IT RISK ANALYST

JOB PURPOSE

To lead information risk related review and advisory assignments across the Bank that will give objective and independent assurance that the bank’s Information Systems and ICT infrastructure are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.

KEY RESPONSIBILITIES

Execute, Review and Deepen the use of Risk Management Tools:

• i. Conduct proactive systems reviews/assessments/data analysis to identify possible vulnerabilities for timely corrective action.
• ii. Conduct risk assessments prior, during and after the implementation of bank strategic/business initiatives which includes tracking/monitoring the implementation of bank projects/business initiatives, active participation in implementation of bank IT projects and data analytics on performance of the same to inform business decisions.
• iii. Scan the Market/Industry and obtain information related to cyber/system risk and preparing a monthly report for sharing with management.
• iv. Track/monitor usage of risk tools (e.g. RCSAs, Risk Registers, KRIs Etc) within the Information Technology Department plus submission of the same to Risk Management Department within stipulated timeframes and conducting assurance reviews where appropriate and communicating test results to appropriate stakeholders.
• v. Driving/developing, managing and maintaining the bank’s incident management process and system plus associated procedures by ensuring that all units follow the incident management process for cyber/technology related incident.
• vi. Participate in the implementation of the bank’s Business Continuity Management Programme in line with the bank’s Business Continuity Management Policy
• vii. Participate in the development, review and monitoring of compliance to Bank Policies and Procedures.
• viii. Review of Information Systems audit reports and tracking implementation of the recommendations thereof.
• viii. Review of Information Systems audit reports and tracking implementation of the recommendations thereof.

b) Stakeholder Management:

• i. Maintain/ build relationships with all key stakeholders within the bank and assurance providers (internal and external audit, compliance and Bank of Uganda Examiners, etc.)
• ii. Provide appropriate risk training, awareness and education to staff and teams in the bank related to Cyber and system-based risks.

DAILY RESPONSIBILITIES: NOT MORE THAN 5 OF THE MOST TYPICAL

• Report writing i.e. Risk assurance reporting, Senior Management reporting including routine reporting for system analytical reviews as one of the daily activities to be done for all high-risk areas that have been agreed upon with the supervisor.
• Attend to enquires, information requests, trainings etc where applicable for business units.
• Attend to scheduled and some unscheduled business activities/meetings and any other duties as may be allocated by your supervisor/departmental head from time to time in line with the bank’s expectations.