and responding to change
• Persuading and influencing
• Creating and innovating

Education

Bachelors Degree and Professional Qualifications: Computer and Information Science (Required), Master's Degree