The IT Security Specialist - Governance, who reports to the Manager of Information Security, Governance, is in charge of keeping the organization's information security strong and always getting better They do this by overseeing important parts of IT security governance, such as identity and access management, cybersecurity awareness, third-party security, and making sure that security standards like ISO 27001 and PCI DSS are followed

Main Responsibilities

• Make sure that IAM policies, standards, and processes are in line with industry best practices and government rules
• Oversee the administration of user identities and access rights throughout their lives, including provisioning, de-provisioning, access reviews, and role-based access control (RBAC)
• Design, create, and deliver comprehensive cybersecurity awareness training programs for all employees, taking into account their specific jobs and levels of risk
• Create interesting communication tools, campaigns, and phishing tests to help build a strong security culture
• Keep an eye on and report on how well awareness campaigns are working, and find ways to make them better
• Do security checks on third parties and keep an eye on what they do and how they access your system
• Keep an eye on third-party security problems and the steps being taken to fix them
• Work with the legal and procurement teams to make sure that security standards are included in contracts and service agreements
• Set, write down, and enforce basic security baseline criteria for all IT systems, apps, networks, and infrastructure parts
• Work with technical teams to make sure these baselines are put in place and checked on a regular basis to make sure they are still being followed
• Create ways to measure and report on how well security baselines are being followed
• Lead the continual upkeep and improvement of the Information Security Management System (ISMS) in line with ISO 27001:2022 requirements
• Make sure that the Payment Card Industry Data Security Standard (PCI DSS) criteria are always met, including leading annual examinations and fixing problems
• Make, review, and alter information security policies, procedures, and guidelines to take into account new risks, technology, and changes in the law
• Organize and help with audits of information security inside and outside the company (for example, ISO 27001, PCI DSS, and regulatory audits)
• Be the main point of contact for audit engagements and make sure that findings are closed on schedule
• As required by law, make sure you send the Bank of Uganda accurate and timely quarterly reports on information security
• Create and give management detailed security reports and dashboards that show important security metrics, risks, compliance status, and plans for making things better

What you need to know, do, and have

Academic Qualifications

Experience

Other Skills and Qualifications

• A solid understanding of cybersecurity risk management frameworks and proven experience finding, evaluating, and reducing technology risks
• Knowledge of relevant cybersecurity laws, rules, company policies, and moral standards, especially when it comes to protecting and keeping private data
• You should know how to use ISO/IEC 27001 and PCI DSS in real life
• Showed that they can judge the design, strength, and dependability of security systems and know how changes in the environment or operations affect how well they work
• Good communication
• Analytical and inductive reasoning
• Finding solutions
• Managing Stakeholders
• Development on Your Own

Invitation

Please use the link below to apply if you think you satisfy the standards listed above: www.careers.dfcugroup.com When you arrive there, click on "Career Opportunities" to begin

 (For the best experience, we suggest using Google Chrome) Due Date: September 3, 2025 

We will only get in touch with those who are on the short list 

Please be aware that all of the terms and conditions for hiring that are listed in the HR Policies and Procedures Manual will apply