IT Security Specialist- Governance (1 Position)

Reporting to the Manager- Information Security, Governance, the IT Security Specialist- Governance is responsible for maintaining and continually improving the organization’s information security posture. The position is responsible for overseeing key aspects of IT security governance, including identity and access management, cybersecurity awareness, third-party security , and the enforcement of security standards. E.g. ISO 27001 and PCI DSS.

KEY ACCOUNTABILITIES:

Develop, implement, and maintain IAM policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
Oversee the lifecycle management of user identities and access privileges, including provisioning, de-provisioning, access reviews, and role-based access control (RBAC).
Design, develop, and deliver comprehensive cybersecurity awareness training programs for all employees, tailored to distinct roles and risk levels.
Develop engaging communication materials, campaigns, and phishing simulations to foster a strong security culture.
Track and report on the effectiveness of awareness programs and identify areas for improvement.
Conduct third party security assessments, and ongoing monitoring of third-party access and activities.
Track third-party security exceptions and remediation efforts.
Collaborate with legal and procurement teams to ensure security requirements are integrated into contracts and service agreements.
Define, document, and enforce minimum security baseline standards for all IT systems, applications, networks, and infrastructure components.
Collaborate with technical teams to ensure these baselines are implemented and regularly reviewed for compliance.
Develop metrics and reporting mechanisms to track adherence to security baselines.
Lead the ongoing maintenance and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001:2022 standards.
Ensure continuous compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements, including leading annual assessments and remediation activities.
Develop, review, and update information security policies, procedures, and guidelines to reflect current threats, technologies, and regulatory changes.
Coordinate and facilitate internal and external information security audits (e.g., ISO 27001, PCI DSS, regulatory audits).
Work as a point of contact for audits engagements ensuring timely closing of findings.
Prepare and submit accurate and timely quarterly information security reports to the Bank of Uganda as per regulatory requirements.
Develop and present comprehensive security reports and dashboards to management, highlighting key security metrics, risks, compliance status, and improvement initiatives.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

A minimum qualification of a Bachelor’s degree in computer science, Information Technology, or a related numerical Sciences degree.
A Master’s degree is an added advantage.
Information Security and /or Information Technology industry certification (CISSP, CISM, CEH, CISA, CRISC, ISO27001 Lead implementor) is required.
Minimum of 3 years of experience in information security.
Proven experience in identifying, assessing, and mitigating technology risks, with a strong grasp of cybersecurity risk management frameworks.
Familiarity with relevant cybersecurity laws, regulations, organizational policies, and ethical standards, particularly related to data privacy and protection.
Working knowledge and practical application of ISO/IEC 27001 and PCI DSS
Demonstrated ability to evaluate the design, resilience, and reliability of security systems, and understand how environmental or operational changes impact their effectiveness.
Effective Communication.
Analytical Thinking & Inductive Reasoning.
Problem Solving.
Stakeholder Management.
Self-Driven Development.