Manager – IT Governance & Controls

JOB PURPOSE

• The Manager – IT Governance & Controls is responsible for leading the governance, assurance, control oversight, and regulatory compliance functions of the IT Security & Governance department. • The role ensures the Bank maintains an effective and measurable cybersecurity governance framework aligned to business growth, digital transformation, regulatory obligations, and enterprise risk appetite. • The role acts as the Bank’s focal point for cybersecurity governance, policy management, integrated assurance, control maturity, security architecture governance, and technology risk oversight across internal systems, digital platforms, third-party ecosystems, and strategic technology initiatives. KEY RESPONSIBILITIES /KEY DELIVERABLES

Develop, implement, and continuously improve the Bank’s cybersecurity governance framework, ensuring alignment with business strategy, regulatory obligations, and enterprise risk appetite. • Own and manage the lifecycle of cybersecurity policies, standards, baselines, procedures, and control frameworks, ensuring they remain current and aligned to industry’s best practices. • Ensure alignment and compliance with applicable regulatory and security frameworks, including ISO/IEC 27001:2022, PCI DSS v4.0, Bank of Uganda Cyber & Technology Risk Guidelines, Data Protection and Privacy laws, SWIFT CSP, NIST Cybersecurity Framework, and other relevant standards. • Lead the planning, coordination, and management of cybersecurity audits, regulatory inspections, certifications, and assurance reviews, including internal audits, external audits, and supervisory examinations. • Coordinate evidence collection, control validation, remediation tracking, and closure of audit findings, ensuring timely resolution and reduction of repeat findings

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES REQUIRED

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, Information Systems, Business Information Technology, or a related discipline. • Postgraduate qualification in cybersecurity, information security, technology risk, governance, or business administration will be an added advantage. • Professional certifications in cybersecurity, governance, audit, or risk management will be an added advantage, including ISO/IEC 27001 Lead Implementer or Lead Auditor, ISACA CISM, CRISC, CISA, ISC2 CISSP, PCI DSS, Data Protection, Cloud Security, or related certifications • Candidates who are actively pursuing relevant professional certifications and demonstrate commitment to continuous professional development will be strongly considered. • Minimum 3 years of experience in information security, IT governance, technology risk, audit, compliance, infrastructure, application security, or related technology functions. • Experience working within banking, financial services, fintech, telecommunications, or other regulated environments will be an added advantage. • Exposure to information security frameworks, regulatory compliance, technology risk management, internal controls, audit processes, or policy management. • Foundational understanding of governance and control frameworks such as: • ISO 27001, PCI DSS, NIST CSF, COBIT, SWIFT CSP, Data Protection and Privacy requirements. • Exposure to technology environments such as: Enterprise infrastructure, Cloud platforms, Digital channels, Identity and access management, Vendor or thirdparty technology integrations • Experience participating in audits, remediation programs, risk assessments, policy reviews, project governance, or technology control reviews. • Ability to analyse risks, challenge constructively, and translate technical issues into business-focused recommendations